Mein Ex-Freund liest im ICQ mit!!!!

Logfile of HijackThis v1.99.1
Scan saved at 22:06:18, on 05.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Sellgino\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\img32\csrss.exe
C:\WINDOWS\img32\services.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\vzones\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\WINDOWS\vzones\smss.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
c:\programme\logitech\quickcam\lu\lulnchr.exe
c:\programme\logitech\quickcam\lu\LogitechUpdate.e xe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\msn64.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~2\Notifier\Notifier.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\silvia\Eigene Dateien\Silvi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Yahoo! Deutschland
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programme\Share_Accelerator_MM\tbSha1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0F915410-4720-4490-9223-4BDB9DB04DF1} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {117F2D2A-7F9D-4082-870E-1998FBD47771} - C:\WINDOWS\system32\xmlprovj.dll (file missing)
O2 - BHO: {51bda1ad-e08c-de58-1d64-6ad605bc4d71} - {17d4cb50-6da6-46d1-85ed-c80eda1adb15} - C:\WINDOWS\system32\ucskqabw.dll (file missing)
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programme\Share_Accelerator_MM\tbSha1.dll
O2 - BHO: (no name) - {59BE096C-14B3-4E13-817C-EEB2BAF16F22} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926. 3450\swg.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programme\Share_Accelerator_MM\tbSha1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [qhgefrlt] C:\WINDOWS\system32\cvghmiii.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sellgino_PLUtil] C:\Programme\Sellgino\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [5c146d84] rundll32.exe "C:\WINDOWS\system32\dvkkcjlo.dll",sitypnow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccAppRemXP] C:\WINDOWS\msn64.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneGames] C:\WINDOWS\img32\csrss.exe
O4 - HKLM\..\Run: [ZoneGames32] C:\WINDOWS\img32\services.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - Startup: Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\QuickCam\eReg.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.partys-bei-uns.de
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://etalk.epson.de/netagent/objects/custappx3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - https://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://static.pe.studivz.net/photoup...che=1221055802
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - https://messenger.zone.msn.com/DE-DE/.../GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://static.ak.studivz.net/photoup...che=20071128-1
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - https://as.photoprintit.de/ips-opdata...PSUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAE88101-828B-49EC-A3DE-CF2340505BEA}: NameServer = 217.237.151.115 217.237.148.102
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: ddaya - C:\WINDOWS\system32\ddaya.dll (file missing)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll (file missing)
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

Uiuiui
gar nicht gut

diese Einträge auf alle Fälle mal fixen/beheben mit des gleichen Programm:

- C:\WINDOWS\img32\csrss.exe
- C:\WINDOWS\img32\services.exe
- C:\WINDOWS\vzones\services.exe
- C:\WINDOWS\vzones\smss.exe
- C:\WINDOWS\msn64.exe
- O2 - BHO: (no name) - {0F915410-4720-4490-9223-4BDB9DB04DF1} - C:\WINDOWS\system32\pmkjj.dll (file missing)
- O2 - BHO: (no name) - {117F2D2A-7F9D-4082-870E-1998FBD47771} - C:\WINDOWS\system32\xmlprovj.dll (file missing)
- O2 - BHO: {51bda1ad-e08c-de58-1d64-6ad605bc4d71} - {17d4cb50-6da6-46d1-85ed-c80eda1adb15} - C:\WINDOWS\system32\ucskqabw.dll (file missing)

- O2 - BHO: (no name) - {59BE096C-14B3-4E13-817C-EEB2BAF16F22} - C:\WINDOWS\system32\jkhfg.dll (file missing)
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
- O4 - HKLM\..\Run: [qhgefrlt] C:\WINDOWS\system32\cvghmiii.exe
- O4 - HKLM\..\Run: [Sellgino_PLUtil] C:\Programme\Sellgino\USB Flash Disk Utility\PLBkMon.exe
- O4 - HKLM\..\Run: [5c146d84] rundll32.exe "C:\WINDOWS\system32\dvkkcjlo.dll",sitypnow
- O4 - HKLM\..\Run: [ccAppRemXP] C:\WINDOWS\msn64.exe
- O4 - HKLM\..\Run: [ZoneGames] C:\WINDOWS\img32\csrss.exe
- O4 - HKLM\..\Run: [ZoneGames32] C:\WINDOWS\img32\services.exe
- O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

- O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

- O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/...oUploader5.cab

- O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://etalk.epson.de/netagent/objects/custappx3.cab

- O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://static.pe.studivz.net/photoup...che=1221055802

- O20 - Winlogon Notify: ddaya - C:\WINDOWS\system32\ddaya.dll (file missing)
- O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
- O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll (file missing)
- O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
- O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll (file missing)
- O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe

Noch nie gesehen sowas ... is ja irre

Also ich habe immer Avira AntiVir laufen und meine Firewall ist auch aktiv. Habe jetzt alles befolgt:

Logfile of HijackThis v1.99.1
Scan saved at 13:51:21, on 06.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~2\Notifier\Notifier.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Dokumente und Einstellungen\silvia\Eigene Dateien\Silvi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Yahoo! Deutschland
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programme\Share_Accelerator_MM\tbSha1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programme\Share_Accelerator_MM\tbSha1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926. 3450\swg.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programme\Share_Accelerator_MM\tbSha1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - Startup: Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\QuickCam\eReg.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.partys-bei-uns.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://etalk.epson.de/netagent/objects/custappx3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - https://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - https://messenger.zone.msn.com/DE-DE/.../GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://static.ak.studivz.net/photoup...che=20071128-1
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - https://as.photoprintit.de/ips-opdata...PSUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAE88101-828B-49EC-A3DE-CF2340505BEA}: NameServer = 217.237.151.115 217.237.148.102
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe


Gerade eben habe ich von AntiVir 2 Meldungen bekommen..jeweils ein Trojanisches Pferd. Hab das in Quarantäne verschoben.

Hey vielen Dank für die Hilfe!

Ich werd alle Passwörter ändern!

könntest zur not auch einfach mal nen anderen messanger nehmen wie qip trillian oder miranda.
vllt wird ihm dadurch sein bisheriger zugang dafür unbrauchbar.ein versuch wärs wert
dann befolge die ratschläge der anderen ^^
mfg
stulle

Zitat von Spyx

Ein anderer Messenger löst das Problem nicht, dass jmd. die Tastenanschläge auf dem PC spioniert.
Es wird ja nichts an ICQ selbst gemacht (das ist viel zu kompliziert).

Nach dem Einsatz von HijackThis und dem Ändern der Kennwörter sollte eigentlich Ruhe herrschen.

aber wenn jemand nebenbei nen keylogger laufen hat zeichnet der auch das neuangelegte passwort auf...
es gibt auch keylogger hardware die zwischen tatatur un hardware gesteckt wird...kannst ja mal schauen.
wenns nen programm ist müsste es avira eigendlich finden.. hab selbst nen keylogger aufn rechner (mal aus neugier geholt^^) un da schlägt avira schon beim setup alarm.
wenn garnichts hilft vllt mal radikalkur und system neuinstallieren dann is sicherlich alles weg^^
womit gehst du ins internet?hast ja gesagt kein wlan aber womit sonst? isdn, modem dsl modem...?!
mfg stulle

Hätte man da nich ein Unabhängiges Gutachten machen können und ihn verklagen können die verbindungen zu ihm sind doch bestimmt nachweisbar.
hätte vielleicht ja en wenig schmerzensgeld bei rausspringen können.