Mein Rechner schmiert voll ab! Hilfe bitte!!

[trendyandy]

Hi Leute!
seit kurzer zeit geht bei meinem Rechner nach ca. 10-15 minuten nach start nix mehr. hab dann 100% systemleistung obwohl diese kein prozess saugt.
hab schon alles nach viren und spyware mit aktuellem virenscanner und spybot durchsucht.
hab jetzt folgendes hijack logfile erstellt:

[QUOTE]

Code:

ogfile of HijackThis v1.99.1
Scan saved at 19:19:47, on 23.05.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
G:\antivir\AVGUARD.EXE
G:\antivir\AVWUPSRV.EXE
g:\AlienGUIse\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\rundll32.exe
G:\SpeedTouch USB\Dragdiag.exe
G:\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
G:\antivir\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
G:\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\System32\wuauclt.exe
G:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "g:\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MBM 5] "G:\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [LiveMonitor] C:\Programme\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] G:\antivir\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Verknüpfung mit volume control.lnk = E:\programme & sonstiges\volume control.exe
O4 - Global Startup: CoreCenter.lnk = G:\corecenter\CoreCenter.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = G:\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: DigiCell.lnk = C:\Programme\MSI\DigiCell\DigiCell.exe
O4 - Global Startup: Microsoft Office.lnk = G:\office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = G:\post\PsnLite.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\office\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1115393039864
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O20 - Winlogon Notify: WB - g:\AlienGUIse\fastload.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\antivir\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\antivir\AVWUPSRV.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - G:\tuneup\WinStylerThemeSvc.exe

/QUOTE]

Ich hoffe mir kann jemand helfen!!

[Speedy]

hi

scanne das system mit escan
1) download das programm von Microworld
2) entpacke die datei mwav.exe oder mwav.zip in den ordner c:\bases
sollte das zip-programm dies nicht in einem schritt zulassen, so muss der ordner c:\bases manuell genau so angelegt werden.
3) nun wird der windows-explorer geöffnet und mit einem doppelklick auf die datei kavupd.exe
wird das update gestartet. auf meinem system (windowsxpsp2) wird sofort ein ordner C:\Download erstellt, der nach dem update
ca. 110 datein und ca. 5 MB groß ist, ein weiterer ordner c:\Bases_X wurde ebefalls erstellt, inhalt 105 datein und ebefalls 5 MB groß
im ordner c:\bases sind 133 datein mit ca. 7,4 MB
4) wechsle in den abgesicherten modus von windows
5) öffne nun wieder den explorer, gehe zum ordner c:\bases und starte die datei mwavscan.com, schließe den explorer.
6) überprüfe die einstellungen, unter scan option-->memory, startup folders, registry, system folders und services (auswahl) und scan all files sollte aktiviert sein, dann den button *SCAN* drücken.

7) wenn der scan beendet ist (dauert ca. 1 Stunde), wechselst du zurück in den normalen modus.
8) nun öffnest du mit dem editor, die mwav.txt oder mwav.log und wählst unter bearbeiten -> suchen, hier gibst du infected ein



jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
und ganz unten steht die zusammenfassung, diese auch hier posten

Wed Oct 06 03:19:24 2004 => Total Number of Files Scanned: 54651
Wed Oct 06 03:19:24 2004 => Total Number of Virus(es) Found: 0
Wed Oct 06 03:19:24 2004 => Total Number of Disinfected Files: 0
Wed Oct 06 03:19:24 2004 => Total Number of Files Renamed: 0
Wed Oct 06 03:19:24 2004 => Total Number of Deleted Files: 0
Wed Oct 06 03:19:24 2004 => Total Number of Errors: 0
Wed Oct 06 03:19:24 2004 => Time Elapsed: 01:13:32
Wed Oct 06 03:19:24 2004 => Virus Database Date: 2004/10/05
Wed Oct 06 03:19:24 2004 => Virus Database Count: 105164

Wed Oct 06 03:19:24 2004 => Scan Completed.

[trendyandy]

so, der scan hat nun folgendes herausgefunden:

Code:

