Virus

lockenkopf · 03.07.2008, 08:50

Hey Leute,
Mein PC spinnt grad voll rum. Unten in der Systemleiste steht fett: VIRUS ALERT! und ich kann nicht auf meine Daten zu greifen.
Mein PC müllt mich zu über irgendwelche Seiten wo man virenscanner findet die einen am besten helfen können. Ausserdem kommt ständing die Warnung "Spyware Alert" und da steht dann das ich den Virus "Worm.Win32.NetBooster" hab-
achja, kann mir jemand verraten wie man Internet Explorer blockt, dass er gar nicht mal starten kann, weil der startet immer von alleine und müllt mich zu mit Seiten, wo (angeblich) gute Antiviren scanner sind.

Hijackthis Log folgt noch!

Spyware Terminator Log:
Logfile of Spyware Terminator v2.2.3.444 (db:2.007.002.000)
Scan Time: 03.07.2008 09:25:17 length: 187 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 30874 (Critical:9)
Filter: No System items, No Safe items, No Invalid items

Running Processes
sched.exe [Avira GmbH] : C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
avguard.exe [Avira GmbH] : C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
AppleMobileDeviceService.exe [Apple, Inc.] : C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
mDNSResponder.exe [Apple Inc.] : C:\Programme\Bonjour\mDNSResponder.exe
avgnt.exe [Avira GmbH] : C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
btdna.exe [BitTorrent, Inc.] : C:\Programme\DNA\btdna.exe
iPodService.exe [Apple Inc.] : C:\Programme\iPod\bin\iPodService.exe
AppleMobileDeviceHelper.exe : C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
distnoted.exe : C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\distnoted.exe
avscan.exe [Avira GmbH] : C:\Programme\avira\antivir personaledition classic\avscan.exe

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings, ProxyOverride = *.local
R - HKLM\System\CurrentControlSet\Services\Tcpip\Param eters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Tel ephony, DomainName =

BHO
02 - BHO: - {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8} - : C:\WINDOWS\system32\xxyWmMcY.dll
02 - BHO: - {36EB2907-7500-4282-AF6E-B71B63C95299} - : C:\WINDOWS\system32\mlJDsSji.dll
02 - BHO: QXK Olive - {5A31FA1E-5EB1-493D-AF19-8E80D13F71FF} - : C:\WINDOWS\kgqfweltrmp.dll

Toolbars
03 - Toolbar: nqgpedlr - {1F98C59B-DB4B-454B-98C8-95D0668B11A6} - : C:\WINDOWS\nqgpedlr.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , MySpaceIM : : C:\Programme\MySpace\IM\MySpaceIM.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , BitTorrent DNA : [BitTorrent, Inc.] : C:\Programme\DNA\btdna.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , avgnt : [Avira GmbH] : C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , 20625b85 : : C:\WINDOWS\system32\gkgsaocl.dll

Shell Extensions
Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} - [Avira GmbH] : C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Programme\WinRAR\rarext.dll
- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - [Sun Microsystems, Inc.] : C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
- {087B3AE3-E237-4467-B8DB-5A38AB959AC9} - [Sun Microsystems, Inc.] : C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
- {63542C48-9552-494A-84F7-73AA6A7C99C1} - [Sun Microsystems, Inc.] : C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
- {3B092F0C-7696-40E3-A80F-68D74DA84210} - [Sun Microsystems, Inc.] : C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - [Apple Inc.] : C:\Programme\iTunes\iTunesMiniPlayer.dll

Shell Extecute Hooks
- {{1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}} - : C:\WINDOWS\system32\xxyWmMcY.dll

Shell Service Objects
- {okmdepgb} - : C:\WINDOWS\okmdepgb.dll
- {axrfgvek} - : C:\WINDOWS\axrfgvek.dll

Services
23 - [Avira GmbH] : C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
23 - [Avira GmbH] : C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
23 - [Apple, Inc.] : C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23 - [Avira GmbH] : C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys
23 - [Avira GmbH] : C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
23 - [Avira GmbH] : C:\WINDOWS\system32\DRIVERS\avipbb.sys
23 - [Apple Inc.] : C:\Programme\Bonjour\mDNSResponder.exe
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\e100b325.sys
23 - [GEAR Software Inc.] : C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
23 - [LogMeIn, Inc.] : C:\WINDOWS\system32\DRIVERS\hamachi.sys
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23 - [Apple Inc.] : C:\Programme\iPod\bin\iPodService.exe
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfdrv01.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfhlp02.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfvfs02.sys
23 - [AVIRA GmbH] : C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23 - [SigmaTel, Inc.] : C:\WINDOWS\system32\drivers\sthda.sys

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName : [Intel Corporation] : C:\WINDOWS\system32\igfxdev.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyWmMcY, DLLName : : C:\WINDOWS\system32\xxyWmMcY.dll

System Policies
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer, NoToolbarCustomize : :
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegistryTools : :
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, NoDispCpl : :
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableTaskMgr : :

Threat Files
<Adware.Agent.PB.14> : C:\WINDOWS\okmdepgb.dll
<Adware.Vapsup.gen> : C:\WINDOWS\nqgpedlr.dll
<Adware.RogueLinks> : C:\Dokumente und Einstellungen\Jaunty_Locke\Favoriten\Error Cleaner.url
<Adware.RogueLinks> : C:\Dokumente und Einstellungen\Jaunty_Locke\Favoriten\Privacy Protector.url
<Adware.RogueLinks> : C:\Dokumente und Einstellungen\Jaunty_Locke\Favoriten\Spyware&Malwa re Protection.url

