Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: logfile nach virus?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 10.09.2007, 01:58   #1
tina_ri
 
logfile nach virus? - Standard

logfile nach virus?



ich habe dummerweise einen msn-virus angeklickt. hier nun meine log-file und die frage ob eine aufsetzung erforderlich ist?

vielen dank.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:43:12, on 10.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\MySpace\IM\MySpaceIM.exe
C:\Programme\CASIO\Photo Loader\Plauto.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Option\GlobeTrotter Mobility Manager\GlobeTrotter Mobility Manager.exe
C:\Programme\Option\GlobeTrotter Mobility Manager\VirtualWirelessDevice.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig?hl=de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programme\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programme\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tbon] C:\Programme\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader resident.lnk = C:\Programme\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://l00kl23.com/default.cab?uid=61&id=51330&1s&ex&ppd=4&tag=32
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://de.errorsafe.com/pages/scanner_de/ErrorSafeScannerInstallDE.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C15B519-4427-4CE1-AB2B-62C14A209A3B}: NameServer = 10.12.0.1
O18 - Protocol: bw+0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)

Alt 10.09.2007, 01:59   #2
tina_ri
 
logfile nach virus? - Standard

logfile nach virus?



O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programme\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 25367 bytes
__________________


Alt 10.09.2007, 02:52   #3
KarlKarl
/// Helfer-Team
 
logfile nach virus? - Standard

logfile nach virus?



Hi,

von den üblichen MSN-Würmern entdecke ich da nichts, Glück gehabt, da ist meistens Neuaufsetzen angesagt. Aber ein paar andere Sachen, die aber nicht ganz so dramatisch sind.

In HijackThis vor folgende Zeile(n) einen Haken machen und dann "Fix checked" klicken, dabei alle anderen Programme (besonders Webbrowser) geschlossen haben:
Code:
ATTFilter
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://l00kl23.com/default.cab?uid=61&id=51330&1s&ex&ppd=4&tag=32
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://de.errorsafe.com/pages/scanner_de/ErrorSafeScannerInstallDE.cab
         
Die erste ist ein Dialer, die zweite die Installation eines betrügerischen Pseudoscanners.

Dann schau mal in Systemsteuerung -> Software, ob es dort Bestoffers gibt. Wenn ja: deinstallieren.

Lade und installiere (soweit noch nicht vorhanden) Spybot S&D . Darauf achten, dass der residente Teatimer nicht installiert wird. Alle Updates laden. Im Anschluss daran in den abgesicherten Modus gehen. Spybot laufen lassen, alle Funde entfernen lassen, Log speichern. Dazu nach dem Entfernen der Funde im Ergebnisfenster rechte Maustaste -> "Ergebnisse in Datei speichern". Danach zurück in den normalen Modus und das Log posten.

Ebenfalls einmal dein schon vorhandenes Adaware nutzen.

Die Javaversion auf deinem Rechner ist veraltet. Die muss aktualisiert werden. Dazu in Systemsteuerung -> Software alle alten Versionen deinstallieren, von http://www.trojaner-board.de/105213-java-update-einstellungen.html]Java Update[/URL] die aktuelle "Java Runtime Environment (JRE) 6u2" runterladen und installieren.

Dann noch mal ein frisches HijackThis bitte.

Gruß, Karl
__________________

Alt 10.09.2007, 12:20   #4
tina_ri
 
logfile nach virus? - Standard

logfile nach virus?



habe soweit alles gemacht.

nur java muß ich noch neu runterladen und mein ad-aware kann nicht starten? error 5001 meint, daß mein scanner busy sei.

und wo finde ich nun meine gespeicherte log.datei von spybot?

Alt 10.09.2007, 14:49   #5
tina_ri
 
logfile nach virus? - Standard

logfile nach virus?



Update: java ist nun drauf...auch ad-aware ist gelaufen. habe nur noch probleme mit dem log von spybot


Alt 10.09.2007, 15:36   #6
tina_ri
 
logfile nach virus? - Standard

logfile nach virus?



