Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! (https://www.trojaner-board.de/71180-firefox-oeffnet-neues-werbefenster-selbsttaetig-ie-geht-gar-mehr.html)

littlefrank 18.03.2009 21:12
Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf!
 
Moin an alle...
habe da ein ähnliches Problem, wie schon beschrieben wurde, nur bei mir kommt hinzu, dass ich a: zusätzlich noch Probleme Habe den IE zu öffnen (wird mir verweigert)
und b: kene wirkliche Ahnung habe, was ich wo und warum machen muss
Habe "spywaredoctor" runtergeladen, der mir 3 Infizierungen, die niedrig eingestuft werden und 15 weitere niedrige fehler aufweist!
Dann habe ich gelesen, dass das eine Verkaufsstrategie ist, um die Vollversion zu bestellen.
Nun bin ich einfach mal irritiert! was hilft??

LG DLFrank:schmoll:

a5cl3p1o5 18.03.2009 21:59
Hallo und :hallo:

Bitte befolge folgende Anleitung:

Ausschnitt:
Zitat:
a) Anleitung -> CCleaner

b) Anleitung -> Malwarebytes-Anti-Malware
(Wenn das Programm schon ausgeführt wurde, bitte den Report kopieren und uns zeigen, steht alles in der Anleitung!)

c) Anleitung -> Anleitung: HijackThis

d) Liste installierter Software -> Um zu erfahren, was sich auf deinem System alles für Programme verbergen, gehe bitte wie folgt vor.

* Starte nochmals "HijackThis"
* Klick "open the Misc Tools section"
* Klick "Open Uninstall Manager"
* Klick "Save List" (jetzt wird eine uninstall_list.txt im Ordner HiJackThis angelegt.)
* Diese Datei öffnest du, und kopiertst ihren Inhalt hier in deinem Thread.

Hinweis! Um dieses Ausführen zu können, muß HijackThis in einen eigenem Verzeichnis gestartet werden. Am besten: c:\Programme\HijackThis
Anschließend kann Dir hier dann im Board jemand helfen.

Grüße
a5cl3p1o5

littlefrank 18.03.2009 22:20
ich danke Dir erstmal für die Tips und setze mich umgehend ran...
Danke nochmal:D

littlefrank 18.03.2009 23:42
Soo... der anfang ist gemacht. CC-Cleaner ist durch, HiJackThis ist durch... und das resultat schaut wie folgt aus:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:32, on 18.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programme\AVSKey-Lock\AVSKey.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programme\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe
C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe
C:\Programme\Gemeinsame Dateien\ACD Systems\EN\DevDetect.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\WinRAR\WinRAR.exe
c:\dokumente und einstellungen\littlefrank\lokale einstellungen\anwendungsdaten\mqooo.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Dokumente und Einstellungen\Littlefrank\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jappy.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Programme\Toshiba\Windows Utilities\Hotkey.exe" /lang DE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mqooo] "c:\dokumente und einstellungen\littlefrank\lokale einstellungen\anwendungsdaten\mqooo.exe" mqooo
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - {9E958ACA-8CB9-414B-B5C6-2F044D71F7B2} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EE6FB4A-CB78-46C0-B9C5-B359B7A6CC11}: NameServer = 213.191.92.86 62.109.123.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE19F866-1C53-45F8-A466-7C47AA567A44}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVSKey-Lock (AvskeyService) - Unknown owner - C:\Programme\AVSKey-Lock\AVSKey.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Programme\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 23670 bytes

soo... der Malwarebytes-Anti Malware läüft noch...
Benötigst Du noch Infos??

LG DLFrank:D

a5cl3p1o5 18.03.2009 23:52
Zitat:
soo... der Malwarebytes-Anti Malware läüft noch...
Benötigst Du noch Infos??
Warten wir erstmal was Malwarebytes findet - und danach bitte nochmal ein HijackThis-Logfile.

Grüße
a5cl3p1o5

littlefrank 19.03.2009 00:13
alwarebytes hat sich grad aufgehangen:(
also alles nochmal... dann wird es sicher erst morgen was...
dann bedanke ich mich für heut erstmal:D

LG DLFrank:D

a5cl3p1o5 19.03.2009 00:25
Dann lade bitte mal folgende Dateien bei Virustotal hoch und lasse sie analysieren. das Ergebnis bitte komplett hier posten.