Advanced Files Report
%PROGRAMFILES%\Bonjour\mdnsNSP.dll [Apple Inc.] [Bonjour] MD5=EDDEC321B128328BC370A5447F7F8D69 SIZE=147456
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\sched.exe [Avira GmbH] [AntiVir Workstation] MD5=1C51917C9B30530A781F438F6A4AC49F SIZE=68865
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\schedr.dll [Avira GmbH] [AntiVir Workstation] MD5=342FF20064335DD03AA2EE067D15E695 SIZE=8449
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avevtlog.dll [Avira GmbH] [AntiVir Workstation] MD5=3A5874F76D8EA78F5AB0B158191C1EE4 SIZE=114945
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\sqlite3.dll [SQLite Database] MD5=A467ACDA6C73AE3F8DBC6B94602921B5 SIZE=339968
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avguard.exe [Avira GmbH] [AntiVir Workstation] MD5=3D87AB245DAEF20865D590978073DD2A SIZE=147201
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\guardmsg.dll [Avira GmbH] [AntiVir Workstation] MD5=B01EF25E8D00DB7144285E81281B2F6E SIZE=54017
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\AVPREF.DLL [Avira GmbH] [AntiVir Workstation] MD5=372A0B57A99ED12740C6DE6B74DBDEFB SIZE=25857
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\SMTPLIB.DLL [Avira GmbH] [AntiVir Workstation] MD5=F2D83E33EC3F82835FA631F8FF2CCE64 SIZE=28929
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\AVGIO.DLL [Avira GmbH] MD5=7769B062FBEB74A07D47509B4140383A SIZE=124161
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aecore.dll [Avira GmbH] [AVCORE] MD5=01372E61AE16EE639D2242419E324026 SIZE=168310
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aevdf.dll [Avira GmbH] [AVVDF] MD5=C9FFFD5005F4FE7131DF6128E98E3A6A SIZE=102772
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aescript.dll [Avira GmbH] [AVSCRIPT] MD5=5A36E9B0E5CEE68A0C1EEF4479C6C977 SIZE=278907
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aescn.dll [Avira GmbH] [AVSCN] MD5=75E7A6935F8FDC62FA39F51C3691662C SIZE=119157
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aerdl.dll [Avira GmbH] [AVRDL] MD5=352C02CD46F42A12635297AB0AA7BFC6 SIZE=418165
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aepack.dll [Avira GmbH] [AVPACK] MD5=BCD6FA595D63767A5BD8B42B345EEFE4 SIZE=364918
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\unacev2.dll [ACE Compression Software] [UNACE - freeware ACE extraction component] MD5=DE02C4D04088B69E64ECC30A3D9E22E5 SIZE=77312
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeoffice.dll [Avira GmbH] [AVOFFICE] MD5=AD7E54BBBB52CADC6D8BCA257100FCDD SIZE=192891
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeheur.dll [Avira GmbH] [AVHEUR] MD5=084D3B194FDC04CFC98B8BABA67B372C SIZE=1274231
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aehelp.dll [Avira GmbH] [AVHELP] MD5=83BAC707A4B7682201A1EB9766B54CEB SIZE=115063
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aegen.dll [Avira GmbH] [AVGEN] MD5=BA1114DD91AD58240453D7F6BF8974AD SIZE=307573
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeemu.dll [Avira GmbH] [AVEMU] MD5=4496EA2C81F57277CB675A9AD3F81923 SIZE=430451
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avipc.dll [Avira GmbH] [AntiVir Workstation] MD5=922EE25E719104E6D0E166451118E9F4 SIZE=73985
%COMMONFILES%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [Apple, Inc.] [Apple Mobile Device Service] MD5=1961CB10BB48EB4D97E37DB6373E9E63 SIZE=110592
%PROGRAMFILES%\Bonjour\mDNSResponder.exe [Apple Inc.] [Bonjour] MD5=CFD4C3352E29A8B729536648466E8DF5 SIZE=229376
%SYSDIR%\hccutils.DLL [Intel Corporation] [Intel(R) Common User Interface] MD5=C750B2D3CD45955D39AF207B4D1FA937 SIZE=73728
%SYSDIR%\igfxsrvc.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=513E016ABD4BD3B4E64BBE185D9C51B1 SIZE=57344
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\cclib.dll [Avira GmbH] [AntiVir Workstation] MD5=18F68A243BDA79BBA9D01FA39ECE8598 SIZE=160001
%PROGRAMFILES%\avira\antivir personaledition classic\ccgen.dll [Avira GmbH] [AntiVir Workstation] MD5=B9875A5471B3CF425BAAF9B3CE813A9C SIZE=270593
%PROGRAMFILES%\avira\antivir personaledition classic\ccgenrc.dll [Avira GmbH] [AntiVir Workstation] MD5=D37077935290CB5D8F4C4A513C0C786F SIZE=18689