Mon May 23 21:44:44 2005 => System found infected with IBIS Spyware/Adware ({fb45c451-b0e9-4407-bb6a-9361013f3e9a})! Action taken: No Action Taken.
Mon May 23 21:44:44 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:44 2005 => System found infected with IBIS Spyware/Adware ({6e21f428-5617-47f7-aed8-b2e1d8fba711})! Action taken: No Action Taken.
Mon May 23 21:44:44 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with IBIS Spyware/Adware ({310cc549-4541-46a9-940f-52b342a6e682})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with IBIS Spyware/Adware ({bbf122a7-8a4d-45b5-9e00-0f68bc87c904})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with IBIS Spyware/Adware ({8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with IBIS Spyware/Adware ({cae0999f-78c5-49dc-9f30-13142aaaaba4})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with IBIS Spyware/Adware ({708be496-e202-497b-bc31-9cf47e3bf8d6})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with IBIS Spyware/Adware ({ff76a5da-6158-4439-99ff-edc1b3fe100c})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with IBIS Spyware/Adware ({339bb23f-a864-48c0-a59f-29ea915965ec})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with SideFind Spyware/Adware ({8cba1b49-8144-4721-a7b1-64c578c9eed7})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with SideFind Spyware/Adware ({339d8aff-0b42-4260-ad82-78ce605a9543})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with SideFind Spyware/Adware ({a36a5936-cfd9-4b41-86bd-319a1931887f})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with Bargain Buddy Spyware/Adware ({c6906a23-4717-4e1f-b6fd-f06ebed15678})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with Bargain Buddy Spyware/Adware ({8eee58d5-130e-4cbd-9c83-35a0564e5678})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:45 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken.
Mon May 23 21:44:45 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:46 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Mon May 23 21:44:46 2005 => Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:46 2005 => Offending value found in HKLM\Software\microsoft\sidefind !!!
Mon May 23 21:44:46 2005 => Object "sidefind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:47 2005 => Offending Folder C:\DOKUME~1\ALLUSE~1\STARTM~1\PROGRA~1\WEBSEA~1 present...
Mon May 23 21:44:47 2005 => Object "HuntBar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:47 2005 => Offending value found in HKLM\Software\toolbar !!!
Mon May 23 21:44:47 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\toolbar !!!
Mon May 23 21:44:47 2005 => Object "HuntBar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:47 2005 => Offending value found in HKLM\Software\wintools !!!
Mon May 23 21:44:47 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:47 2005 => Offending value found in HKLM\Software\powerscan !!!
Mon May 23 21:44:47 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\powerscan !!!
Mon May 23 21:44:47 2005 => Object "powerscan Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:47 2005 => Offending value found in HKLM\Software\mm !!!
Mon May 23 21:44:47 2005 => Object "MediaMotor Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:47 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\policies\ameopt !!!
Mon May 23 21:44:47 2005 => Object "ameopt Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:47 2005 => Offending value found in HKCU\Software\ist !!!
Mon May 23 21:44:47 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\ist !!!
Mon May 23 21:44:47 2005 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:47 2005 => Offending value found in HKCU\Software\avenue media !!!
Mon May 23 21:44:47 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\avenue media !!!
Mon May 23 21:44:47 2005 => Offending value found in HKLM\Software\policies\avenue media !!!
Mon May 23 21:44:47 2005 => Object "180Solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:47 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Mon May 23 21:44:47 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:47 2005 => Offending Folder C:\WINDOWS\ELITET~1 present...
Mon May 23 21:44:47 2005 => Object "EliteBar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:47 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\elitebar internet explorer toolbar !!!
Mon May 23 21:44:47 2005 => Object "EliteBar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:47 2005 => Offending value found in HKCU\Software\lq !!!
Mon May 23 21:44:47 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\lq !!!
Mon May 23 21:44:47 2005 => Object "EliteBar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:48 2005 => System found infected with eZula Spyware/Adware (instsrv.exe)! Action taken: No Action Taken.
Mon May 23 21:44:48 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:57 2005 => System found infected with WindUpdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.
Mon May 23 21:44:57 2005 => Object "WindUpdate Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:57 2005 => System found infected with powerscan Spyware/Adware (powerscan.exe)! Action taken: No Action Taken.
Mon May 23 21:44:57 2005 => Object "powerscan Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:44:58 2005 => System found infected with ISTsvc Spyware/Adware (shortcuts.txt)! Action taken: No Action Taken.
Mon May 23 21:44:58 2005 => Object "ISTsvc Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon May 23 21:45:10 2005 => Entry "HKCR\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC}" refers to invalid object "C:\Programme\Toolbar\toolbar.dll". Action Taken: No Action Taken.

Mon May 23 21:45:14 2005 => Entry "HKCR\CLSID\{69357D4E-BF4D-4651-91E9-52ECD45A0128}" refers to invalid object "c:\Programme\Toolbar\common.dll". Action Taken: No Action Taken.

Mon May 23 21:45:16 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.

Mon May 23 21:45:16 2005 => Entry "HKCR\CLSID\{8952A998-1E7E-4716-B23D-3DBE03910972}" refers to invalid object "C:\Programme\Toolbar\toolbar.dll". Action Taken: No Action Taken.

Mon May 23 21:45:18 2005 => Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.

Mon May 23 21:45:25 2005 => Entry "HKCR\CLSID\{F1616B86-9288-489D-B71A-0CCF2F1A89DA}" refers to invalid object "C:\Programme\Toolbar\toolbar.dll". Action Taken: No Action Taken.

