ULL

Hallo ich habe ein Problem!

Ich habe mir einen Virus irgentwo her geholt und ich weis nicht wie ich Ihn wieder wegbekomme.Als ich meinen Anti-Vir durchlaufen lies machte mein PC dieses ekelhafte, nix gutes versprechendes Virusgeräusch.Als ich meinen Desktop mal angucken wollte stellte ich mit ensetzen fest das dieser Virus meinen Hintergrund geändert hat!Dieser war nun blau und dort stand das ich einen Spywaredocter kaufen sollte oder sowas.Nun brachte mir mein Anti.Vir diesen Virus zutage:VBS/Agent.1002 Dieser befindet sich wohl im Verzeichniss C:/Olli/AppData/Local/Temp.tt9157.tmp.vbs (Olli heist glaube ich mein PC xD) ich gehe jedesmal auf löschen aber dieser Virus ist immer wieder da!!Zudem finde ich in meinen Prozessemanager den Prozess: lphc3j9j0e92v
dieser hat als Bild sowas wie ein WinRar ordner, nur das dieser hier komplett schwarz ist!Weis einer was das ist?Den habe ich vorher glaube ich noch nicht gehabt!
Da ich ein absoluter Trotel in diesem Gebiet bin, habe ich mir ein paar vorherige Post's angeguckt, da stand immer was von so einem HijackThis.Das hab ich mir downgeloadet und das kam heraus :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:40, on 02.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://deutsch.eazel.com/de/index.ph...pag&d=79919381
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKCU\..\Run: [lphc3j9j0e92v] C:\Windows\system32\lphc3j9j0e92v.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Olli\AppData\LocalLow\Dealio\kb127\res\De alioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 7273 bytes



so ich hab keine Ahnung wie ich den Wegbekomme??...oder sollte ich mir eine Externe Festplatte kaufen und meine liebsten Spiele und Anwendungen daraufziehen??

ULL

Hallo keiner einen Plan=?

TIPower

Lade dir malwarebytes , update es und führe es im abgesicherten modus aus funde löschen report posten.

ULL

Malwarebytes' Anti-Malware 1.24
Datenbank Version: 1020
Windows 6.0.6001 Service Pack 1

21:25:49 03.08.2008
mbam-log-8-3-2008 (21-25-49).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 33026
Laufzeit: 2 minute(s), 14 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Program Files\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Obwohl ich dazu sagen muss das ich diese Obszön anmutende Datei lphc3j9j0e92v überall herausgelöscht habe, samt diesen Bild , was bei mir immer als Desktophintergrund verwendet wurde (ich meine das wo ich gesagt bekomme das ich Spyware kaufen soll).

Leonixx

Aloha,

bitte nach Malewarebytes ein neues HJT Logfile posten. Hast du noch Probleme?

Gruss Leonixx

ULL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:40, on 02.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://deutsch.eazel.com/de/index.ph...pag&d=79919381
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKCU\..\Run: [lphc3j9j0e92v] C:\Windows\system32\lphc3j9j0e92v.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Olli\AppData\LocalLow\Dealio\kb127\res\De alioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 7273 bytes



Naja eigentlich hat mein PC jetzt nix mehr gefunden, mein Bildschirm ändert seinen Hintergrund nicht mehr von alleine.Kann das sein das der jetzt weg ist?

Leonixx

Aloha,

clean ist dein System immer noch nicht.

Bitte diese dll bei Virustotal hochladen. Auf der Webseite auf Datei hochladen gehen, dann unter Laufwerk C, Ordner Program Files usw. die Datei suchen und hochladen. Anschließend bitte die Auswertung hier posten.

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

Bitte auch diese Datei hochladen und auswerten lassen. Report hier posten.
O4 - HKCU\..\Run: [lphc3j9j0e92v] C:\Windows\system32\lphc3j9j0e92v.exe

http://www.virustotal.com/de/


Wenn du die Datei nicht finden kannst, dann musst du die versteckten Systemordner sichtbar machen.

http://www.winhilfe.info/Windows_XP/...n_20050530101/

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)


O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)

Danach nochmal HJT starten, do a system scan, auf die Kästchen dieser Einträge klicken und unten auf den Button Fix Checked drücken. Danach System neustarten und neues Logfile hier posten. Aber bitte erst nach der Auswertung von Virustotal.


