Was im gottes NAmen habe ich da !!!!

Winnie the Pooh

erst den neuen LOG vom hijacker:

Logfile of HijackThis v1.99.0
Scan saved at 09:53:41, on 11.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Winamp\winampa.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Zone Labs\ZoneAlarm\zapro.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\WINNIE~1\LOKALE~1\Temp\Rar$EX00.516\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KAV50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] "C:\Programme\Purgatio Pro\checker.exe /check"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\eMule\emule.exe -AutoStart
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verknüpfung mit Internet Explorer.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {A96B6E31-C5EB-47DC-A479-545E58BFDDCE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {A96B6E31-C5EB-47DC-A479-545E58BFDDCE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1103656120109
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD9F767-4D56-4829-B5A3-4FCF2C093263}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D223D988-B19E-4922-8B1B-8BB2E04299C3}: NameServer = 217.237.149.161 217.237.151.225
O23 - Service: Adobe LM Service - Unknown - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: KLBLMain - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


so eleminiert habe ich:

Wed Feb 09 08:27:06 2005 => File C:\WINDOWS\system32\cersrv.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Feb 09 08:27:13 2005 => File C:\WINDOWS\system32\denlobby.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Feb 09 08:27:14 2005 => File C:\WINDOWS\system32\DILTPO32.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Feb 09 08:27:17 2005 => File C:\WINDOWS\system32\dnj4011qe.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Feb 09 08:27:17 2005 => File C:\WINDOWS\system32\dnkquoui.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Feb 09 08:27:18 2005 => File C:\WINDOWS\system32\DTnetlib.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Feb 09 08:27:19 2005 => File C:\WINDOWS\system32\e220lcfm1f2a.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Feb 09 08:27:20 2005 => File C:\WINDOWS\system32\en2ul1f91.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\en4ml1h11.dll
C:\WINDOWS\system32\en4ml1h11.dll
File C:\WINDOWS\system32\f42mlef11h2.dll
C:\WINDOWS\system32\f62mlgf1162.dll
C:\WINDOWS\system32\fp8003lme.dll
C:\WINDOWS\system32\fpl2033oe.dll
C:\WINDOWS\system32\gpj8l31u1.dll
C:\WINDOWS\system32\gpn4l35q1.dll
C:\WINDOWS\system32\hrjq0515e.dll
C:\WINDOWS\system32\i2600cjmefoa0.dll
C:\WINDOWS\system32\i4lole331h.dll

Das wars habe aber immer noch ein POPup was sich ewig Öffnet
!!!