Mon May 23 21:45:25 2005 => Entry "HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}" refers to invalid object "C:\WINDOWS\System32\msbe.dll". Action Taken: No Action Taken.

Mon May 23 21:45:26 2005 => Entry "HKCR\CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C}" refers to invalid object "C:\Programme\Toolbar\toolbar.dll". Action Taken: No Action Taken.

Mon May 23 21:53:54 2005 => Scanning File C:\Dokumente und Einstellungen\TrendyAndy\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6PLMFAL4\infected6xz[1].gif

Mon May 23 22:05:06 2005 => File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CTMNQ9GD\istdownload[1].exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus! Action Taken: No Action Taken.

Mon May 23 22:05:07 2005 => File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MN4V4ZQN\istbarcm[1].dll infected by "Trojan-Downloader.Win32.IstBar.ik" Virus! Action Taken: No Action Taken.

Mon May 23 22:05:08 2005 => File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MN4V4ZQN\WinTS[1].cab infected by "Trojan-Downloader.Win32.Wintool.f" Virus! Action Taken: No Action Taken.

Mon May 23 22:08:31 2005 => File C:\WINDOWS\Temp\frVS8o8.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus! Action Taken: No Action Taken.

Mon May 23 22:08:31 2005 => File C:\WINDOWS\Temp\istinstall_157768.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Mon May 23 22:08:31 2005 => File C:\WINDOWS\Temp\loud.exe tagged as "not-a-virus:AdWare.WinAD.i". Action Taken: No Action Taken.

Mon May 23 22:08:31 2005 => File C:\WINDOWS\Temp\mmxtommyexe.exe tagged as "not-a-virus:AdWare.MediaMotor.a". Action Taken: No Action Taken.

Mon May 23 22:08:31 2005 => File C:\WINDOWS\Temp\powerscan.exe tagged as "not-a-virus:AdWare.PowerScan.d". Action Taken: No Action Taken.

Tue May 24 18:44:08 2005 => System found infected with IBIS Spyware/Adware ({fb45c451-b0e9-4407-bb6a-9361013f3e9a})! Action taken: No Action Taken.
Tue May 24 18:44:08 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:09 2005 => System found infected with IBIS Spyware/Adware ({6e21f428-5617-47f7-aed8-b2e1d8fba711})! Action taken: No Action Taken.
Tue May 24 18:44:09 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:09 2005 => System found infected with IBIS Spyware/Adware ({310cc549-4541-46a9-940f-52b342a6e682})! Action taken: No Action Taken.
Tue May 24 18:44:09 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:09 2005 => System found infected with IBIS Spyware/Adware ({bbf122a7-8a4d-45b5-9e00-0f68bc87c904})! Action taken: No Action Taken.
Tue May 24 18:44:09 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:09 2005 => System found infected with IBIS Spyware/Adware ({8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3})! Action taken: No Action Taken.
Tue May 24 18:44:09 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:09 2005 => System found infected with IBIS Spyware/Adware ({cae0999f-78c5-49dc-9f30-13142aaaaba4})! Action taken: No Action Taken.
Tue May 24 18:44:09 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:09 2005 => System found infected with IBIS Spyware/Adware ({708be496-e202-497b-bc31-9cf47e3bf8d6})! Action taken: No Action Taken.
Tue May 24 18:44:09 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:09 2005 => System found infected with IBIS Spyware/Adware ({ff76a5da-6158-4439-99ff-edc1b3fe100c})! Action taken: No Action Taken.
Tue May 24 18:44:09 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:09 2005 => System found infected with IBIS Spyware/Adware ({339bb23f-a864-48c0-a59f-29ea915965ec})! Action taken: No Action Taken.
Tue May 24 18:44:09 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:09 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Tue May 24 18:44:09 2005 => Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:09 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken.
Tue May 24 18:44:09 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:11 2005 => Offending Folder C:\DOKUME~1\ALLUSE~1\STARTM~1\PROGRA~1\WEBSEA~1 present...
Tue May 24 18:44:11 2005 => Object "HuntBar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:11 2005 => Offending value found in HKLM\Software\toolbar !!!
Tue May 24 18:44:11 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\toolbar !!!
Tue May 24 18:44:11 2005 => Object "HuntBar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:11 2005 => Offending value found in HKLM\Software\wintools !!!
Tue May 24 18:44:11 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:11 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\policies\ameopt !!!
Tue May 24 18:44:11 2005 => Object "ameopt Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:11 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\lq !!!
Tue May 24 18:44:11 2005 => Object "EliteBar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:12 2005 => System found infected with powerscan Spyware/Adware (powerscan.exe)! Action taken: No Action Taken.
Tue May 24 18:44:12 2005 => Object "powerscan Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:13 2005 => System found infected with ISTsvc Spyware/Adware (shortcuts.txt)! Action taken: No Action Taken.
Tue May 24 18:44:13 2005 => Object "ISTsvc Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue May 24 18:44:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Far Cry\Profiles\player\player_profiles_placeholder.txt". Action Taken: No Action Taken.