%PROGRAMFILES%\avira\antivir personaledition classic\ccguard.dll [Avira GmbH] [AntiVir Workstation] MD5=3E1F96DE993B8D6E87ACF9146F9DF0D9 SIZE=217345
%PROGRAMFILES%\avira\antivir personaledition classic\ccgrdrc.dll [Avira GmbH] [AntiVir Workstation] MD5=78DC14801CFC1140E9A508C3803EA6A6 SIZE=21249
%PROGRAMFILES%\avira\antivir personaledition classic\ccupdate.dll [Avira GmbH] [AntiVir Workstation] MD5=E19C269071C08D9D30D91CE896480CA6 SIZE=114945
%PROGRAMFILES%\avira\antivir personaledition classic\ccupdrc.dll [Avira GmbH] [AntiVir Workstation] MD5=B82D07D20805E25873D9A11B35098021 SIZE=13057
%PROGRAMFILES%\avira\antivir personaledition classic\cclic.dll [Avira GmbH] [AntiVir Workstation] MD5=708A5119B4C625B1AD300CD351A61F9B SIZE=61697
%PROGRAMFILES%\avira\antivir personaledition classic\cclicrc.dll [Avira GmbH] [AntiVir Workstation] MD5=2AF91832252AFE6EAD47268D15359DBC SIZE=5889
%PROGRAMFILES%\avira\antivir personaledition classic\ccmsg.dll [Avira GmbH] [AntiVir Workstation] MD5=61DFF7D04472B97F33D66BF0934A4D48 SIZE=155905
%PROGRAMFILES%\iTunes\iTunesHelper.Resources\de.lp roj\iTunesHelperLocalized.DLL [Apple Inc.] [iTunes] MD5=42A0008E62279DEEE0ADA451EE46C0F3 SIZE=43520
%PROGRAMFILES%\iTunes\iTunesHelper.Resources\iTune sHelper.DLL [Apple Inc.] [iTunes] MD5=907F93073C1ADD94A7C6BC4CB1C8129E SIZE=42496
%PROGRAMFILES%\QuickTime\QTSystem\QuickTime.qts [Apple Inc.] [QuickTime] MD5=2E9074231AE7D0BE05A25745D0A7B587 SIZE=17285120
%COMMONFILES%\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll [Apple Inc.] [iTunesMobileDevice] MD5=2A2920D0EF665A6CCE0DA9C9AAC85777 SIZE=1110016
%PROGRAMFILES%\iTunes\iTunes.Resources\iTunesRegis try.DLL [Apple Inc.] [iTunes] MD5=B60A0E6C52D942DB670A7F58A4F5FA0B SIZE=99328
%PROGRAMFILES%\iTunes\iTunes.Resources\de.lproj\iT unesLocalized.DLL [Apple Inc.] [iTunes] MD5=3B979BE1CBD666540E99251DF234F618 SIZE=118784
%PROGRAMFILES%\iTunes\iTunes.Resources\iTunes.DLL [Apple Inc.] [iTunes] MD5=85DA1980F335C436CEBD74D9ECDEFCE2 SIZE=150528
%PROGRAMFILES%\QuickTime\QTSystem\CoreVideo.qtx [Apple Computer, Inc.] [QuickTime] MD5=8BBA83E39B64133BDD69D887F76A597D SIZE=323584
%PROGRAMFILES%\QuickTime\QTSystem\QuickTime3GPP.qt x [Apple Inc.] [QuickTime] MD5=31A10A5C65EA0937C84C7BEE70C4951B SIZE=352256
%PROGRAMFILES%\QuickTime\QTSystem\QuickTime3GPPAut horing.qtx [Apple Inc.] [QuickTime] MD5=F82D4F887A23D3EC72B76F7BBEEF46D5 SIZE=499712
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeAudioSu pport.qtx [Apple Inc.] [QuickTime] MD5=39FC2A23A59173DA35CCB93EE87977A6 SIZE=2752512
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeAuthori ng.qtx [Apple Inc.] [QuickTime] MD5=BED862675380DC34AA2FA01BB5610908 SIZE=2260992
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeCapture .qtx [Apple Inc.] [QuickTime] MD5=4A65C3C11CEDC96FC11F7CB0DC721536 SIZE=319488
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeEffects .qtx [Apple Inc.] [QuickTime] MD5=DFAF31D247C37C87691D9B21B54D5B57 SIZE=577536
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeEssenti als.qtx [Apple Inc.] [QuickTime] MD5=9E044BFE6BAE78758AADAC45BD59FB19 SIZE=323584
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeH264.qt x [Apple Inc.] [QuickTime] MD5=00B3C98908F5C59FEB01DF01AB0FD0A4 SIZE=3547136
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeImage.q tx [Apple Inc.] [QuickTime] MD5=234FB682C1C2882E2146A9B94DE2D513 SIZE=978944
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeInterne tExtras.qtx [Apple Inc.] [QuickTime] MD5=FF513DB14933F8C308D21F15554BCF86 SIZE=929792
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeMPEG.qt x [Apple Inc.] [QuickTime] MD5=257A68B12B9ED1EF49B70AF80DF9B149 SIZE=462848
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeMPEG4.q tx [Apple Inc.] [QuickTime] MD5=D87E7B07885D4DFC6D7F91E47B5C1232 SIZE=348160
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeMPEG4Au thoring.qtx [Apple Inc.] [QuickTime] MD5=7876C0833CA7B0DF9AC15D478339B58F SIZE=581632
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeMusic.q tx [Apple Inc.] [QuickTime] MD5=5C4EFFFB28D2D739421BF654E0D61ECA SIZE=512000
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeQD3D.qt x [Apple Inc.] [QuickTime] MD5=FA76F99319A4C37995A0A1DDE0C0577B SIZE=241664
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeStreami ng.qtx [Apple Inc.] [QuickTime] MD5=2EAED2B0BE8104229DFB05426597A342 SIZE=872448