IMNames: [SBI $0D1B9B17] Benutzer-Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_USERS\S-1-5-21-3560148244-4041973218-3594990962-1006\Software\VB and VBA Program Settings\IMAdvertiser

Winsoftware.WinAntiVirusPro2006: [SBI $9B8A2FDD] Einstellungen (Registrierungsdatenbank-Wert, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\BootStera

Winsoftware.WinAntiVirusPro2006: [SBI $CAE82EFE] Programmgruppe (Verzeichnis, fixed)
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006\

Hotbar: [SBI $769CA1DE] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_USERS\S-1-5-21-3560148244-4041973218-3594990962-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

Hotbar: [SBI $0A20CD81] Daten (Datei, fixed)
C:\persist.dbs

Hotbar: [SBI $EA20B4A8] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}

Hotbar: [SBI $DAEF713B] IE-Toolbar (Registrierungsdatenbank-Wert, fixed)
HKEY_USERS\S-1-5-21-3560148244-4041973218-3594990962-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

Hotbar: [SBI $C3D6A8C0] Programm-Verzeichnis (Verzeichnis, fixed)
C:\Programme\HbTools_Icons\

MyWay.MyBar: [SBI $6A0FE92F] Class ID (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0}

Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Einstellungen (Registrierungsdatenbank-Änderung, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

Microsoft.Windows.IEFirewallBypass: [SBI $1744AE5C] Einstellungen (Registrierungsdatenbank-Wert, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Programme\Inter net Explorer\IEXPLORE.EXE

Microsoft.Windows.IEFirewallBypass: [SBI $7C9DBA1B] Einstellungen (Registrierungsdatenbank-Wert, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Programme\Inter net Explorer\IEXPLORE.EXE

Altnet: [SBI $3C8FED45] Programm-Verzeichnis (Verzeichnis, fixed)
c:\Program Files\Altnet\

CommonName: [SBI $69E37531] Temporärer Ordner (Verzeichnis, fixed)
C:\WINDOWS\Temp\Adware

SpyShield: [SBI $CCC83008] Benutzer-Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_USERS\S-1-5-21-3560148244-4041973218-3594990962-1006\Software\tbon

WinAntiVirusPro2006: [SBI $48113326] Einstellungen (Registrierungsdatenbank-Wert, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootStera

WinAntiVirusPro2006: [SBI $C8D098E7] Einstellungen (Registrierungsdatenbank-Wert, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera

WinAntiVirusPro2006: [SBI $488E01C8] Daten (Datei, fixed)
C:\WINDOWS\system32\stera.job

HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


FastClick: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


MediaPlex: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitsLink: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Hotbar: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


WebTrends live: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


ErrorSafe: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Zedo: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


CurePCSolution: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


TargetNet: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


DoubleClick: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


ZQest.K8L: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


CasaleMedia: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


BurstMedia: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


ValueClick: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


CoreMetrics: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


WebTrends live: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Unknown: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


TagASaurus: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Statcounter: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Tradedoubler: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


BFast: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


CasinoPopupStuff: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Winsoftware.WinAntiVirusPro2006: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


ErrorSafe: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Hotbar: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


CasinoPopupStuff: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Instafin: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


BlueStreak: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Hotbar: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


BurstMedia: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


WinFixer: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Winsoftware.WinAntiVirusPro2006: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


ErrorSafe: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Winsoftware.WinAntiVirusPro2006: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Winsoftware.WinAntiVirusPro2006: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


CasinoPopupStuff: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


ReliableStats: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


MediaPlex: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Winsoftware.WinAntiVirusPro2006: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


CasinoPopupStuff: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Adviva: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Winsoftware: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


AdRevolver: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


WinFixer: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


CoreMetrics: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Clickbank: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


CasinoPopupStuff: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Winsoftware.WinAntiVirusPro2006: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


AdRevolver: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


LinkSynergy: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


SystemDoctor2006: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Zedo: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


CasinoPopupStuff: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Winsoftware: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Cassava: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


SystemDoctor2006: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


CPXinteractive: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


DirectTrack: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


Zedo: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


AffiliateFuel: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)


HitBox: [SBI $4CDCC3D5] Verfolgender Cookie (Internet Explorer: ***) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-09-10 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-09-05 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-05 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-05 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-05 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-05 Includes\Malware.sbi (*)
2007-09-05 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-05 Includes\PUPSC.sbi (*)
2007-09-05 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-05 Includes\SecurityC.sbi (*)
2007-09-05 Includes\Spybots.sbi (*)
2007-09-05 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-05 Includes\Trojans.sbi (*)
2007-09-05 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

stimmt das? oder soll ich etwas anderes copy'n'paste?

