Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   HiJackthis logfile + 3 Trojaner! (https://www.trojaner-board.de/35057-hijackthis-logfile-3-trojaner.html)

Ela9 07.01.2007 12:19
HiJackthis logfile + 3 Trojaner!
 
Hallo liebe Trojanerfreunde!

Mein Virenprogramm Antivir hat jetzt mal 3 Trojaner auf meinem PC entdeckt. Irgendwas scheint mit dem Virenprogramm nicht so recht zu stimmen, denn am Anfang waren es nur 2 und anscheinend werden es immer mehr!

Hab jetzt mal ein logfile gemacht wie Ihr es mir gesagt habt.

Die Namen der Viren sind

TR/Dldr.Small.cpg.1 im Pfad C:\System Volume Information\_restore{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP199\A0045120.exe'

TR/Dldr.Small.cpg.1 im Pfad C:\Dokumente und Einstellungen\***\ipaeftrb.exe

TR/Zlob.AF im Pfad C:\Dokument und Einstellungen\***\Lokale Einstellungen\Temp\gwkkjoue.exe

Und hier ist mein logfile:

Logfile of HijackThis v1.99.1
Scan saved at 10:50:45, on 07.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Apoint\Apoint.exe
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Dell\QuickSet\quickset.exe
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programme\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programme\BearShare\BearShare.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Action Manager 32.lnk = C:\Programme\ScannerU\AM32.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A04F4F0-6068-47B4-88E8-A912505D1C80}: NameServer = 143.205.176.16 143.205.176.17
O18 - Protocol: bw+0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {8F61CF83-943A-4311-9C8D-1C4527DB8010} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

Würde mich echt freuen wenn mir jemand dabei helfen könnte, die lästigen Quälgeister endlich loszuwerden!

Liebe Grüßen

Ela

cosinus 07.01.2007 18:16
Dein HJT-Logfile ist rappelvoll, du solltest mal unnötige Programme deinstallieren oder zumindest aus dem Autostart rausschmeißen.
Es ist wirklich fraglich, was du mit der ganzen Flut von Sicherheitsprogrammen anstellen willst:
Zitat:
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
Fassen wir mal zusammen, da sind zwei Virenscanner aktiv, Norton AV und AntiVir. Entscheide dich für einen Virenscanner, zwei aktive bringen meist nur Probleme mit sich!
Dann läuft da noch ZoneAlarm, wirklich nötig ist das auch nicht, zum einen reicht die Windows-Firewall, zum anderen scheint Norton AV da ebenfalls Filterfunktionen intus zu haben. Da solltest du mal etwas aufräumen. "Viel hilft viel" trifft bei "Sicherheitssoftware" nicht zu.
Zitat:
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
Java muss upgedated werden, aktuell ist JRE 6!
Zitat:
C:\Programme\BearShare\BearShare.exe
Auf Bearshare würde ich verzichten, denn das kommt m.W. mit Adware daher.

Um die gefundenen Schädlinge zu entfernen solltest Du
1. die Systemwiederherstellung deaktivieren, das entfernt die Objekte im Ordner System Volume Information
2. wegen des Zlob-Fundes diese Anleitung befolgen und noch ggf. die von dir erwähnte Datei löschen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131