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeStreami ngAuthoring.qtx [Apple Inc.] [QuickTime] MD5=B8296D8B8B5979528F871E009A08E3CC SIZE=356352
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeStreami ngExtras.qtx [Apple Inc.] [QuickTime] MD5=F9788269E82725EDE815CB6C7845C698 SIZE=163840
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeVR.qtx [Apple Inc.] [QuickTime] MD5=9D3AE64831D4022D51C6CC36171491B4 SIZE=876544
%SYSDIR%\dnssd.dll [Apple Inc.] [Bonjour] MD5=A74D8663CDE5D68E1F6A766503F60858 SIZE=61440
%PROGRAMFILES%\iTunes\CDDBControlApple.dll [Gracenote, Inc.] [CDDBControl Core Module] MD5=8A6FABBED6D4A2634D8654E7B523CEB8 SIZE=438272
%PROGRAMFILES%\iPod\bin\iPodService.exe [Apple Inc.] [iTunes] MD5=1CB96E83FD76EB5580451CEF29E24303 SIZE=504104
%PROGRAMFILES%\iPod\bin\iPodService.Resources\de.l proj\iPodServiceLocalized.DLL [Apple Inc.] [iTunes] MD5=ED6ACD0121A128E935F4FF72707A19AF SIZE=43520
%PROGRAMFILES%\iPod\bin\iPodService.Resources\iPod Service.DLL [Apple Inc.] [iTunes] MD5=EA1A04BB39E2C7503D29A6E664EAC656 SIZE=42496
%COMMONFILES%\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe [AppleMobileDeviceHelper] MD5=1033CFD72852C1DD1DFBC605358B17D5 SIZE=141048
%COMMONFILES%\Apple\Mobile Device Support\bin\YSFileShim.dll [YSFileShim.dll] MD5=237FDCF0DE95460512B73240E234A168 SIZE=18267
%COMMONFILES%\Apple\Mobile Device Support\bin\pthreadGC2.dll [Open Source Software community project] MD5=08871BEFF1949B3C1DACCB96C53DEF34 SIZE=52045
%COMMONFILES%\Apple\Mobile Device Support\bin\libobjc.i386.A.dll MD5=EFF60AD2E551E8FEE55D074CBE11B954 SIZE=645739
%COMMONFILES%\Apple\Mobile Device Support\bin\CoreFoundation.dll [CoreFoundation] MD5=D7E0577370999C9031359C8C4A791139 SIZE=1192780
%COMMONFILES%\Apple\Mobile Device Support\bin\icuuc36.dll MD5=E6C13340DFDD9690E6E9927D65B437C7 SIZE=985379
%COMMONFILES%\Apple\Mobile Device Support\bin\icudt36.dll MD5=9E6E80D016E1645EE739635E6207DE53 SIZE=7348094
%COMMONFILES%\Apple\Mobile Device Support\bin\icuin36.dll MD5=9AE0454E6A48E7B9FDD72CAAA3D8B213 SIZE=863707
%COMMONFILES%\Apple\Mobile Device Support\bin\Foundation.dll [Foundation] MD5=5D3E0E4F09AC39CC4897609CE0F95A47 SIZE=2360089
%COMMONFILES%\Apple\Mobile Device Support\bin\libtidy.dll [libtidy.dll] MD5=601D6A425815FED545CB3EBCFEC9C67B SIZE=319488
%COMMONFILES%\Apple\Mobile Device Support\bin\libxml2.dll MD5=8800E1767924E38A38B798AFC51DECE7 SIZE=1030286
%COMMONFILES%\Apple\Mobile Device Support\bin\CFNetwork.dll [Apple Computer, Inc.] [CFNetwork] MD5=ACEE3A66A0FA712C92BCC8B13C41C8F6 SIZE=815104
%COMMONFILES%\Apple\Mobile Device Support\bin\sqlite3.dll MD5=69A180B5453EB411D1F88870ED0C054A SIZE=321536
%COMMONFILES%\Apple\Mobile Device Support\bin\SyncServices.dll [SyncServices] MD5=FC429F019301BEEB3922877B19A39167 SIZE=1432999
%COMMONFILES%\Apple\Mobile Device Support\bin\LIBEAY32.dll [The OpenSSL Project, http://www.openssl.org/] [The OpenSSL Toolkit] MD5=107C574F63F7E223E5AA59CDC029B7F5 SIZE=1118208
%COMMONFILES%\Apple\Mobile Device Support\bin\SyncServicesUI.dll [SyncServicesUI] MD5=6166D72024068A22C1C3F3B02BD7E999 SIZE=185250
%COMMONFILES%\Apple\Mobile Device Support\bin\DeviceLink.dll [DeviceLink] MD5=BAAC43BFBEAFCE329DEEB64986C9FDF2 SIZE=134972
%COMMONFILES%\Apple\Mobile Device Support\bin\MobileDevice.dll [MobileDevice] MD5=7EA3B02F365DACA9CB1C969FD92E0008 SIZE=227003
%COMMONFILES%\Apple\Mobile Device Support\bin\SSLEAY32.dll [The OpenSSL Project, http://www.openssl.org/] [The OpenSSL Toolkit] MD5=40C01EB7D550BF0C83A392A10E0BBE46 SIZE=262144
%COMMONFILES%\Apple\Mobile Device Support\bin\distnoted.exe [distnoted.exe] MD5=69591862E9077A9574E4F09FA0B9F452 SIZE=14864
%PROGRAMFILES%\avira\antivir personaledition classic\avscan.exe [Avira GmbH] [AntiVir Workstation] MD5=5C8E965EA3C4B01AD8B60BB3C4BB8696 SIZE=311553
%PROGRAMFILES%\avira\antivir personaledition classic\AVSCAN.DLL [Avira GmbH] [AntiVir Workstation] MD5=EDF1E72E7DBEE138785183F101D2C14C SIZE=57601
%PROGRAMFILES%\avira\antivir personaledition classic\LUKE.DLL [Avira GmbH] [AntiVir Workstation] MD5=C23305C10C07203AF8502929EBE70EBC SIZE=151809
%PROGRAMFILES%\avira\antivir personaledition classic\LUKERES.DLL [Avira GmbH] [AntiVir Workstation] MD5=DD053440021EF6ED10ED70089B50CDF7 SIZE=12545