Geändert von tina_ri (10.09.2007 um 15:43 Uhr)

Alt 10.09.2007, 15:50   #7
tina_ri
 
logfile nach virus? - Standard

logfile nach virus?



und hier nur noch die letzte logfile, dann müsste alles da sein

danke!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:09, on 10.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\MySpace\IM\MySpaceIM.exe
C:\Programme\CASIO\Photo Loader\Plauto.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Microsoft Works\WksWP.exe
C:\Programme\Microsoft Works\WkDStore.exe
C:\Programme\Microsoft Works\wkgdcach.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig?hl=de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programme\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programme\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tbon] C:\Programme\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader resident.lnk = C:\Programme\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
O18 - Protocol: bw+0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EFB71797-B9DC-4D49-98AE-48F437B68201} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)

Alt 10.09.2007, 15:52   #8
tina_ri
 
logfile nach virus? - Standard

logfile nach virus?



O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programme\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 25411 bytes

Alt 11.09.2007, 15:28   #9
tina_ri
 
logfile nach virus? - Standard

logfile nach virus?



kann mir jemand weiterhelfen bevor sich was böses anbahnt? dankeschön.

Alt 11.09.2007, 21:08   #10
KarlKarl
/// Helfer-Team
 
logfile nach virus? - Standard

logfile nach virus?



Bestoffers scheint hartnäckig zu sein. Das Verzeichnis C:\Programme\TBONBin komplett mit allem Inhalt löschen, bei Bedarf auf den abgesicherten Modus ausweichen.

In HijackThis vor folgende Zeile(n) einen Haken machen und dann "Fix checked" klicken, dabei alle anderen Programme (besonders Webbrowser) geschlossen haben:
Code:
ATTFilter
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [tbon] C:\Programme\TBONBin\tbon.exe /r
         
Und vielleicht noch den Logitech Desktop-Messenger deinstallieren. Ist zwar keine Malware, aber eine unglaubliche Vermüllung des Systems, dann würde ein Log auch in einen Beitrag passen.

Alt 11.09.2007, 22:12   #11
undoreal
/// AVZ-Toolkit Guru
 
logfile nach virus? - Standard

logfile nach virus?



Und danach arbeite bitte folgende Anleitungen durch.:.

F-Secure Blacklight – Rootkitscanner:

* Scanne dein System mit F-Secure Blacklight
* Poste im Anschluss das Ergebnis des Reportes in dem du alles abkopierst und hier in einen Beitrag einfügst. (die Datei sollte auf C: angelegt werden.)


Silentrunners Logfile

-Lade dir das Tool -> Silentrunners
-Entpacke das Script in einen Ordner deiner Wahl
-Doppelklick auf -> Silent Runners -> Option Supplementary Searches auswählen
-System wird nun überprüft, nach Beendigung wird eine Log-Datei erstellt
(Dein Antiviren-Scanner könnte eine Meldung wegen „bösartigem Script“
erstellen, ignoriere dieses und arbeite weiter!)
-Dann öffne die Silent Runners xxx.txt mit einem Editor und kopiere den gesamten Inhalt ab und füge ihn in einen Beitrag ein.
(Strg+A markieren -> Strg+C kopieren -> Strg+V einfügen)


tcpview

1. Das Programm tcpview herunterladen und auf dem Desktop entpacken.
2. Im Ordner tcpview die Datei tcpview.exe starten.
3. Oben links auf das Diskettensymbol klicken und das Logfile abspeichern.
4. Den Inhalt der Logdatei posten.




Gruß

Undoreal
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 12.09.2007, 11:44   #12
tina_ri
 
logfile nach virus? - Standard

logfile nach virus?



beim scannen mit f-secure blacklight wurde nichts gefunden ('no hidden items found').

silentrunner logfile:

