Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Browser (IE6 und Firefox) stürzt ab; regedit und msconfig funktioniert nicht mehr (https://www.trojaner-board.de/44595-browser-ie6-firefox-stuerzt-ab-regedit-msconfig-funktioniert-mehr.html)

killez 14.10.2007 00:45
Browser (IE6 und Firefox) stürzt ab; regedit und msconfig funktioniert nicht mehr
 
Hallo,

hab seit einiger Zeit ein Problem. Mein Rechner läuft nur noch bedingt. Egal welchen Browser ich benutze, ob Firefox oder InternetExplorer, stürzt er innerhalb von 2 Minuten ab.
Wenn ich in die msconfig will oder regedit, dann hängt der Browser sich auf.

Bitte um Hilfe!!! Weiß nicht mehr weiter!
Hier mein HiJackThis - Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:55:14, on 08.11.2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\acs.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDll32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\internat.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\SMC\EZ ConnectTM g 108Mbps Wireless USB Adapter\SMCWUSBT.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programme\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: EZ ConnectTM g 108Mbps Wireless USB Utility.lnk = C:\Programme\SMC\EZ ConnectTM g 108Mbps Wireless USB Adapter\SMCWUSBT.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185906351670
O18 - Protocol: bw+0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5934272F-85BC-4EAA-AE6F-57F4CFCAB792} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

--
End of file - 15944 bytes

Trojanerade 14.10.2007 08:32
Das kommt davon wenn man 2 Virenscanner instaliert hat!
Entscheide dich für Einen Virenscanner Avast oder antivir.
2 VIrenscanner bremsen sich gegenseitíg aus und können im Ernstfall einen kompletten Crash des Systems verursachen:pfui:.

killez 14.10.2007 12:39
Hallo,

das Problem war schon vorher! Ich hab avast! nur installiert um nochmal einen anderen Scanner durchlaufen zu lassen. Mittlerweile ist er auch schon wieder deinstalliert.
Ich hatte mir erhofft, dass der etwas findet!

Bitte deshalb um weitere Hilfe!

Gruß

Cleriker 15.10.2007 09:59
Hi,

wow...das sieht mir eher nach einer Überlastung aus.
Schauen wir uns die Geschichte mal tiefer an.

* MWAV (eScan) - Free Antivirus
1. Lies dir folgende Anleitung genau durch und arbeite sie ab
-> Anleitung eScan
2. Poste im Anschluss das Ergebnis mit Hilfe der *find.bat'.
(rechte Maustaste auf den LINK 'find.bat' , dann "Ziel Speichern unter" -> Desktop)

* Silentrunners Logfile
1. Lade dir das Tool -> Silentrunners
2. Entpacke das Script in einen Ordner deiner Wahl
3. Doppelklick auf -> Silent Runners -> Option Supplementary Searches auswählen
4. System wird nun überprüft, nach Beendigung wird eine Log-Datei erstellt
(Dein Antiviren-Scanner könnte eine Meldung wegen „bösartigem Script“
erstellen, ignoriere dieses und arbeite weiter!)
5. Dann öffne die Silent Runners xxx.txt mit einem Editor
und kopiere den gesamten Inhalt ab und füge ihn in einen Beitrag ein.
(die Datei wird im selben Ordner wie das Tool gespeichert)

mfg Cleriker

killez 17.10.2007 19:48
Hi Danke für die Hilfe!
Hier erstmal die Silent Runner - Log:

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"internat.exe" = "internat.exe" [MS]
"LDM" = "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"Adobe Reader Speed Launcher" = ""C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "Systemsteuerungserweiterung für die Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"CDRAutoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = "Die derzeitige Homepage"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"


Startup items in "SammelCubarWilde" & "All Users" startup folders:
------------------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"EZ ConnectTM g 108Mbps Wireless USB Utility" -> shortcut to: "C:\Programme\SMC\EZ ConnectTM g 108Mbps Wireless USB Adapter\SMCWUSBT.exe -h" [empty string]
"Logitech Desktop Messenger" -> shortcut to: "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Logitech SetPoint" -> shortcut to: "C:\Programme\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Guard, AntiVirService, ""C:\Programme\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]
AntiVir PersonalEdition Classic Planer, AntiVirScheduler, ""C:\Programme\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]
Atheros Configuration Service, ACS, "C:\WINNT\system32\acs.exe" [null data]
COM+-Ereignissystem, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [null data]}
HID Input Service, HidServ, "C:\WINNT\system32\hidserv.exe" [MS]


---------- (launch time: 2007-10-18 00:59:38)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 92 seconds, including 14 seconds for message boxes)

killez 17.10.2007 21:21
Hier die Log vom eScan!

http://www.webfilehost.com/?mode=viewupload&id=418642

Danke nochmal!:daumenhoc

killez 20.10.2007 01:38
Cleriker, hilf mir!!!!

Cleriker 22.10.2007 08:59
Morgen,

Ähm....
unter dem Link finde ich nichts Ähnliches,
verweise bitte nicht auf Links, sondern
poste die Zusammenfassung des escan's
mit Hilfe der in der Anleitung beschriebenen
Batch-Datei find.bat.

mfg Cleriker


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:59 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129