Tue May 24 18:44:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Far Cry\Profiles\player\default\default_profile_placeholder.txt". Action Taken: No Action Taken.

Tue May 24 18:44:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Far Cry\Profiles\player\default\savegames\savegames_placeholder.txt". Action Taken: No Action Taken.

Tue May 24 18:44:24 2005 => Entry "HKCR\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC}" refers to invalid object "C:\Programme\Toolbar\toolbar.dll". Action Taken: No Action Taken.

Tue May 24 18:44:28 2005 => Entry "HKCR\CLSID\{69357D4E-BF4D-4651-91E9-52ECD45A0128}" refers to invalid object "c:\Programme\Toolbar\common.dll". Action Taken: No Action Taken.

Tue May 24 18:44:30 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.

Tue May 24 18:44:30 2005 => Entry "HKCR\CLSID\{8952A998-1E7E-4716-B23D-3DBE03910972}" refers to invalid object "C:\Programme\Toolbar\toolbar.dll". Action Taken: No Action Taken.

Tue May 24 18:44:32 2005 => Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.

Tue May 24 18:44:39 2005 => Entry "HKCR\CLSID\{F1616B86-9288-489D-B71A-0CCF2F1A89DA}" refers to invalid object "C:\Programme\Toolbar\toolbar.dll". Action Taken: No Action Taken.

Tue May 24 18:44:39 2005 => Entry "HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}" refers to invalid object "C:\WINDOWS\System32\msbe.dll". Action Taken: No Action Taken.

Tue May 24 18:44:40 2005 => Entry "HKCR\CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C}" refers to invalid object "C:\Programme\Toolbar\toolbar.dll". Action Taken: No Action Taken.

Tue May 24 18:58:43 2005 => File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CTMNQ9GD\istdownload[1].exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus! Action Taken: No Action Taken.

Tue May 24 18:58:45 2005 => File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MN4V4ZQN\istbarcm[1].dll infected by "Trojan-Downloader.Win32.IstBar.ik" Virus! Action Taken: No Action Taken.

Tue May 24 19:02:03 2005 => File C:\WINDOWS\Temp\frVS8o8.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus! Action Taken: No Action Taken.

Tue May 24 19:02:03 2005 => File C:\WINDOWS\Temp\istinstall_157768.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Tue May 24 20:19:41 2005 => Total Objects Scanned: 128959
Tue May 24 20:19:41 2005 => Total Virus(es) Found: 42
Tue May 24 20:19:41 2005 => Total Disinfected Files: 0
Tue May 24 20:19:41 2005 => Total Files Renamed: 0
Tue May 24 20:19:41 2005 => Total Deleted Objects: 0
Tue May 24 20:19:41 2005 => Total Errors: 185
Tue May 24 20:19:41 2005 => Time Elapsed: 01:35:48
Tue May 24 20:19:42 2005 => ***** Scanning complete. *****
Tue May 24 20:19:42 2005 => Virus Database Date: 2005/05/23
Tue May 24 20:19:42 2005 => Virus Database Count: 131254
 
Tue May 24 20:19:42 2005 => Scan Completed.

so, das is alles. is schon etwas viel!
mich wundert ja das mein normaler virenscanner antivir nichts gefunden hat!
außerdem spinnt nun eine partition meiner festplatte nachdem ich aus dem abgesicherten modus in den normalen modus gewechselt hab.
wenn ich nun die partition öffnen möchte behandelt sie mein pc wie eine neue festplatte d.h. er will sie andauernd formatieren!! woran kann das liegen?
und was ist nun mit den ganzen viren die Escan gefunden hat? BITTE HELFT MIR!!!!

[Ruby]

Hallo Trendyandy,

dass dein Rechner abschmiert, wundert mich bei der Menge an Adware kein bisschen.
Sei bitte so nett und lade diese Files hoch:

C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MN4V4ZQN\istbarcm[1].dll C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MN4V4ZQN\WinTS[1].cab C:\WINDOWS\Temp\frVS8o8.exe
C:\WINDOWS\Temp\istinstall_157768.exe
C:\WINDOWS\Temp\loud.exe
C:\WINDOWS\Temp\mmxtommyexe.exe
C:\WINDOWS\Temp\powerscan.exe
C:\WINDOWS\Temp\frVS8o8.exe
C:\WINDOWS\Temp\istinstall_157768.exe

zu ST-Adware-Upload

Lass uns wissen, ob der Upload gelungen ist.
Dann können wir weitermachen und dir Hilfestellung geben, um diese Malware-sammlung wieder von deinem System herunter zu bekommen.