"Silent Runners.vbs", revision 52, Silent Runners - Adware? Disinfect, don't reformat!
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"InfoCockpit" = "C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash" [file not found]
"MsnMsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"Skype" = ""C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"MySpaceIM" = "C:\Programme\MySpace\IM\MySpaceIM.exe" [null data]
"updateMgr" = "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Apoint" = "C:\Programme\Apoint\Apoint.exe" [file not found]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" [file not found]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" [file not found]
"SonyPowerCfg" = "C:\Programme\Sony\VAIO Power Management\SPMgr.exe" [file not found]
"ISBMgr.exe" = "C:\Programme\Sony\ISB Utility\ISBMgr.exe" [file not found]
"VAIO Update 2" = ""C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary" [file not found]
"PDService.exe" = "C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [file not found]
"T-DSL SpeedMgr" = ""C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"" [file not found]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" [file not found]
"avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" [file not found]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" [file not found]
"LogitechCameraAssistant" = "C:\Programme\Logitech\Video\CameraAssistant.exe" [file not found]
"LogitechVideo[inspector]" = "C:\Programme\Logitech\Video\InstallHelper.exe /inspect" [file not found]
"LogitechCameraService(E)" = "C:\WINDOWS\system32\ElkCtrl.exe /automation" [file not found]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"Windows Defender" = ""C:\Programme\Windows Defender\MSASCui.exe" -hide" [MS]
"Adobe Photo Downloader" = ""C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{ED58A35B-B554-42AF-A26C-6F3D424200D3}" = "Sony Power Management Extensiond"
-> {HKLM...CLSID} = "SPMPanel"
\InProcServer32\(Default) = "C:\Programme\Sony\VAIO Power Management\SPMPanel.dll" ["Sony Corporation"]
"{F6A51CCC-6AA6-46ad-B726-97466F0A38BF}" = "SafeGuard® PrivateDisk extension"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Utimaco\SafeGuard PrivateDisk\pdshell.dll" ["Utimaco Safeware AG"]
"{C6643EC0-49AC-4c15-A455-04104DB900A9}" = "Image Converter context menu extension"
-> {HKLM...CLSID} = "Image Converter context menu"
\InProcServer32\(Default) = "C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll" [" "]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKCU...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Meine freigegebenen Ordner"
\InProcServer32\(Default) = "C:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = ""ShellExecuteHook" von Microsoft AntiMalware"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"stera" [file not found]|"lsdelete" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
<<!>> VESWinlogon\DLLName = "VESWinlogon.dll" ["Sony Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
ImageConverter2\(Default) = "{C6643EC0-49AC-4c15-A455-04104DB900A9}"
-> {HKLM...CLSID} = "Image Converter context menu"
\InProcServer32\(Default) = "C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll" [" "]
SGPDMenu\(Default) = "{F6A51CCC-6AA6-46ad-B726-97466F0A38BF}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Utimaco\SafeGuard PrivateDisk\pdshell.dll" ["Utimaco Safeware AG"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ImageConverter2\(Default) = "{C6643EC0-49AC-4c15-A455-04104DB900A9}"
-> {HKLM...CLSID} = "Image Converter context menu"
\InProcServer32\(Default) = "C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll" [" "]
LockFolder\(Default) = "{4852341A-43E6-4994-B29B-E82904992884}"
-> {HKLM...CLSID} = "LckFldMenu.Locker"
\InProcServer32\(Default) = "C:\Programme\FolderAccess\LckFldMenu.dll" ["Topdownloads Network"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
SGPDMenu\(Default) = "{F6A51CCC-6AA6-46ad-B726-97466F0A38BF}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Utimaco\SafeGuard PrivateDisk\pdshell.dll" ["Utimaco Safeware AG"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Kristina\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\ROBBIE~1.SCR" (Robbie Williams.scr) ["ScreenTime Media"]


tpcview:

alg.exe:3668 TCP Tina:1127 Tina:0 LISTENING
iexplore.exe:3836 UDP Tina:2244 *:*
lsass.exe:352 UDP Tina:isakmp *:*
lsass.exe:352 UDP Tina:4500 *:*
msnmsgr.exe:2668 UDP Tina:1928 *:*
msnmsgr.exe:2668 UDP tina:52829 *:*
msnmsgr.exe:2668 UDP tina:9398 *:*
msnmsgr.exe:2668 UDP Tina:1026 *:*
Skype.exe:2720 TCP tina:1929 lincdhcp23676.linc.ox.ac.uk:44890 ESTABLISHED
Skype.exe:2720 TCP Tina:http Tina:0 LISTENING
Skype.exe:2720 TCP Tina:28308 Tina:0 LISTENING
Skype.exe:2720 TCP Tina:https Tina:0 LISTENING
Skype.exe:2720 UDP Tina:1025 *:*
Skype.exe:2720 UDP Tina:28308 *:*
svchost.exe:1108 UDP Tina:1946 *:*
svchost.exe:1108 UDP Tina:1995 *:*
svchost.exe:1108 UDP Tina:1945 *:*
svchost.exe:1300 UDP tina:1900 *:*
svchost.exe:1300 UDP Tina:1900 *:*
svchost.exe:712 TCP Tina:epmap Tina:0 LISTENING
svchost.exe:916 UDP tina:ntp *:*
svchost.exe:916 UDP Tina:ntp *:*
System:4 TCP Tina:microsoft-ds Tina:0 LISTENING
System:4 UDP Tina:microsoft-ds *:*
VCSW.exe:300 TCP Tina:51493 Tina:0 LISTENING
VCSW.exe:300 UDP Tina:51493 *:*