Gruss Leonixx

ULL

öhm also bei Dieser Searchsettings.dll kam dieses hier heraus (vorausgesetzt es ist das richtige^^:

Datei SearchSettings.dll empfangen 2008.08.04 20:24:41 (CET)
Status: Beendet
Ergebnis: 0/36 (0%)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.8.5.0 2008.08.04 -
AntiVir 7.8.1.15 2008.08.04 -
Authentium 5.1.0.4 2008.08.04 -
Avast 4.8.1195.0 2008.08.04 -
AVG 8.0.0.156 2008.08.04 -
BitDefender 7.2 2008.08.04 -
CAT-QuickHeal 9.50 2008.08.04 -
ClamAV 0.93.1 2008.08.04 -
DrWeb 4.44.0.09170 2008.08.04 -
eSafe 7.0.17.0 2008.08.03 -
eTrust-Vet 31.6.6007 2008.08.04 -
Ewido 4.0 2008.08.04 -
F-Prot 4.4.4.56 2008.08.03 -
F-Secure 7.60.13501.0 2008.08.04 -
Fortinet 3.14.0.0 2008.08.04 -
GData 2.0.7306.1023 2008.08.04 -
Ikarus T3.1.1.34.0 2008.08.04 -
K7AntiVirus 7.10.402 2008.08.02 -
Kaspersky 7.0.0.125 2008.08.04 -
McAfee 5352 2008.08.01 -
Microsoft 1.3807 2008.08.04 -
NOD32v2 3324 2008.08.04 -
Norman 5.80.02 2008.08.04 -
Panda 9.0.0.4 2008.08.04 -
PCTools 4.4.2.0 2008.08.04 -
Prevx1 V2 2008.08.04 -
Rising 20.56.02.00 2008.08.04 -
Sophos 4.31.0 2008.08.04 -
Sunbelt 3.1.1537.1 2008.08.01 -
Symantec 10 2008.08.04 -
TheHacker 6.2.96.393 2008.08.04 -
TrendMicro 8.700.0.1004 2008.08.04 -
VBA32 3.12.8.2 2008.08.04 -
ViRobot 2008.8.4.1322 2008.08.04 -
VirusBuster 4.5.11.0 2008.08.04 -
Webwasher-Gateway 6.6.2 2008.08.04 -
weitere Informationen
File size: 1107296 bytes
MD5...: eb4c462719777861ed8ba2170a83ba05
SHA1..: 6ceeb2c28ab9550e7d1ec125b45b08f665f14927
SHA256: 838993c68dd7251cce8813f64b839e86f7d9a4508aaf4424c9 111eb32ebf70ba
SHA512: 524bdb3efb4892cb3ee0e32c8e62064416af4955c279c56d86 81f438775a3257
38558c66f584c54f53cd6e28a5286cf695d3f15d9282956794 7e1e8aa9d2c46d
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10084c8f
timedatestamp.....: 0x48060f39 (Wed Apr 16 14:37:45 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8c1a3 0x8c200 6.02 c972a6a00738c06155a12366fd3b14cd
.rdata 0x8e000 0xe9bb 0xea00 4.71 8730b62ff09bc871e3954b9b77fa68db
.data 0x9d000 0x64c68 0x63600 3.77 f40792ed1663017ce3a228c62ab2654a
.rsrc 0x102000 0x1ab8 0x1c00 3.88 fb2fd7a5a65dab9bd7f84f4e55db9fb2
.reloc 0x104000 0xcde2 0xce00 6.43 1e0b5e968b1aa6eca4da9be8319394ae