%PROGRAMFILES%\avira\antivir personaledition classic\AVREP.DLL [Avira GmbH] [AVREP] MD5=6760E9DF90E779A073830888F55C03AE SIZE=155688
%PROGRAMFILES%\avira\antivir personaledition classic\AVWINLL.DLL [Avira GmbH] [AntiVir Windows Workstation] MD5=FF508E14A676503D279D2C1D8B25C01A SIZE=14593
%PROGRAMFILES%\WinRAR\rarext.dll MD5=023707D932BA31314210E6844D33D500 SIZE=129024
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\shlext.dll [Avira GmbH] [AntiVir Workstation] MD5=655A36AB49696FFE33FB376719B298C1 SIZE=69889
%WINDIR%\axrfgvek.dll MD5=49614F40EAA2DFBF18E0FFC4C07E9C73 SIZE=225280
%PROGRAMFILES%\OpenOffice.org 2.4\program\shlxthdl.dll [Sun Microsystems, Inc.] MD5=6CAAD84E67A4C29EFEDE6C7CDC369158 SIZE=339968
%PROGRAMFILES%\OpenOffice.org 2.4\program\stlport_vc7145.dll [STLport Consulting, Inc.] [STLport Standard ANSI C++ Libarary] MD5=0C79E141A79474C8B6631B1A4796E6FE SIZE=577536
%SYSDIR%\igfxpph.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=F530CB6B04EC6477BF99B5B3860FF785 SIZE=143360
%SYSDIR%\igfxres.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=E2A31BB0D52BD13B8B38FD769716427F SIZE=155648
%SYSDIR%\igfxress.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=57D115732E23C8011655AA075B8DECBA SIZE=1503232
%PROGRAMFILES%\Mozilla Firefox\xul.dll [Mozilla Foundation] [Firefox] MD5=39C328430C118B57828DC813C9FCBC4B SIZE=9715200
%PROGRAMFILES%\Mozilla Firefox\sqlite3.dll [sqlite.org] [SQLite Database Library] MD5=9BDFA029B81E8B302366FF4C9D596CDF SIZE=414208
%PROGRAMFILES%\Mozilla Firefox\MOZCRT19.dll [Mozilla Foundation] [Mozilla Custom C Runtime] MD5=592031CE039622814FC4676E6EDDC1F7 SIZE=710144
%PROGRAMFILES%\Mozilla Firefox\nssutil3.dll [Mozilla Foundation] [Network Security Services] MD5=CC6481DC26844A21C51E4F1EC6AD2D6F SIZE=87552
%PROGRAMFILES%\Mozilla Firefox\components\browserdirprovider.dll [Mozilla Foundation] [Firefox] MD5=6355A25A9E6186492632D616C07055E8 SIZE=23040
%PROGRAMFILES%\Mozilla Firefox\nssdbm3.dll [Mozilla Foundation] [Network Security Services] MD5=186B1F7E9092C0EAEEADDC31319ACDA1 SIZE=103936
%PROGRAMFILES%\Mozilla Firefox\components\brwsrcmp.dll [Mozilla Foundation] [Firefox] MD5=4431CC01486DAAC7CFEAF08DF3DD99BA SIZE=134144
%APPDATA%\Mozilla\Firefox\Profiles\38qbs277.defaul t\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes. dll MD5=79E8B2ED91E0C4C06A89D94E6F955DA7 SIZE=172032
deskpan.dll
%PROGRAMFILES%\iTunes\iTunesMiniPlayer.dll [Apple Inc.] [iTunes] MD5=CB77693D6E94DA5DF7AA007B0671D42C SIZE=132392
%SYSDIR%\igfxdev.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=A56583F05DDDE0B425ACBF5BE60FBACC SIZE=131072
%SYSDIR%\svchost.exe -k netsvcs
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avgio.sys [Avira GmbH] [AntiVir] MD5=71A751D7F8B0219BCF827596FC5AF318 SIZE=11840
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [Avira GmbH] [AntiVir Workstation] MD5=CF8A756118FC374C494FB8C86C03BCC7 SIZE=52032
%SYSDIR%\DRIVERS\avipbb.sys [Avira GmbH] MD5=F41752812E23BDBDCAFEC310C38AB3FA SIZE=79424
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\e100b325.sys [Intel Corporation] [Intel(R) PRO/100 Adapter] MD5=95974E66D3DE4951D29E28E8BC0B644C SIZE=155648
%SYSDIR%\Drivers\GEARAspiWDM.sys [GEAR Software Inc.] [CD DVD Filter] MD5=5DC17164F66380CBFEFD895C18467773 SIZE=16168
%SYSDIR%\DRIVERS\hamachi.sys [LogMeIn, Inc.] [Hamachi Virtual Network Interface Driver] MD5=7929A161F9951D173CA9900FE7067391 SIZE=25280
%SYSDIR%\svchost.exe -k HTTPFilter
%SYSDIR%\DRIVERS\ialmnt5.sys [Intel Corporation] [Intel Graphics Accelerator Drivers for Windows NT(R)] MD5=0294A30B302CA71A2C26E582DDA93486 SIZE=830684
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\svchost -k rpcss
%SYSDIR%\drivers\sfdrv01.sys [Protection Technology] [StarForce Protection System] MD5=4C0D673281178CB496011A2E28571FC8 SIZE=50688
%SYSDIR%\drivers\sfhlp02.sys [Protection Technology] [StarForce Protection System] MD5=15BE2B5E4DC5B8623CF167720682ABC9 SIZE=6656
%SYSDIR%\drivers\sfvfs02.sys [Protection Technology] [StarForce Protection System] MD5=D5A7E09D2C6A702809E49190D52ADC9F SIZE=63488
%SYSDIR%\DRIVERS\ssmdrv.sys [AVIRA GmbH] MD5=71D609C5DFF067906D930BDE031C4CFE SIZE=21248
%SYSDIR%\drivers\sthda.sys [SigmaTel, Inc.] [C-Major Audio] MD5=2A2DC39623ADEF8AB3703AB9FAC4B440 SIZE=1047816

