Mich hats Erwischt!
 

Hallo Leute! :)
Nachdem mein Rechner im Internet merkwürdig langsam unterwegs war, habe ich mal escan drüberlaufen lassen. :snyper:
Folgendes Ergebnis:

Wed Sep 14 22:56:21 2005 => Offending value found in HKCU\Software\gnu !!!
Wed Sep 14 22:56:21 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\gnu !!!
Wed Sep 14 22:56:45 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Wed Sep 14 22:56:49 2005 => Offending value found in HKCU\Software\freshdevices !!!
Wed Sep 14 22:56:49 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\freshdevices !!!
Wed Sep 14 22:56:49 2005 => Offending Folder found: C:\PROGRA~1\freshdevices
Wed Sep 14 22:56:49 2005 => Object "Fresh Devices Spyware/Adware" found in File System! Action Taken: No Action Taken.

Wed Sep 14 22:57:48 2005 => Offending file found: C:\WINDOWS\gpinstall.exe
Wed Sep 14 22:57:48 2005 => System found infected with Conducent FlexPak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken.

Wed Sep 14 23:50:01 2005 => Total Objects Scanned: 36119
Wed Sep 14 23:50:01 2005 => Total Virus(es) Found: 3
Wed Sep 14 23:50:01 2005 => Total Disinfected Files: 0
Wed Sep 14 23:50:01 2005 => Total Files Renamed: 0
Wed Sep 14 23:50:01 2005 => Total Deleted Objects: 0
Wed Sep 14 23:50:01 2005 => Total Errors: 40
Wed Sep 14 23:50:01 2005 => Time Elapsed: 00:52:38
Wed Sep 14 23:50:01 2005 => Virus Database Date: 2005/09/14
Wed Sep 14 23:50:01 2005 => Virus Database Count: 149304

(da bei mir mit win98 die find.bat nicht funktioniert, hab ich den Log-Text als Laie selber durchsucht.)

HijackThis meldet folgendes:

Logfile of HijackThis v1.99.1
Scan saved at 01:01:24, on 15.09.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAMME\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
D:\PROGS\HIJACKTHIS1977\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.gmx.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\PROGRAMME\ADOBE\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Programme\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O16 - DPF: Yahoo! Chess - h**p://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - h**p://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - h**tp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: Yahoo! MahJong Solitaire - h**p://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: Yahoo! Backgammon - h**p://download.games.yahoo.com/games/clients/y/at1_x.cab

Ich hoffe hier ist jemand, der aus dem ganzen Infos schlauer wird als ich :(

Hab ich was drauf? (Denk mal schon)
Aber was?
Und wie entfernen?

Bin für jede Hilfe Dankbar!!!
:party:

Hallo Skylite,

IMHO sind dies Fehlalarme:
http://www.spywaredata.com/spyware/m...dcatch.dll.php
http://64.233.183.104/search?q=cache...tall.exe&hl=de
http://www.mcse.ms/message785995.html

Du kannst diese Datei.
C:\WINDOWS\gpinstall.exe

hier online scannen:
http://virusscan.jotti.org/de

dartus

Das ist ja eine Gute Nachricht! :huepp:
Ich lösch halt trotzdem schnell, sicherheitshalber und hoffe das dann alles Roger iss.
Vielen Dank für deine Hilfe!!! :party:
Stehe in eurer Schuld!
:)
Gruß
Andy