( 13 imports )
> KERNEL32.dll: SizeofResource, LoadResource, FindResourceW, GetLastError, LoadLibraryExW, MultiByteToWideChar, lstrcmpiW, lstrcpynW, InitializeCriticalSection, lstrcatW, HeapDestroy, DeleteCriticalSection, DeleteAtom, GlobalReAlloc, MulDiv, LocalLock, LocalUnlock, WaitForSingleObject, CreateThread, GetFileSize, ExpandEnvironmentStringsW, GlobalUnlock, GlobalLock, GlobalAlloc, GetProcAddress, LoadLibraryW, lstrcpyW, lstrcmpW, InterlockedDecrement, InterlockedIncrement, lstrlenA, FreeLibrary, lstrlenW, GetModuleFileNameW, GetModuleHandleW, GetShortPathNameW, GetCurrentProcess, FlushInstructionCache, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, EnumUILanguagesW, OpenMutexW, ReleaseMutex, CreateMutexW, SetErrorMode, GlobalFree, IsDBCSLeadByteEx, CompareStringW, LocalAlloc, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, GetPriorityClass, GetCurrentThread, GetProcessHeap, HeapAlloc, HeapFree, GetExitCodeProcess, GetVersionExW, OpenProcess, TerminateProcess, CreateProcessW, WriteFile, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, RemoveDirectoryW, GetTempFileNameW, WideCharToMultiByte, DeleteFileW, CopyFileW, CreateFileW, SetFilePointer, GetTempPathW, ReadFile, CloseHandle, FindFirstFileW, FindNextFileW, FindClose, LocalFree, OutputDebugStringW, SetLastError, CreateDirectoryW, GetLocalTime, FormatMessageW, QueryPerformanceCounter, QueryPerformanceFrequency, GetCurrentProcessId
> USER32.dll: GetDlgItem, SendMessageW, InvalidateRgn, InvalidateRect, SetCapture, ReleaseCapture, CreateAcceleratorTableW, LoadStringW, SetForegroundWindow, EnumChildWindows, CallWindowProcW, IsWindowVisible, GetWindowThreadProcessId, DrawFocusRect, ScreenToClient, GetWindowRect, InflateRect, SetDlgItemTextW, ModifyMenuW, IsMenu, LoadImageW, EnumWindows, LoadBitmapW, PostMessageW, ShowWindow, EndDialog, DialogBoxIndirectParamW, MessageBoxW, SystemParametersInfoW, GetWindowDC, SetRect, SetPropW, SetCursor, RemovePropW, GetPropW, PtInRect, MapDialogRect, GetDialogBaseUnits, GetParent, GetClassNameW, RedrawWindow, SetWindowPos, GetClientRect, BeginPaint, FillRect, EndPaint, GetDC, ReleaseDC, IsChild, GetFocus, SetFocus, GetSysColor, GetWindowTextLengthW, GetWindowTextW, SetWindowTextW, GetWindow, GetWindowLongW, DefWindowProcW, CharNextW, CreateWindowExW, SetWindowLongW, GetClassInfoExW, LoadCursorW, wsprintfW, RegisterClassExW, DestroyWindow, IsWindow, GetDesktopWindow, RegisterWindowMessageW, GetSystemMetrics
> GDI32.dll: GetDIBits, GetStockObject, GetObjectW, CreateSolidBrush, DeleteObject, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, BitBlt, DeleteDC, GetDeviceCaps, CreateFontIndirectW, CreateDCW, SetBkColor, CreateBitmap, CombineRgn, ExtCreateRegion, CreateDIBSection, MaskBlt, GetPixel, Rectangle, ExtTextOutW, SetTextColor
> ADVAPI32.dll: CryptHashData, RegEnumValueW, RegQueryInfoKeyW, RegSetValueExW, RegEnumKeyExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, CryptReleaseContext, CryptDestroyHash, CryptGetHashParam, CopySid, GetLengthSid, IsValidSid, GetTokenInformation, GetSidSubAuthority, GetSidSubAuthorityCount, GetSidIdentifierAuthority, OpenProcessToken, OpenThreadToken, GetUserNameW, CheckTokenMembership, GetSecurityDescriptorSacl, RegQueryValueExW, RegRestoreKeyW
> ole32.dll: StringFromCLSID, CLSIDFromString, CLSIDFromProgID, CoInitialize, CoUninitialize, CoCreateInstance, OleInitialize, CreateStreamOnHGlobal, CoCreateGuid, StringFromGUID2, OleUninitialize, CoTaskMemRealloc, CoTaskMemAlloc, OleLockRunning, CoTaskMemFree
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> OLEPRO32.DLL: -
> MSIMG32.dll: AlphaBlend