End of Report

lockenkopf · 03.07.2008, 08:53

Jetzt stürtzt sogar regelmäßig Mozilla ab.....

lockenkopf · 03.07.2008, 08:58

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:56: VIRUS ALERT!, on 03.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DNA\btdna.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Jaunty_Locke\Desktop\Hijack\HijackTh is.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by JAUNTY-PC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [20625b85] rundll32.exe "C:\DOKUME~1\JAUNTY~1\LOKALE~1\Temp\psxqsmud.dll", b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\Toolbar\ctbr.dll
O21 - SSODL: axrfgvek - {5DA8D64C-5857-4B73-99C5-9FBF1197AE39} - C:\WINDOWS\axrfgvek.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe

--
End of file - 4604 bytes

Avira · 03.07.2008, 08:59

Sorry verlesen

EDIT:
Du makierst diese eintrage und drückst unten auf "fix checked und startest den PC neu unt Postes dein neues Hijackthis.

C:\Programme\DNA\btdna.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2

O4 - HKLM\..\Run: [20625b85] rundll32.exe "C:\DOKUME~1\JAUNTY~1\LOKALE~1\Temp\psxqsmud.dll", b

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

O21 - SSODL: axrfgvek - {5DA8D64C-5857-4B73-99C5-9FBF1197AE39} - C:\WINDOWS\axrfgvek.dll

Dann lädst du dir Combofix updates das und schaltest die systemwiederherstellung aus indem du rechts auf Arbeitsplatz->eigendschaften->systemwiederherstellung->Deaktivieren startest im abgesicherten modus und machst damit einen scann wichtig du darfst die maus nicht bewegen.

lockenkopf · 03.07.2008, 12:10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08: VIRUS ALERT!, on 03.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spyware Terminator\SpywareTerminator.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Jaunty_Locke\Desktop\Hijack\HijackTh is.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by JAUNTY-PC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\Toolbar\ctbr.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe

--
End of file - 4128 bytes

TIPower · 03.07.2008, 12:29

hijackthis ist sauber steht das da unten immer noch.

lockenkopf · 03.07.2008, 12:32

Avira, wärst du ne Frau würde ich dich jetzt heiraten ;-)
Scherz. Alles ist (soweit) in Ordnung! Vielen, vielen Dank!

Hier die Log-Datei:

ComboFix 08-07-02.5 - Jaunty_Locke 2008-07-03 13:20:52.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.833 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Jaunty_Locke\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\Microso ft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\WINDOWS\ewrf.exe
C:\WINDOWS\system32\ijSsDJlm.ini
C:\WINDOWS\system32\ijSsDJlm.ini2
C:\WINDOWS\system32\lcoasgkg.ini
C:\WINDOWS\system32\mlJDsSji.dll
D:\Autorun.inf

.
((((((((((((((((((((((( Dateien erstellt von 2008-06-03 bis 2008-07-03 ))))))))))))))))))))))))))))))
.