[trendyandy]

so, hab folgendes ergebnis:

Code:

istbarcm[1].dll 77312 Bytes 
 Noch nicht bearbeitet 
powerscan.exe 71680 Bytes 
Unsere Antwort: Adware.PowerScan Bearbeitung abgeschlossen 
frVS8o8.exe 22528 Bytes 
Unsere Antwort: Trojan-Downloader.Istbar Bearbeitung abgeschlossen 
istinstall_157768.exe 4096 Bytes 
Unsere Antwort: Trojan-Downloader.Istbar Bearbeitung abgeschlossen

die anderen dateien konnten nicht hochgeladen werden da sie nicht existieren!
und was is mit meinem festplattenproblem? hat da keiner eine lösung?

[Ruby]

Hallo Trendyandy

nur weil du Dateien nicht findest, heisst das nicht, dass diese Dateien nicht existieren. Es heisst nur, dass sie sich in Nischen deines Systems verborgen halten, wo man sie nicht so ohne Weiteres herausbekommen kann. Ein ahnungsloser User meint dann, es gäbe sie nicht. Es gibt sie aber. Sie sorgen dafür, dass dein Rechner mit Spam zugemüllt wird und du denkst, du hättest ein Festplattenproblem. Wenn du ein Problem mit deiner Festplatte haben solltest, können wir dir nichthelfen: Hardware können wir über das Netz noch nicht reparieren ;-) Wir können dir aber helfen den Müll von deiner Festplatte zu kriegen, aber nur dann, wenn du unsere Ratschläge annimmst und ausführst. Wenn dir das zuviel Arbeit ist und du dazu keine Lust hast, schliesse ich den Thread.

Wichtiger Hinweis:

Die Systemwiederherstellung muss während aller Arbeiten am System deaktiviert sein, bis zur entgültigen Reinigung deines Systems.

Drucke diese Anweisung entweder aus oder speichere sie als *.txt-file,
da du gleich im abgesicherten Modusarbeiten wirst.

Folge den Nummern in der Reihenfolge:

1
Download und Anwendung:

1-1
CleanUp
1-2
Ad-Aware SE, installieren und updaten
1-3
Spybot Search & Destroy, installieren und updaten
1-4
CWShredder 2.14, installieren und updaten
1-5
Lade den EliteToolbar Remover V.1.3.0 als Zip runter,

erstelle einen neuen Ordner (Einführung in Windows)
"C:\ETR" und entpacke den EliteToolbar Remover V.1.3.0 mit allen Komponenten in diesen Ordner.
(kostenloses Zip-Programm SIMPLYZIP)
1-6
Lade die Killbox runter.
Installiere das Programm auf deinem Desktop.

2
Reinigung des Systems

1
Kannst du auf deinem System wirklich alles sehen? Überprüfe deine Einstellungen.

Im Windows-Explorer:
>Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren
und
>Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren.

2
Killbox starten
Einstellungen:
Replace on Reboot
Nun in die killbox reinkopieren/browsen:

g:\AlienGUIse\fastload.dll

Zusätzlich die Option "Use Dummy" auswählen,
das rote X drücken
die erste Meldung (Confirmation) mit Ja und die Zweite
dann mit Ja bestätigen, wenn alle Dateien in der Killbox sind.

Den Rechner neu aufstarten.

3
Boote in den abgesicherten Modus Windows und bleibe dort bis du bei Punkt 11 bist.

4
Schliesse alle Programme einschliesslich Internet Explorer.
Lass Hijackthis laufen, klick scan und setze ein Häkchen neben jeden dieser Einträge.
Drücke dann auf den Fix Button:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Beende das Programm HijackThis.

5
Reinige dein System sehr gründlich (Anleitung):

5-1
Die Quarantäne-Ordner der verschiedenen Antiviren-Programme müssen regelmäßig geleert werden. Der Quarantäne-Ordner bei AVG heisst "INFECTED", bei NORTON "Quarantine". Die Ordner mit dem Windows Explorer aufsuchen, anklicken um sie zu öffnen, den Inhalt markieren und löschen. Bitte danach den Papierkorb leeren!

5-2
START > ausführen (schreib): cleanmgr -> ok.
Vergewissere dich, dass die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) geleert werden.
Klicke ok.

5-3
START > ausführen (schreib): %temp% -> ok.
Mach das für jedes Benutzerkonto.
Du leerst damit den/die Ordner C:\DOKUME~1\Dein Name\LOKALE~1\Temp\

5-4
Auch die "Taschen" des Internet Explorers müssen regelmäßig geleert werden.

