Trojaner-Board - bitte prüfen meine logs

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - bitte prüfen meine logs (https://www.trojaner-board.de/27334-bitte-pruefen-logs.html)

bitte prüfen meine logs

habe mir irgendwie den Spysheriff eingefangen.

habe es mit A2 und den hier gesagten Anleitungen probiert.

Leider habe ich wenn ich den Rechner neustarte immer so einen Sound der da nicht hingehört.

Logfile of HijackThis v1.99.1
Scan saved at 23:11:02, on 04.03.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Antivirus\Avast4\aswUpdSv.exe
C:\PROGRA~1\ANTIVI~1\Avast4\ashDisp.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Skype.exe
C:\Programme\Antivirus\Avast4\ashServ.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Programme\Brenner\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Antivirus\Avast4\ashWebSv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\GOA LADY\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Antivirus\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Antivirus\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Antivirus\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Antivirus\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Brenner\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [Version 5.1.2600]

Running from
C:\Dokumente und Einstellungen\GOA LADY\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

Und hier noch die Escan log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Mar 04 20:03:54 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Sat Mar 04 20:04:06 2006 => System found infected with hotbar Spyware/Adware (wbemess.lo_)! Action taken: No Action Taken.
Sat Mar 04 20:03:22 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 04 20:03:23 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 04 20:03:24 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Mar 04 20:03:24 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
Sat Mar 04 20:17:25 2006 => File C:\Dokumente und Einstellungen\GOA LADY\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-6b4f88b3.zip infected by "Trojan-Downloader.Java.OpenStream.w" Virus! Action Taken: No Action Taken.
Sat Mar 04 20:26:13 2006 => File C:\Programme\Daily Weather Forecast\weather.exe infected by "Trojan-Downloader.Win32.Centim.an" Virus! Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Sat Mar 04 20:03:54 2006 => Offending file found: C:\Dokumente und Einstellungen\GOA LADY\Anwendungsdaten\utorrent\settings.dat
Sat Mar 04 20:04:06 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\spybot - search & destroy\backups\wbemess.lo_
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
Sat Mar 04 20:40:45 2006 => File C:\Programme\Messenger\Super-Power-Script ST edition\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Sat Mar 04 21:31:23 2006 => File C:\WINDOWS\system32\cmdow.exe tagged as not-a-virus:RiskTool.Win32.HideWindows. No Action Taken.
Sat Mar 04 22:05:56 2006 => File F:\Klingeltöne\Jamba Collection\Jamba Collection\Jamba Collection\Handy Progs\ActiveViewer\vnc-3.3.7-x86_win32.zip tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken.
Sat Mar 04 22:14:57 2006 => File F:\Klingeltöne\Jamba Collection.rar tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken.
Sat Mar 04 22:28:09 2006 => File F:\Spiele\JewelQuestSetup-dm.exe tagged as "not-a-virus:AdWare.Win32.Trymedia.b". Action Taken: No Action Taken.
Sat Mar 04 22:28:14 2006 => File F:\Super-Power-Script-ST-Edition-by-Devil\Super-Power-Script ST edition\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Sat Mar 04 22:28:17 2006 => File F:\Super-Power-Script-ST-Edition-by-Devil.rar tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
Sat Mar 04 20:03:23 2006 => Offending Folder found: C:\Programme\limewire
Sat Mar 04 20:03:24 2006 => Offending Folder found: C:\Dokumente und Einstellungen\GOA LADY\Anwendungsdaten\limewire
Sat Mar 04 20:03:24 2006 => Offending Folder found: C:\Dokumente und Einstellungen\GOA LADY\Anwendungsdaten\meine die schlacht um mittelerde™ ii-dateien\save
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Sat Mar 04 20:03:16 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Mar 04 23:05:00 2006 => Total Errors: 48
Sat Mar 04 23:05:00 2006 => Time Elapsed: 03:01:46
Sat Mar 04 23:05:00 2006 => Total Objects Scanned: 97839
Sat Mar 04 20:01:05 2006 => Virus Database Date: 3/3/2006
Sat Mar 04 23:05:00 2006 => Virus Database Date: 3/3/2006
Sun Mar 05 02:10:12 2006 => Virus Database Date: 3/3/2006
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------
C:\Dokumente und Einstellungen\GOA LADY\Lokale Einstellungen\Temp\MWAV.LOG

HAbe jetzt schonmal die Limewire Schei... gelöscht, da ich weis das das da nichts zu suchen hatt. ist der Rechner von meiner Frau und ich musses wieder machen. Hoffe ihr könnt mir helfen.
--------------------------------------------------