2008-07-02 13:18 . 2008-07-03 13:24 <DIR> d-------- C:\Programme\WinClamAVShield
2008-07-02 13:11 . 2008-07-03 09:47 <DIR> d-------- C:\Programme\Spyware Terminator
2008-07-02 13:11 . 2008-07-02 13:12 <DIR> d-------- C:\Programme\Crawler
2008-07-02 13:11 . 2008-07-03 13:04 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\Spyware Terminator
2008-07-02 13:11 . 2008-07-03 09:42 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2008-07-02 13:11 . 2008-07-02 13:11 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-07-02 12:46 . 2008-07-02 12:46 <DIR> d-------- C:\Programme\VS Revo Group
2008-07-02 12:17 . 2008-07-02 12:17 28,288 --a------ C:\WINDOWS\system32\xxyWmMcY.dll
2008-07-02 12:16 . 2008-07-02 02:21 339,968 --a------ C:\WINDOWS\kgqfweltrmp.dll
2008-07-02 12:16 . 2008-07-02 02:21 253,952 --a------ C:\WINDOWS\okmdepgb.dll.ren
2008-07-02 12:16 . 2008-07-02 02:21 225,280 --a------ C:\WINDOWS\axrfgvek.dll
2008-07-02 12:16 . 2008-07-02 02:21 81,920 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-06-29 21:39 . 2008-06-29 21:39 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\WINDOWS
2008-06-29 21:39 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-06-29 21:16 . 2008-06-29 21:16 <DIR> d-------- C:\Programme\DVD ******
2008-06-29 21:16 . 2008-06-29 21:39 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DVD ******
2008-06-29 17:41 . 2008-06-29 17:41 <DIR> d-------- C:\Programme\iTunes
2008-06-29 17:41 . 2008-06-29 17:41 <DIR> d-------- C:\Programme\iPod
2008-06-29 17:41 . 2008-06-29 17:41 <DIR> d-------- C:\Programme\Bonjour
2008-06-29 17:41 . 2008-06-29 17:52 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\Apple Computer
2008-06-29 17:40 . 2008-06-29 17:40 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-29 17:40 . 2008-06-29 17:41 <DIR> d-------- C:\Programme\QuickTime
2008-06-29 17:40 . 2008-06-29 17:40 <DIR> d-------- C:\Programme\Apple Software Update
2008-06-29 17:40 . 2008-06-29 17:41 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-06-29 17:39 . 2008-06-29 17:39 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Apple
2008-06-29 17:39 . 2008-06-29 17:39 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2008-06-29 14:54 . 2008-06-29 14:54 <DIR> d-------- C:\Programme\SigmaTel
2008-06-29 14:54 . 2005-11-16 15:36 1,047,816 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2008-06-29 14:54 . 2005-11-16 15:35 172,032 --a------ C:\WINDOWS\system32\stacapi.dll
2008-06-29 14:54 . 2004-08-04 00:58 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-06-29 14:54 . 2004-08-04 00:58 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-06-29 14:54 . 2005-11-16 15:35 112,128 --a------ C:\WINDOWS\system32\staco.dll
2008-06-29 14:54 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-06-29 14:54 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-06-29 14:54 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-06-29 14:54 . 2004-08-03 22:58 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys
2008-06-29 14:54 . 2004-08-04 00:57 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-06-29 14:54 . 2004-08-04 00:57 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2008-06-29 14:41 . 2008-06-29 14:41 <DIR> d-------- C:\Programme\Trend Micro
2008-06-28 22:15 . 2008-06-28 22:15 <DIR> d-------- C:\Programme\Ashampoo
2008-06-28 22:15 . 2008-06-28 22:15 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\Ashampo o
2008-06-28 22:15 . 2008-06-28 22:15 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
2008-06-28 21:45 . 2008-06-28 21:45 <DIR> d-------- C:\Programme\InfraRecorder
2008-06-28 21:45 . 2008-06-28 21:55 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\InfraRe corder
2008-06-25 13:16 . 2008-06-29 09:14 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\OpenOff ice.org2
2008-06-24 21:53 . 2008-06-24 21:53 <DIR> d-------- C:\Programme\Hamachi
2008-06-24 21:53 . 2008-06-30 14:11 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\Hamachi
2008-06-24 21:53 . 2008-06-24 21:53 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-24 15:51 . 2008-06-24 15:51 <DIR> d-------- C:\Programme\DNA
2008-06-24 15:51 . 2008-06-24 15:51 <DIR> d-------- C:\Programme\BitTorrent
2008-06-24 15:51 . 2008-07-03 10:02 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\DNA
2008-06-24 15:51 . 2008-07-01 01:20 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\BitTorr ent
2008-06-24 15:49 . 2005-04-05 14:23 155,648 --a------ C:\WINDOWS\system32\igfxres.dll
2008-06-24 15:41 . 2003-11-03 18:15 1,902 --------- C:\WINDOWS\system32\SetupBD.din
2008-06-24 00:12 . 2008-06-24 00:12 <DIR> d-------- C:\Programme\OpenOffice.org 2.4
2008-06-23 17:03 . 2008-06-23 17:03 <DIR> d-------- C:\Programme\MySpace
2008-06-23 17:03 . 2008-06-23 17:03 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\MySpace
2008-06-23 17:02 . 2008-06-23 17:02 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
2008-06-23 17:01 . 2008-06-23 17:01 <DIR> d-------- C:\Programme\Last.fm
2008-06-22 23:12 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-06-22 23:08 . 2008-06-22 23:08 <DIR> d-------- C:\Programme\Realtek
2008-06-22 23:08 . 2008-03-05 18:07 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2008-06-22 23:08 . 2008-06-22 23:08 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-06-22 23:08 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-22 21:12 . 2008-06-22 21:12 <DIR> d-------- C:\Programme\Creative
2008-06-22 21:00 . 2008-06-22 21:00 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\vlc
2008-06-22 20:52 . 2008-06-22 20:52 <DIR> d-------- C:\Programme\VideoLAN
2008-06-22 20:38 . 2008-06-22 20:40 <DIR> d-------- C:\Programme\Winamp
2008-06-22 20:38 . 2008-06-23 12:54 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\Winamp
2008-06-22 20:35 . 2008-06-22 20:35 <DIR> d-------- C:\Programme\foobar2000
2008-06-22 20:35 . 2008-06-29 17:27 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\foobar2 000
2008-06-22 20:23 . 2008-06-22 20:23 <DIR> d-------- C:\Programme\IrfanView
2008-06-22 16:17 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-06-22 16:16 . 2008-06-22 16:16 <DIR> d-------- C:\WINDOWS\Logs
2008-06-22 16:16 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-06-22 16:16 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-06-22 16:16 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-06-22 16:16 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-22 16:16 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-06-22 16:16 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-06-22 16:16 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-06-22 16:16 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-06-22 16:16 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-06-22 16:15 . 2008-06-22 16:16 <DIR> d-------- C:\Programme\Direct X
2008-06-22 15:19 . 2008-06-29 15:23 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\gtk-2.0
2008-06-22 15:17 . 2008-06-22 15:17 <DIR> d-------- C:\Programme\Avira
2008-06-22 14:30 . 2008-07-01 21:33 <DIR> d-------- C:\Dokumente und Einstellungen\Jaunty_Locke\Anwendungsdaten\.purple
2008-06-22 14:23 . 2008-06-22 14:23 <DIR> d-------- C:\Programme\Pidgin
2008-06-22 14:22 . 2008-06-22 14:22 <DIR> d-------- C:\Programme\Gemeinsame Dateien\GTK
2008-06-22 14:21 . 2008-06-22 15:17 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-06-22 14:04 . 2008-06-22 14:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-21 15:51 . 2008-06-21 15:51 531 --a------ C:\WINDOWS\eReg.dat
2008-06-21 06:24 . 2008-06-29 14:54 <DIR> d--h----- C:\Programme\InstallShield Installation Information
2008-06-21 06:24 . 2008-06-21 06:24 <DIR> d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2008-06-21 03:55 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-06-21 01:11 . 2008-06-22 21:22 <DIR> d-------- C:\Programme\Intel
2008-06-21 01:10 . 2004-11-16 17:52 126,976 --a------ C:\WINDOWS\system32\Prounstl.exe
2008-06-21 01:10 . 2004-11-16 09:16 36,864 --a------ C:\WINDOWS\system32\e100bmsg.dll
2008-06-21 01:10 . 2004-10-29 17:01 19,456 --a------ C:\WINDOWS\system32\IntelNic.dll
2008-06-21 01:10 . 2004-10-14 16:22 5,110 --a------ C:\WINDOWS\system32\e100b325.din

