Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   HILFE Bitte (https://www.trojaner-board.de/16975-hilfe-bitte.html)

MichaF 23.04.2005 19:21
Hallo zusammen,

hier mein letztes HiJackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 20:19:49, on 23.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe
C:\SpeedUp\SpeedItUp.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programme\Siemens\Gigaset WLAN Adapter\wlm.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\AOL 9.0b\waol.exe
C:\Programme\AOL 9.0b\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\WINDOWS\system32\addku.exe
C:\WINDOWS\msrn32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\Programme\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - C:\WINDOWS\system32\atlnp32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SpeedItUp] C:\SpeedUp\SpeedItUp.exe -MINI
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AVKBar] "C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKBar.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://rtl.midasplayer.de/midasa.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex...amesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C650A10-AF28-4523-8D5E-680C22E1AE39}: NameServer = 205.188.146.145
O18 - Protocol: bw+0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkau.exe" /s (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\aolserv.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
O23 - Service: G DATA AntiVirenKit Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Für mich immer noch Kauderwelsch aber Ihr kennt Euch zum Glück damit aus.

DANKE schon jetzt

Micha

Cidre 23.04.2005 19:36
@ MichaF

Die Malware ist immer noch aktiv. Führe zunächst dies aus:

Rechtsklick auf die Find.bat -> 'Ziel speichern unter…' z.B. C:\ -> Find.bat doppelklicken und den Scan abwarten -> den Inhalt der C:\eScan_neu.txt hier posten [1].

[1] Strg+A (alles markieren) -> Strg+C (kopieren) -> Strg+V (hier in den Thread einfügen)

MichaF 23.04.2005 19:54
Hallo Cidre,

danke für die Antwort.

Habe die Findbat gespeichert.Die ratterte nach dem öffnen sofort los und war wieder weg.

Meintest Du mit der escan neu.txt das ich escan nochmal neu laufen lassen muß ?

Micha

Cidre 23.04.2005 20:00
Nein, du solltest lediglich unter C:\ die eScan_neu.txt öffnen und danach deren Inhalt hier posten.

MichaF 23.04.2005 20:09
Hallo Cidre,

sorry aber irgendwie hab ich einen ganzen Baum vorm Kopf.Ich habe keine escan neu.txt nur eine escan alt.txt.

Wo oder besser wie soll ich die finden ?

Danke für Deine Geduld :(

Micha

cronos 23.04.2005 20:10
Dann poste uns deren Inhalt.

MichaF 23.04.2005 20:18
Hallo,

ok hier ist die alte:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Apr 23 11:38:28 2005 => File C:\WINDOWS\system32\javavq32.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:39 2005 => File C:\WINDOWS\crdv32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:39 2005 => File C:\WINDOWS\sdkau.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => System found infected with sw Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => File System Found infected by "sw Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => System found infected with se Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => System found infected with hsa Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:28 2005 => File C:\WINDOWS\appkj.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:31 2005 => File C:\WINDOWS\ietq32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:36 2005 => File C:\WINDOWS\pcqhx.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:39 2005 => File C:\WINDOWS\sdkcr32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:42 2005 => File C:\WINDOWS\whmwh.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:45 2005 => File C:\WINDOWS\System32\addii.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:40:44 2005 => File C:\WINDOWS\System32\jccld.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:41:10 2005 => File C:\WINDOWS\System32\msgm32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 12:07:59 2005 => File C:\Dokumente und Einstellungen\Micha\Eigene Dateien\backups\backup-20050422-155650-170.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 12:28:58 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sat Apr 23 13:03:06 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP347\A0047642.dll infected by "not-a-virus:AdWare.SaveNow.as" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:26 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049738.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:28 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049801.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:29 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049816.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049839.exe infected by "not-a-virus:Porn-Dialer.Win32.PluginAccess" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049840.exe infected by "not-a-virus:Porn-Dialer.Win32.PluginAccess" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049841.exe infected by "Trojan-Downloader.Win32.Small.aa" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049842.exe infected by "not-a-virus:AdWare.SaveNow.ay" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:07:17 2005 => File C:\WINDOWS\appkj.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:11:01 2005 => File C:\WINDOWS\ietq32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:14:11 2005 => File C:\WINDOWS\pcqhx.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:14:27 2005 => File C:\WINDOWS\sdkcr32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:16:28 2005 => File C:\WINDOWS\system32\addii.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:20:14 2005 => File C:\WINDOWS\system32\jccld.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:20:44 2005 => File C:\WINDOWS\system32\msgm32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:23:25 2005 => File C:\WINDOWS\whmwh.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:23:48 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Apr 23 12:26:07 2005 => File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Apr 23 12:27:00 2005 => File C:\Programme\AOL 9.0a\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Apr 23 12:27:52 2005 => File C:\Programme\AOL 9.0b\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Apr 23 12:30:13 2005 => File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Apr 23 12:50:06 2005 => File C:\Sun\AppServer\jdk\demo\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sat Apr 23 12:50:33 2005 => File C:\Sun\AppServer\jdk\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statisktiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Apr 23 13:23:48 2005 => Total Virus(es) Found: 37
Sat Apr 23 13:23:48 2005 => Total Errors: 271
Sat Apr 23 13:23:48 2005 => Time Elapsed: 01:45:44
Sat Apr 23 13:23:48 2005 => Total Objects Scanned: 69531
Sat Apr 23 11:36:32 2005 => Virus Database Date: 2005/04/20
Sat Apr 23 13:23:48 2005 => Virus Database Date: 2005/04/20
Sat Apr 23 13:38:01 2005 => Virus Database Date: 2005/04/20
Sat Apr 23 15:09:00 2005 => Virus Database Date: 2005/04/20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Und jetzt fragt sich Klein Micha: Wasn nu zu tun ?