> MSVCP60.dll: _compare@_$basic_string@GU_$char_traits@G@std@@V_$ allocator@G@2@@std@@QBEHPBG@Z, _c_str@_$basic_string@DU_$char_traits@D@std@@V_$al locator@D@2@@std@@QBEPBDXZ, __1_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@XZ, _length@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QBEIXZ, __Y_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAEAAV01@ABV01@@Z, __Y_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAEAAV01@PBG@Z, __Y_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAEAAV01@G@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$a llocator@G@2@@std@@QAEAAV12@PBGI@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$a llocator@G@2@@std@@QAEAAV12@PBGI@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$a llocator@G@2@@std@@QAEAAV12@PBG@Z, _reserve@_$basic_string@GU_$char_traits@G@std@@V_$ allocator@G@2@@std@@QAEXI@Z, _empty@_$basic_string@GU_$char_traits@G@std@@V_$al locator@G@2@@std@@QBE_NXZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QAEAAV12@PBD@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z, _close@_$basic_ifstream@DU_$char_traits@D@std@@@st d@@QAEXXZ, _getline@_$basic_istream@DU_$char_traits@D@std@@@s td@@QAEAAV12@PADHD@Z, _seekg@_$basic_istream@DU_$char_traits@D@std@@@std @@QAEAAV12@JW4seekdir@ios_base@2@@Z, _read@_$basic_istream@DU_$char_traits@D@std@@@std@ @QAEAAV12@PADH@Z, __7ios_base@std@@QBE_NXZ, _open@_$basic_ifstream@DU_$char_traits@D@std@@@std @@QAEXPBDH@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAEAAV01@PBD@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@ABV_$allocator@D@1@@Z, ___D_$basic_ifstream@DU_$char_traits@D@std@@@std@@ QAEXXZ, __0_$basic_ifstream@DU_$char_traits@D@std@@@std@@Q AE@XZ, __A_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAEAAGI@Z, _npos@_$basic_string@GU_$char_traits@G@std@@V_$all ocator@G@2@@std@@2IB, __Mstd@@YA_NABV_$basic_string@GU_$char_traits@G@st d@@V_$allocator@G@2@@0@0@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QAEAAV12@ABV12@@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@ @V_$allocator@G@2@@0@ABV10@PBG@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@ABV01@@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAEAAV01@ABV01@@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$a llocator@G@2@@std@@QAEAAV12@PBG@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAEAAV01@D@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAEAAV01@PBD@Z, __A_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QBEABDI@Z, _empty@_$basic_string@DU_$char_traits@D@std@@V_$al locator@D@2@@std@@QBE_NXZ, _erase@_$basic_string@GU_$char_traits@G@std@@V_$al locator@G@2@@std@@QAEAAV12@II@Z, _substr@_$basic_string@GU_$char_traits@G@std@@V_$a llocator@G@2@@std@@QBE_AV12@II@Z, _find@_$basic_string@GU_$char_traits@G@std@@V_$all ocator@G@2@@std@@QBEIPBGI@Z, _find_first_not_of@_$basic_string@GU_$char_traits@ G@std@@V_$allocator@G@2@@std@@QBEIABV12@I@Z, _find_last_not_of@_$basic_string@GU_$char_traits@G @std@@V_$allocator@G@2@@std@@QBEIABV12@I@Z, _replace@_$basic_string@GU_$char_traits@G@std@@V_$ allocator@G@2@@std@@QAEAAV12@IIPBG@Z, _replace@_$basic_string@GU_$char_traits@G@std@@V_$ allocator@G@2@@std@@QAEAAV12@IIABV12@@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QAEAAV12@PBD@Z, _find@_$basic_string@GU_$char_traits@G@std@@V_$all ocator@G@2@@std@@QBEIGI@Z, _end@_$basic_string@GU_$char_traits@G@std@@V_$allo cator@G@2@@std@@QAEPAGXZ, _begin@_$basic_string@GU_$char_traits@G@std@@V_$al locator@G@2@@std@@QAEPAGXZ, _insert@_$basic_string@GU_$char_traits@G@std@@V_$a llocator@G@2@@std@@QAEAAV12@IPBG@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@ @V_$allocator@G@2@@0@ABV10@0@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@ @V_$allocator@G@2@@0@PBGABV10@@Z, __9std@@YA_NABV_$basic_string@GU_$char_traits@G@st d@@V_$allocator@G@2@@0@0@Z, __Ostd@@YA_NABV_$basic_string@GU_$char_traits@G@st d@@V_$allocator@G@2@@0@0@Z, _find_last_of@_$basic_string@GU_$char_traits@G@std @@V_$allocator@G@2@@std@@QBEIPBGI@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$a llocator@G@2@@std@@QAEAAV12@ABV12@@Z, __0_Lockit@std@@QAE@XZ, __0Init@ios_base@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __0_Winit@std@@QAE@XZ, __1_Winit@std@@QAE@XZ, __0_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAE@PBGABV_$allocator@G@1@@Z, __1_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAE@XZ, _c_str@_$basic_string@GU_$char_traits@G@std@@V_$al locator@G@2@@std@@QBEPBGXZ, __9std@@YA_NABV_$basic_string@GU_$char_traits@G@st d@@V_$allocator@G@2@@0@PBG@Z, __4_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAEAAV01@PBG@Z, __8std@@YA_NABV_$basic_string@GU_$char_traits@G@st d@@V_$allocator@G@2@@0@0@Z, __4_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAEAAV01@ABV01@@Z, __8std@@YA_NABV_$basic_string@GU_$char_traits@G@st d@@V_$allocator@G@2@@0@PBG@Z, _find@_$basic_string@GU_$char_traits@G@std@@V_$all ocator@G@2@@std@@QBEIABV12@I@Z, _length@_$basic_string@GU_$char_traits@G@std@@V_$a llocator@G@2@@std@@QBEIXZ, _size@_$basic_string@GU_$char_traits@G@std@@V_$all ocator@G@2@@std@@QBEIXZ, __0_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAE@ABV01@@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAE@ABV_$allocator@G@1@@Z, __4_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAEAAV01@G@Z, __1_Lockit@std@@QAE@XZ
> MSVCRT.dll: tolower, isdigit, iswxdigit, strstr, _strupr, wcsncpy, wcscmp, towupper, _wcsupr, wcscpy, time, wcsncmp, strlen, localtime, _wcsicmp, _ltow, _wtol, _ultow, _itow, wcstok, _wtoi, swscanf, strncpy, _CxxThrowException, _except_handler3, _terminate@@YAXXZ, __dllonexit, _onexit, _initterm, _adjust_fdiv, __1type_info@@UAE@XZ, iswdigit, iswalnum, wcschr, wcslen, _vsnwprintf, _wstrdate, _wstrtime, _wopen, _write, _close, memcmp, _wcslwr, malloc, memset, realloc, free, __2@YAPAXI@Z, memcpy, _purecall, __CxxFrameHandler, wcsstr
> SHELL32.dll: SHFileOperationW, SHGetSpecialFolderPathW, SHGetFolderPathW, ShellExecuteExW, ShellExecuteW
> SHLWAPI.dll: PathRemoveFileSpecW
> WININET.dll: InternetSetOptionW, InternetQueryOptionW, InternetCloseHandle, InternetOpenW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, HttpQueryInfoW, InternetReadFile, InternetCrackUrlW, InternetCanonicalizeUrlW, InternetGetConnectedState

( 6 exports )
DW_DllRegisterServer, DW_DllUnregisterServer, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer



und diese lphc3j9j0e92v.exe ist nicht auffindbar, ich hatte sie ja auch gelöscht gehabt.Auch die versteckten Ordner habe ich sichtbar gemacht, nix zu finden.


HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:40, on 02.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://deutsch.eazel.com/de/index.ph...pag&d=79919381
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKCU\..\Run: [lphc3j9j0e92v] C:\Windows\system32\lphc3j9j0e92v.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Olli\AppData\LocalLow\Dealio\kb127\res\De alioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 7273 bytes

So habe auch diese Sachen gefixed, jetzt Systemneustart und dann noch ein logfile

ULL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:40, on 02.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://deutsch.eazel.com/de/index.ph...pag&d=79919381
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKCU\..\Run: [lphc3j9j0e92v] C:\Windows\system32\lphc3j9j0e92v.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Olli\AppData\LocalLow\Dealio\kb127\res\De alioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 7273 bytes

ChaosSpirit

Das nächste mal bitte erst SuFu benutzen. Ich hatte diese SpyWare auch schonmal auf'm PC gehabt und dazu das Thema mit einer gleichen Überschrift, wie deines, versehen.