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))) ))))
.
2008-06-20 22:02 --------- d-----w C:\Programme\microsoft frontpage
2008-06-20 22:00 --------- d-----w C:\Programme\Online-Dienste
2008-06-20 21:59 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
2008-06-13 15:11 4,754,944 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-06-13 12:50 16,871,936 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}]
2008-07-02 12:17 28288 --a------ C:\WINDOWS\system32\xxyWmMcY.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A31FA1E-5EB1-493D-AF19-8E80D13F71FF}]
2008-07-02 02:21 339968 --a------ C:\WINDOWS\kgqfweltrmp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"MySpaceIM"="C:\Programme\MySpace\IM\MySpaceIM.exe " [2008-04-18 01:27 9117696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.ex e" [2005-04-05 14:23 114688]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.e xe" [2008-06-02 11:13 267048]
"SpywareTerminator"="C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe" [2008-07-02 13:11 1817600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]
"MySpaceIM"="C:\Programme\MySpace\IM\MySpaceIM.exe " [2008-04-18 01:27 9117696]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}"= "C:\WINDOWS\system32\xxyWmMcY.dll" [2008-07-02 12:17 28288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyWmMcY]
2008-07-02 12:17 28288 C:\WINDOWS\system32\xxyWmMcY.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSVolFE]
--------- 2005-02-23 15:57 57344 C:\Programme\Creative\Mixer\CTSVolFE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Programme\\DNA\\btdna.exe"=
"C:\\Programme\\BitTorrent\\bittorrent.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\MySpace\\IM\\MySpaceIM.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-07-02 13:11]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d207c1eb-3f1a-11dd-836c-d7451370f3e0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MARTINR.vbs

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 13:24:26
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\xxyWmMcY.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Zeit der Fertigstellung: 2008-07-03 13:26:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-03 11:26:00

6 Verzeichnis(se), 100,248,752,128 Bytes frei
8 Verzeichnis(se), 100,195,520,512 Bytes frei

209

TIPower · 03.07.2008, 12:33

Jo

Info:Ich bin Avira haben 2 Acc.

Avira · 03.07.2008, 12:36

Jo nichts zu danken.

lockenkopf · 03.07.2008, 12:36

Jetzt noch die neue Hijackthis Logdatei:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33, on 03.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [20625b85] rundll32.exe "C:\WINDOWS\system32\fpyxuvsl.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\Toolbar\ctbr.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe

--
End of file - 4305 bytes

Sie betrachten gerade: Virus