Bloodhound.W32.EP

Dieses Thema Bloodhound.W32.EP im Forum "Viren, Trojaner, Spyware etc." wurde erstellt von Conni, 16. Juni 2005.

Thema: Bloodhound.W32.EP Hallo, ich hab mir wohl irgndwie einen Virus oder so eingefangen. Denn Norton meldet, dass er einen Virus entdeckt...

  1. Hallo,

    ich hab mir wohl irgndwie einen Virus oder so eingefangen. Denn Norton meldet, dass er einen Virus entdeckt hat. Namens Bloodhound.W32.EP in der C:\WINDOWS\System32\wininet.dll . Ich hab mich mal ein bisschen umgehört im Internet und hab rausgefunden, dass der Bloodhound.W32.EP ein Synonyim dafür ist, dass Norton kein Plan hat was das genau ist.

    Hab mal dieses HjackThis laufen lassen...

    Logfile of HijackThis v1.99.1
    Scan saved at 15:36:30, on 16.06.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    E:\apachefriends\xampp\FileZillaFTP\FileZillaServer.exe
    E:\Programme\Norton AntiVirus\navapsvc.exe
    E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\System32\svchost.exe
    E:\Programme\Logitech\Video\LogiTray.exe
    C:\Programme\Parallel Tasking\ptask.exe
    C:\Programme\QuickTime\qttask.exe
    E:\Programme\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programme\iPod\bin\iPodService.exe
    E:\spiele\steam\steam.exe
    E:\Programme\Yahoo!\Messenger\ypager.exe
    C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Programme\Silicon Image\SiISATARaid\SATARaid.exe
    E:\Programme\Logitech\Video\FxSvr2.exe
    E:\Programme\Spybot - Search & Destroy\SpybotSD.exe
    C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Programme\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Programme\Internet Explorer\iexplore.exe
    E:\Programme\WinRAR\WinRAR.exe
    C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Rar$EX00.735\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - E:\Programme\Desktop Sidebar\sbhelp.dll
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_38.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - E:\Programme\Ipswitch\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Programme\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programme\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programme\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] E:\Programme\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Parallel Tasking] C:\Programme\Parallel Tasking\ptask.exe
    O4 - HKLM\..\Run: [SLP6] C:\WINDOWS\ffeidwtj.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] E:\Programme\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [PSGuard] C:\Programme\PSGuard\PSGuard.exe
    O4 - HKCU\..\Run: [Steam] e:\spiele\steam\steam.exe -silent
    O4 - HKCU\..\Run: [Yahoo! Pager] E:\Programme\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [EarthWatcher] E:\Programme\EarthWatcher\EarthWatcher.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programme\Logitech\Video\ManifestEngine.exe boot
    O4 - HKCU\..\Run: [Google Desktop Search] C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe /startup
    O4 - Global Startup: SATARaid.lnk = ?
    O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - E:\Programme\Desktop Sidebar\sbhelp.dll
    O9 - Extra->Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - E:\Programme\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: concept/design's onlineTV - {60AD207E-F0A2-4A35-B10D-786B9280B728} - E:\Programme\onlineTV\onlineTV.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
    O9 - Extra->Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra->Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O10 - Broken Internet access because of LSP provider->xfire_lsp_10650.dll' missing
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104083981392
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - E:\apachefriends\xampp\FileZillaFTP\FileZillaServer.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - E:\Programme\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Programme\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe


    bitte helft diese Virendings los zu werden! Ich bin ahnungslos!
     
  2. Troj/Small-CJ
    http://www.wintotal.de/Spyware/index.php?Filter=P#Spyware4383
    am besten im abgesicherten Modus löschen

    New.Net Spyware
    http://www.wintotal.de/Spyware/index.php?Filter=N#Spyware1135
    am besten im abgesicherten Modus löschen

    könnte der Hewlett Packard LaserJet Drucker sein, falls du ihn besitzt (slp6 für Simplex-Druck), ansonsten fixen

    zu welchem Programm gehört diese dll? ???
    Winsock Repair Tool LSP-Fix http://cexx.org/lspfix.htm

    pan_fee
     
  3. Hey
    hier nochmal die aktuelle HiJackThis Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:09:35, on 16.06.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    E:\apachefriends\xampp\FileZillaFTP\FileZillaServer.exe
    E:\Programme\Norton AntiVirus\navapsvc.exe
    E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    E:\Programme\Yahoo!\Messenger\ypager.exe
    C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\NMain.exe
    C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Programme\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    E:\PROGRA~1\NORTON~1\navw32.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    E:\Programme\WinRAR\WinRAR.exe
    C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Rar$EX00.781\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - E:\Programme\Ipswitch\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Programme\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programme\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programme\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKCU\..\Run: [Yahoo! Pager] E:\Programme\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programme\Logitech\Video\ManifestEngine.exe boot
    O4 - HKCU\..\Run: [Google Desktop Search] C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe /startup
    O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra->Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: concept/design's onlineTV - {60AD207E-F0A2-4A35-B10D-786B9280B728} - E:\Programme\onlineTV\onlineTV.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
    O9 - Extra->Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra->Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O10 - Broken Internet access because of LSP provider->xfire_lsp_10650.dll' missing
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104083981392
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - E:\apachefriends\xampp\FileZillaFTP\FileZillaServer.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - E:\Programme\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Programme\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  4. sieht doch schon gut aus :)

    aber was ist xfire_lsp_10650.dll? ???
    pan_fee
     
  5. und jetzt?

    Logfile of HijackThis v1.99.1
    Scan saved at 14:51:48, on 22.06.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    E:\apachefriends\xampp\FileZillaFTP\FileZillaServer.exe
    E:\Programme\Norton AntiVirus\navapsvc.exe
    E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    E:\Programme\Yahoo!\Messenger\ypager.exe
    C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Programme\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    E:\Programme\iTunes\iTunes.exe
    E:\Programme\iTunes\Plug-ins\SIGServer.exe
    C:\Programme\iPod\bin\iPodService.exe
    E:\Programme\Thunderbird\thunderbird.exe
    E:\Programme\WinRAR\WinRAR.exe
    C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Rar$EX00.078\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    E:\Programme\Spybot - Search & Destroy\SpybotSD.exe
    E:\Programme\WinRAR\WinRAR.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - E:\Programme\Ipswitch\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Programme\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programme\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programme\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKCU\..\Run: [Yahoo! Pager] E:\Programme\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programme\Logitech\Video\ManifestEngine.exe boot
    O4 - HKCU\..\Run: [Google Desktop Search] C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe /startup
    O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra->Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: concept/design's onlineTV - {60AD207E-F0A2-4A35-B10D-786B9280B728} - E:\Programme\onlineTV\onlineTV.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
    O9 - Extra->Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra->Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104083981392
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - E:\apachefriends\xampp\FileZillaFTP\FileZillaServer.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - E:\Programme\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Programme\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe



    PS.
    virus ist immer noch da :(
     
  6. Log ist OK

    evtl. doch nur ein Fehlalarm ???

    In den Eigenschaften - Version von wininet.dll steht bei mir Interneterweiterungen für Win32 und ist 648 KB groß.

    [​IMG]

    pan_fee