Grüße

Micha

cronos 23.04.2005 20:30
Gehe wie folgt vor:

Wechsle in den abgesicherten Modus bei deaktiviertes Systemwiederherstellung:

www.bsi.bund.de/av/texte/wiederher.htm

Lösche manuell:
C:\WINDOWS\system32\javavq32.dll
C:\WINDOWS\crdv32.exe
C:\WINDOWS\sdkau.exe
C:\WINDOWS\appkj.exe
C:\WINDOWS\ietq32.exe
C:\WINDOWS\pcqhx.dll
C:\WINDOWS\sdkcr32.exe
C:\WINDOWS\whmwh.dll
:\WINDOWS\System32\addii
C:\WINDOWS\System32\jccld.dll
:\WINDOWS\System32\msgm32.exe
File C:\Dokumente und Einstellungen\Micha\Eigene Dateien\backups\backup-20050422-155650-170.dll

Leere den Inhalt folgenden Ordners:

C:\Programme\AVPersonal\INFECTED\

Lade dir auch Spybot und Adaware runter und lösche deren Funde.

Spybot:http://www.safer-networking.org/de/spybotsd/index.html

Adaware: http://www.lavasoftusa.com/software/adaware/

Mit Spybot auch noch zusätzlich immunisieren.

Neu booten,Systemwiederherstellung aktivieren und neuenLog von Hijackthis posten.

Edit:Falls die Dateien nicht findest:

Windows Explorer (Win Taste +E) -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK"
Die Einstellungen danach wieder rückgängig machen.

MichaF 23.04.2005 20:36
Hallo Cronos,

alles schon gemacht, hier das neue LOG :

Logfile of HijackThis v1.99.1
Scan saved at 21:34:41, on 23.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe
C:\SpeedUp\SpeedItUp.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programme\Siemens\Gigaset WLAN Adapter\wlm.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\AOL 9.0b\waol.exe
C:\Programme\AOL 9.0b\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\WINDOWS\system32\addku.exe
C:\WINDOWS\msrn32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - C:\WINDOWS\system32\atlnp32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SpeedItUp] C:\SpeedUp\SpeedItUp.exe -MINI
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AVKBar] "C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKBar.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://rtl.midasplayer.de/midasa.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex...amesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C650A10-AF28-4523-8D5E-680C22E1AE39}: NameServer = 205.188.146.145
O18 - Protocol: bw+0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkau.exe" /s (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\aolserv.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
O23 - Service: G DATA AntiVirenKit Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Und nun ?

Micha

The Saint 23.04.2005 20:47
Zitat:
C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Falls du diese Einträge nicht kennst bitte Fixe also alle 018 Einträge

und diesen hier: O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - C:\WINDOWS\system32\atlnp32.dll

O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0....g-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0....r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0....u-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0....s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0....m-ob-assets.cab

danach führe dies aus http://www.derbilk.de/SpSeHjfix112.zip

Wenn du meinen 2.ten Vorschlag (System neu installieren) durchgeführt hättest, wärst du schon längst fertig.
Jetzt mußt du alles durchchecken und kannst dir noch immer nicht sicher sein das dein System danach besser läuft bzw. sicher ist.

cronos 23.04.2005 20:54
@ the saint

Ich denke nicht, dass das Tool gebraucht wird.
Dann sähe der Log eher wie folgt aus:

http://trojaner-info.de/anleitungen/...out_blank.html

Und ich sehe hier rein gar nichts von se.dll

Warum allerdings hier haufenweise der O18 Eintrag ausgeworfen wird, ist mir unklar.Bug von HJT?

MichaF 23.04.2005 20:56
So alles gemacht.

Was nun ?

Neue Log von HiJackTHis ? oder was anderes ?

Micha

The Saint 23.04.2005 20:57
Zitat:
Zitat von cronos
@ the saint

Ich denke nicht, dass das Tool gebraucht wird.
Dann sähe der Log eher wie folgt aus:

http://trojaner-info.de/anleitungen/...out_blank.html

Und ich sehe hier rein gar nichts von se.dll

Warum allerdings hier haufenweise der O18 Eintrag ausgeworfen wird, ist mir unklar.Bug von HJT?
Hab ich mich jetzt hiermit geirrt:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321

Dann bitte ich um Entschuldigung!

cronos 23.04.2005 20:57
Neuen Log erstellen.
Den Inhalt der mwav. log löschen.
Escan erneut durchführen und auch Log davon posten.

cronos 23.04.2005 21:04
@ the saint

Sogar ich mache manchmal Fehler;).Nimms dir nicht zu Herzen :knuddel:
HiHi


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:53 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130