was bestoffer angeht...hatte ich vor einigen monaten mal drauf. wahrscheinlich wegen kazaa, daß ich gleich deinstallieren wollte. bin wohl falsch vorgegangen und habe kazaa immer noch zum teil in den programmen, nur kann ich es nicht entfernen?!?!

Geändert von tina_ri (12.09.2007 um 11:55 Uhr)

Alt 12.09.2007, 11:56   #13
tina_ri
 
logfile nach virus? - Standard

logfile nach virus?



hier nochmal die neueste HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.2

[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA
[/edit]

Alt 13.09.2007, 17:25   #14
undoreal
/// AVZ-Toolkit Guru
 
logfile nach virus? - Standard

logfile nach virus?



Deine logs sehen prima aus

mfg

Undoreal
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 13.09.2007, 21:17   #15
tina_ri
 
logfile nach virus? - Standard

logfile nach virus?



Zitat:
Zitat von undoreal Beitrag anzeigen
Deine logs sehen prima aus

mfg

Undoreal
echt?

:aplaus:

dann ist meine schlechte internetverbindung wohl ne einbildung

vielen dank für die hilfe

Antwort

Themen zu logfile nach virus?
ad-aware, adobe, adobe reader, antivir, avg, bho, defender, desktop, downloader, excel, frage, helper, hijack, hijackthis, hkus\s-1-5-18, homepage, internet, internet explorer, logfile, msn-virus, mssql, photoshop, rundll, s-1-5-18, server, software, system, t-online, trend micro, urlsearchhook, virus, windows, windows defender, windows xp



Ähnliche Themen: logfile nach virus?


  1. Logfile nach FRST64.exe
    Log-Analyse und Auswertung - 26.06.2015 (11)
  2. 50Euro Virus - Win7 / 64 - OTL Logfile erstellt nach Anleitung erstellt
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (2)
  3. Logfile Auswertungen nach Virusmeldung(en)
    Log-Analyse und Auswertung - 13.12.2010 (4)
  4. Logfile nach Virusmeldung von Antivir
    Log-Analyse und Auswertung - 17.06.2010 (4)
  5. Logfile auswerten nach Virenbefall
    Log-Analyse und Auswertung - 23.12.2008 (1)
  6. HijackThis Logfile nach Formatierung
    Log-Analyse und Auswertung - 20.12.2008 (0)
  7. Nach Reinigung von Boot.com Virus Logfile sauber?
    Log-Analyse und Auswertung - 25.11.2008 (0)
  8. Logfile nach Infektion
    Log-Analyse und Auswertung - 13.04.2008 (1)
  9. Logfile nach diversen Bereiningungsmaßnahmen
    Mülltonne - 04.10.2007 (1)
  10. Logfile nach Trojanerbefall
    Log-Analyse und Auswertung - 10.07.2007 (3)
  11. Logfile bitte mal nach schauen
    Mülltonne - 10.12.2006 (0)
  12. Logfile nach Virusbefall
    Log-Analyse und Auswertung - 06.05.2006 (1)
  13. HjackThis - Logfile nach S7-Problem
    Log-Analyse und Auswertung - 23.11.2005 (12)
  14. Logfile nach Wurmentfernung
    Log-Analyse und Auswertung - 24.10.2005 (13)
  15. Virus Befall...bitte mal Logfile nach schauen.
    Log-Analyse und Auswertung - 19.08.2005 (2)
  16. Logfile nach Trojanerbefall
    Log-Analyse und Auswertung - 21.05.2005 (7)
  17. Logfile nach escan
    Log-Analyse und Auswertung - 14.07.2004 (3)

Zum Thema logfile nach virus? - ich habe dummerweise einen msn-virus angeklickt. hier nun meine log-file und die frage ob eine aufsetzung erforderlich ist? vielen dank. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:43:12, - logfile nach virus?...
Archiv
Du betrachtest: logfile nach virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.