Wenn du eine eigene Kopie ist das doch klar,oder reden wir aneinander vorbei  ???

Hallo!
Hab das Problem auch!
Hier mal mein Hijackthis Logfile!

 

Logfile of HijackThis v1.99.1
Scan saved at 12:13:15, on 24.06.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Firebird\Firebird_2_0\bin\fbguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Firebird\Firebird_2_0\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.6.0_01\bin\javaw.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Dokumente und Einstellungen\Tim\Eigene Dateien\Downloads\easytoolz\EasyToolz.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Dokumente und Einstellungen\Tim\Eigene Dateien\Downloads\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1und1.de/?ref=EasyLogin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Dokumente und Einstellungen\Tim\Eigene Dateien\ws.js
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVMFBoxMonitor] "C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: EasyToolz.lnk = C:\Dokumente und Einstellungen\Tim\Eigene Dateien\Downloads\easytoolz\EasyToolz.exe
O4 - Global Startup: Antivir.lnk = C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
O4 - Global Startup: FMS Crusader.lnk = C:\Programme\BayCom\FMSCrusaderV4-51\FMSCrusaderV4-51.jar
O4 - Global Startup: ZoneAlarm Security.lnk = C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9B54D52-5E09-47A8-B546-93CE174C03D5}: NameServer = 192.168.178.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Programme\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Programme\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

Hi,
1.Versuche das Log von Hijackthis mit der neuen version erstellen- ( http://www.hijackthis.de/de )
2.das sollte eine seite sein =? : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Dokumente und Einstellungen\Tim\Eigene Dateien\ws.js
wenn du das nicht kennst,fixen.
Lade die Datei mal mit Virustotal ( http://www.virustotal.com/de/ )
C:\Programme\BayCom\FMSCrusaderV4-51\FMSCrusaderV4-51.jar
(Pfad kannst du so übernehmen)
Poste bitte mal den Report von Malwarebytes,ist ja bei dir am laufen...
 Achja:
ZoneLabs ist nicht zu empfehlen

Hier neues LogFIle
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:30, on 24.06.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Firebird\Firebird_2_0\bin\fbguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Firebird\Firebird_2_0\bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.6.0_01\bin\javaw.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Dokumente und Einstellungen\Tim\Eigene Dateien\Downloads\easytoolz\EasyToolz.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Tim\Eigene Dateien\ICQ Lite\295840335\Lars112_360878852\zmodeler2\zmodeler2\ZModeler2.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1und1.de/?ref=EasyLogin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Dokumente und Einstellungen\Tim\Eigene Dateien\ws.js
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVMFBoxMonitor] "C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: EasyToolz.lnk = C:\Dokumente und Einstellungen\Tim\Eigene Dateien\Downloads\easytoolz\EasyToolz.exe
O4 - Global Startup: Antivir.lnk = C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
O4 - Global Startup: FMS Crusader.lnk = C:\Programme\BayCom\FMSCrusaderV4-51\FMSCrusaderV4-51.jar
O4 - Global Startup: ZoneAlarm Security.lnk = C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9B54D52-5E09-47A8-B546-93CE174C03D5}: NameServer = 192.168.178.1
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Programme\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Programme\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7628 bytes
 

SW Firewalls sind generell nicht empfehlenswert!!!

Im Off topic war dazu mal ein Thread, kannst ihn ja mal suchen.

 

genau

Hi ich hoffe mir kann hier jemand helfen, ich hab auch das problem, dass ich dauernd die meldung bekomme "danger trojaner horses......"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:31, on 28.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
E:\Programme\Java\jre1.6.0_05\bin\jusched.exe
E:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
E:\Programme\HP\HP Software Update\HPWuSchd2.exe
E:\Programme\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programme\Messenger\MSMSGS.EXE
E:\Programme\DAEMON Tools\daemon.exe
E:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
E:\Programme\ASCOMP Software\Orga-Nicer\organicer.exe
E:\Programme\OpenOffice.org 2.3\program\soffice.exe
E:\Programme\OpenOffice.org 2.3\program\soffice.BIN
E:\Programme\a-squared Free\a2service.exe
E:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\system32\svchost.exe
E:\Programme\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
E:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Programme\MATLAB\R2006a\bin\win32\MATLAB.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Programme\iPod\bin\iPodService.exe
E:\WINDOWS\System32\alg.exe
E:\Programme\ATI Technologies\ATI.ACE\cli.exe
E:\Programme\ATI Technologies\ATI.ACE\cli.exe
E:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Programme\ICQ6\ICQ.exe
C:\PSpice9\PSpice\simsrvr.exe
E:\Programme\Microsoft Virtual PC\Virtual PC.exe
E:\Programme\Mozilla Firefox\firefox.exe
E:\Programme\Spyware Doctor\pctsAuxs.exe
E:\Programme\Spyware Doctor\pctsSvc.exe
E:\Programme\Spyware Doctor\pctsTray.exe
E:\Programme\Trend Micro\HijackThis\HijackThis.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R3 - URLSearchHook: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - E:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - E:\Programme\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - E:\WINDOWS\system32\oggsys.dll
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [avgnt] "E:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] E:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "E:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = E:\Programme\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Orga-Nicer.lnk = E:\Programme\ASCOMP Software\Orga-Nicer\organicer.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - E:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - E:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{25375B44-F79E-4DA4-B5E4-D21F88F2A2C2}: NameServer = 141.30.66.135,141.30.204.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{25375B44-F79E-4DA4-B5E4-D21F88F2A2C2}: NameServer = 141.30.66.135,141.30.204.3
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\Programme\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - E:\Programme\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - E:\Programme\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Programme\Spyware Doctor\pctsSvc.exe

--
End of file - 8614 bytes


Ich hoffe dass einer dort was deuten kann. Danke

@skha
wie hast du das den hinbekommen www.computerhilfen.de  ???
..sieht so aus (für mich) als seiest du gehackt worden!
..mal schaun was andere noch dazu sagen. 

woran siehst du das? Ich hab jetzt schon sämtlichem Anitspyware-müll probiert (ok vielleicht nicht alles ^^) aber nix hilft gegen den mist 
 

@ skha
..das steht in deiner logfile..do you know this ip adress..cause it knows you..das ist was ich dazu sagen würde...