6
Schliesse alle Programme einschliesslich Internet Explorer.

7
Ad-Aware SE laufen lassen.
Alle roten X müssen grün gestellt werden.
Lass das Programm alles entfernen, was es findet.
Speichere das Logfile ab.
Leere nach dem Scan alle Verzeichnisse von Ad-Aware SE und die Quarantäne-Box.

8
Spybot Search & Destroy laufen lassen.
Geh auf "Advanced", unter Tools kannst du u.a. AktiveX deaktivieren.
Lass das Programm alles entfernen, was es findet.
Immunisiere dein System.

9
Lass CWShredder laufen
Klicke auf den fix-Button und lass das Programm dein System scannen und reinigen.

10
Ein Klick auf die Taste "Kill Elite Toolbar" setzt das Programm in Gang.

Es scannt nun Registry, Memory und untersucht den Rechner auf das
Vorhandensein bestimmter Malware. Wenn es fündig geworden ist, klappt ein
schwarzes DOS-Fensterchen auf und fragt ob du möchtest, dass ein File
gelöscht wird, ja oder nein. Du gibst ein "j" für "ja" ein und drückst auf [enter].
Nun scannt das Programm weiter.

Wenn der Scan zuende ist, bitte das Logfile
abspeichern über die Taste "Save Reg.log". Das Logfile zeigt eine Liste
der Autostart-Schlüssel, Unterschlüssel und der Werte der System Registry.

11
Boote in den normalen Modus.

12
Lass CleanUp laufen

"option" -> Wähle ‘custom’ -> Setze Häkchen bei:

* Cookies
* Prefetch
* Temp
* All users.

Drücke den 'cleanup' Button

13
Lass HijackThis laufen
Speichere das Logfile.

14
Vergib eine neue Startseite für den Internet Explorer.
Konfiguriere den IE sicher. Stelle ihn so ein, wie hier empfohlen: Sicherheitseinstellungen!


-> Poste das EliteToolbar Remover V.1.3.0 Logfile.
-> Poste das Ad-Aware SE Logfile.
-> Poste das HJT Logfile.

[trendyandy]

so, hier die 3 logfiles:

Code:

Logfile of HijackThis v1.99.1
Scan saved at 17:14:06, on 29.05.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
G:\antivir\AVGUARD.EXE
G:\antivir\AVWUPSRV.EXE
g:\AlienGUIse\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\rundll32.exe
G:\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\LXSUPMON.EXE
G:\antivir\AVGNT.EXE
C:\WINDOWS\System32\lexpps.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
G:\Graphics8\Programs\MFIndexer.exe
G:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "g:\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MBM 5] "G:\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [LiveMonitor] C:\Programme\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [AVGCtrl] G:\antivir\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Verknüpfung mit volume control.lnk = E:\programme & sonstiges\volume control.exe
O4 - Global Startup: CoreCenter.lnk = G:\corecenter\CoreCenter.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = G:\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: DigiCell.lnk = C:\Programme\MSI\DigiCell\DigiCell.exe
O4 - Global Startup: Microsoft Office.lnk = G:\office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = G:\post\PsnLite.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\office\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115393039864
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O16 - DPF: {F49DA492-7B88-463F-B389-CA9A02F6DA76} (Seagate SeaTools German Online) - http://www.seagate.com/support/disc/asp/tools/de/bin/npseatools.cab
O20 - Winlogon Notify: WB - g:\AlienGUIse\fastload.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\antivir\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\antivir\AVWUPSRV.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - G:\tuneup\WinStylerThemeSvc.exe

Code:

Ad-Aware SE Build 1.05
Logfile Created on:Sonntag, 29. Mai 2005 16:42:49
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):1 total references
IBIS Toolbar(TAC index:5):14 total references
MRU List(TAC index:0):19 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


29.05.2005 16:42:49 - Scan started. (Full System Scan)

 MRU List Object Recognized!
    Location:          : C:\Dokumente und Einstellungen\TrendyAndy\recent
    Description        : list of recently opened documents


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct3d


 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct3d


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct X


 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct X


 MRU List Object Recognized!
    Location:          : software\microsoft\directdraw\mostrecentapplication
    Description        : most recent application to use microsoft directdraw


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\directinput\mostrecentapplication
    Description        : most recent application to use microsoft directinput


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\directinput\mostrecentapplication
    Description        : most recent application to use microsoft directinput


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\internet explorer
    Description        : last download directory used in microsoft internet explorer


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\mediaplayer\preferences
    Description        : last playlist index loaded in microsoft windows media player


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\mediaplayer\preferences
    Description        : last playlist loaded in microsoft windows media player


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\microsoft management console\recent file list
    Description        : list of recent snap-ins used in the microsoft management console


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\windows\currentversion\applets\regedit
    Description        : last key accessed using the microsoft registry editor


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description        : list of recent programs opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description        : list of recently saved files, stored according to file extension


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs
    Description        : list of recent documents opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\windows\currentversion\explorer\runmru
    Description        : mru list for items opened in start | run


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\microsoft\windows media\wmsdk\general
    Description        : windows media sdk 


 MRU List Object Recognized!
    Location:          : S-1-5-21-1390067357-764733703-839522115-1004\software\winrar\dialogedithistory\extrpath
    Description        : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
    FilePath           : \SystemRoot\System32\
    ProcessID          : 160
    ThreadCreationTime : 29.05.2005 14:37:50
    BasePriority       : Normal


#:2 [csrss.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 212
    ThreadCreationTime : 29.05.2005 14:40:00
    BasePriority       : Normal


#:3 [winlogon.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 236
    ThreadCreationTime : 29.05.2005 14:40:01
    BasePriority       : High


#:4 [services.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 280
    ThreadCreationTime : 29.05.2005 14:40:02
    BasePriority       : Normal
    FileVersion        : 5.1.2600.1224 (xpsp2.030516-0318)
    ProductVersion     : 5.1.2600.1224
    ProductName        : Betriebssystem Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Anwendung für Dienste und Controller
    InternalName       : services.exe
    LegalCopyright     : © Microsoft Corporation. Alle Rechte vorbehalten.
    OriginalFilename   : services.exe

#:5 [lsass.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 292
    ThreadCreationTime : 29.05.2005 14:40:02
    BasePriority       : Normal
    FileVersion        : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion     : 5.1.2600.1106
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName       : lsass.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : lsass.exe

#:6 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 452
    ThreadCreationTime : 29.05.2005 14:40:04
    BasePriority       : Normal
    FileVersion        : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion     : 5.1.2600.0
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:7 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 476
    ThreadCreationTime : 29.05.2005 14:40:04
    BasePriority       : Normal
    FileVersion        : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion     : 5.1.2600.0
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:8 [explorer.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 740
    ThreadCreationTime : 29.05.2005 14:40:28
    BasePriority       : Normal
    FileVersion        : 6.00.2800.1221 (xpsp2.030511-1403)
    ProductVersion     : 6.00.2800.1221
    ProductName        : Betriebssystem Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Explorer
    InternalName       : explorer
    LegalCopyright     : © Microsoft Corporation. Alle Rechte vorbehalten.
    OriginalFilename   : EXPLORER.EXE

#:9 [ad-aware.exe]
    FilePath           : G:\Ad-Aware SE Personal\
    ProcessID          : 1020
    ThreadCreationTime : 29.05.2005 14:42:18
    BasePriority       : Normal
    FileVersion        : 6.2.0.206
    ProductVersion     : VI.Second Edition
    ProductName        : Lavasoft Ad-Aware SE
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-Aware SE Core application
    InternalName       : Ad-Aware.exe
    LegalCopyright     : Copyright © Lavasoft Sweden
    OriginalFilename   : Ad-Aware.exe
    Comments           : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 BargainBuddy Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{310cc549-4541-46a9-940f-52b342a6e682}

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{8952a998-1e7e-4716-b23d-3dbe03910972}

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{f1616b86-9288-489d-b71a-0ccf2f1a89da}

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{ff76a5da-6158-4439-99ff-edc1b3fe100c}

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\wintools

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 33


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33


Deep scanning and examining files (L:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for L:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33


Deep scanning and examining files (M:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Not Avaliable

Disk Scan Result for M:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 33




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 IBIS Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\toolbar

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 34

16:48:22 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:32.859
Objects scanned:168373
Objects identified:15
Objects ignored:0
New critical objects:15

Code:

Registry Log file generated by *** EliteToolbar Remover V.1.3.0 ***
29.05.2005 - 17:00:34

System info: 

OS Platform: Microsoft Windows 2000
OS Version: 5.01.2600
OS Update: Service Pack 1
CPU Maker: AuthenticAMD
CPU Model: x86 Family 15 Model 31 Stepping 0
CPU Speed: 1808 MHz


Running processes: 

[system process]         [SYSTEM]
system                   [SYSTEM]
smss.exe                 [\SystemRoot\System32\smss.exe]
csrss.exe                [SYSTEM]
winlogon.exe             [\??\C:\WINDOWS\system32\winlogon.exe]
services.exe             [C:\WINDOWS\system32\services.exe]
lsass.exe                [C:\WINDOWS\system32\lsass.exe]
svchost.exe              [C:\WINDOWS\system32\svchost.exe]
svchost.exe              [C:\WINDOWS\system32\svchost.exe]
explorer.exe             [C:\WINDOWS\Explorer.EXE]
etremover_v130.exe       [C:\ETR\ETRemover_v130.exe]


------------------------------------------
HKLM -> UserInit in NT:


DWORD: AutoRestartShell =  1

DefaultDomainName =  ANDREAS-GYP2H2G

DefaultUserName =  TrendyAndy

LegalNoticeCaption =  

LegalNoticeText =  

PowerdownAfterShutdown =  0

ReportBootOk =  1

Shell =  Explorer.exe

ShutdownWithoutLogon =  0

System =  

Userinit =  C:\WINDOWS\system32\userinit.exe,

VmApplet =  rundll32 shell32,Control_RunDLL "sysdm.cpl"

DWORD: SfcQuota =  -1

allocatecdroms =  0

allocatedasd =  0

allocatefloppies =  0

cachedlogonscount =  10

DWORD: forceunlocklogon =  0

DWORD: passwordexpirywarning =  14

scremoveoption =  0

DWORD: AllowMultipleTSSessions =  1

UIHost =  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe

DWORD: LogonType =  1

Background =  0 0 0

DebugServerCommand =  no

DWORD: SFCDisable =  0

WinStationsDisabled =  0

DWORD: HibernationPreviouslyEnabled =  1

DWORD: ShowLogonOptions =  0

AltDefaultUserName =  TrendyAndy

AltDefaultDomainName =  ANDREAS

AutoAdminLogon =  1

DefaultPassword =  



------------------------------------------
HKCU -> UserInit in NT:


ParseAutoexec =  1

ExcludeProfileDirs =  Lokale Einstellungen;Temporary Internet Files;Verlauf;Temp

DWORD: BuildNumber =  2600



------------------------------------------
HKLM -> UserInit:

* Registry key not found *

------------------------------------------
HKCU -> UserInit in NT:

* Registry key not found *

------------------------------------------
Running processes in NT / HKLM -> RUN (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in HKLM -> RUN (Autorun entries from Registry):


FinePrint Dispatcher v5 =  C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

BluetoothAuthenticationAgent =  rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

SpeedTouch USB Diagnostics =  "g:\SpeedTouch USB\Dragdiag.exe" /icon

MBM 5 =  "G:\Motherboard Monitor 5\MBM5.EXE"

LiveMonitor =  C:\Programme\MSI\Live Update 3\LMonitor.exe

LXSUPMON =  C:\WINDOWS\System32\LXSUPMON.EXE RUN

AVGCtrl =  G:\antivir\AVGNT.EXE /min



------------------------------------------
Running processes in HKLM -> RUNONCE (Autorun entries from Registry):

* No values found *

------------------------------------------
Running processes in HKLM -> RUNONCEEX (Autorun entries from Registry):

* No values found *

------------------------------------------
Running processes in HKLM -> RUNSERVICES (Autorun entries from Registry):

* No values found *

------------------------------------------
Running processes in HKLM -> RUNSERVICESONCE (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in NT / HKCU -> RUN (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in HKCU -> RUN (Autorun entries from Registry):


CTFMON.EXE =  C:\WINDOWS\System32\ctfmon.exe

MsnMsgr =  "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background



------------------------------------------
Running processes in HKCU -> RUNONCE (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in HKCU -> RUNONCEEX (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in HKCU -> RUNSERVICES (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in HKCU -> RUNSERVICESONCE (Autorun entries from Registry):

* Registry key not found *

------------------------------------------
Running processes in HKLM -> Browser Helper Objects:

------------------------------------------
Programs in HKLM -> Common Startup:

CoreCenter.lnk
Corel MEDIA FOLDERS INDEXER 8.LNK
DigiCell.lnk
Microsoft Office.lnk
Post-it® Software Notes Lite.lnk
 
------------------------------------------

ich hoffe ir könnt mir helfen

[Ruby]

Hallo Trendyandy

wenn du Hilfe möchtest, solltest du gut mitarbeiten und tun, um was du gebeten wirst: "Leere nach dem Scan alle Verzeichnisse von Ad-Aware SE und die Quarantäne-Box." Wenn du die Ordner von AdAware geleert hättest, stünden sie nun auf 0, da stehen sie aber nicht:

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:32.859
Objects scanned:168373
Objects identified:15
Objects ignored:0
New critical objects:15

Bitte suche die Ordner von AdAware SE auf und leere sie!

Wiederhole das Programm meines letzten Postings, bei deaktivierter Systemwiederherstellung, im aktivierten Modus.
Zeige uns die Ergebnisse in neuen Logfiles.

[trendyandy]

aber den quarantäneordner hab ich geleert!! welche ordner muss ich da noch leeren?
mfg

[Speedy]

hi, schau bei jedem antimalwareprogramm rein, ob es einen infectded ordner oder quarantäne-ordner gibt, leeren und mistkübel auch leeren !