Code:
C:\Programme\AVSKey-Lock\AVSKey.exe
c:\dokumente und einstellungen\littlefrank\lokale einstellungen\anwendungsdaten\mqooo.exe
Und diese Einträge bitte mit HijackThis fixen.
Code:
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
Grüße
a5cl3p1o5

littlefrank 19.03.2009 00:57
soo, benötigst Du von den Datein die ich in den Virustotal gestopft hab, die volle info?? oder nur auszüge... wenn, welche sollen es sein?

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.12.12.0 2008.12.11 -
AntiVir 7.9.0.45 2008.12.11 -
Authentium 5.1.0.4 2008.12.11 -
Avast 4.8.1281.0 2008.12.11 -
AVG 8.0.0.199 2008.12.12 -
BitDefender 7.2 2008.12.12 -
CAT-QuickHeal 10.00 2008.12.11 -
ClamAV 0.94.1 2008.12.11 -
Comodo 733 2008.12.11 -
DrWeb 4.44.0.09170 2008.12.12 -
eSafe 7.0.17.0 2008.12.11 -
eTrust-Vet 31.6.6256 2008.12.11 -
Ewido 4.0 2008.12.11 -
F-Prot 4.4.4.56 2008.12.11 -
F-Secure 8.0.14332.0 2008.12.12 -
Fortinet 3.117.0.0 2008.12.12 -
GData 19 2008.12.12 -
Ikarus T3.1.1.45.0 2008.12.12 -
K7AntiVirus 7.10.551 2008.12.11 -
Kaspersky 7.0.0.125 2008.12.12 -
McAfee 5461 2008.12.11 -
McAfee+Artemis 5461 2008.12.11 -
Microsoft 1.4205 2008.12.12 -
NOD32 3685 2008.12.12 -
Norman 5.80.02 2008.12.11 -
Panda 9.0.0.4 2008.12.11 Suspicious file
PCTools 4.4.2.0 2008.12.11 -
Prevx1 V2 2008.12.12 -
Rising 21.07.32.00 2008.12.11 -
SecureWeb-Gateway 6.7.6 2008.12.11 -
Sophos 4.36.0 2008.12.12 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.12 -
TheHacker 6.3.1.2.184 2008.12.11 -
TrendMicro 8.700.0.1004 2008.12.11 -
VBA32 3.12.8.10 2008.12.11 -
ViRobot 2008.12.12.1514 2008.12.12 -
VirusBuster 4.5.11.0 2008.12.11 -
weitere Informationen
File size: 4641634 bytes
MD5...: a9103f2b9ef866af28b5baa93eeb6880
SHA1..: 7eff4f38d50ce3a496bf6c80e95d5848cc8fa313
SHA256: b0a9691cc11d31f148474e7184db9c91357c4f935869895170c0bbb24175cc72
SHA512: f4390672a3937ef3c0da43a0bb9fe667a13c89434a114a2db2334ac46c558e8c
6ee078e4e5f1930ce2e872e6b81673636e363e2ba2c159755e57193d5da3a2b3
ssdeep: 98304:tOhPuCguheWetyq3Ovk1mo+HFpqGejFWvxjKte2CUZ1/3:tOFnJtwyimfQ
Z3
PEiD..: -
TrID..: File type identification
Windows OCX File (68.7%)
Win32 EXE PECompact compressed (generic) (23.1%)
Win32 Executable Generic (4.7%)
Win16/32 Executable Delphi generic (1.1%)
Generic Win/DOS Executable (1.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x47ea64
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7c8d0 0x7ca00 6.53 fc715c4632b467ec2f080e0d61928f4d
.itext 0x7e000 0xaac 0xc00 5.74 d478311d3fae9e8b3641b9f92a0b6294
.data 0x7f000 0x5b34 0x5c00 6.82 6d8319495d2f6690a5acb0d617b2e7f0
.bss 0x85000 0x3bcc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x89000 0x2af8 0x2c00 5.14 1b6ec851a322d7960eee00c4a6169205
.tls 0x8c000 0x34 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x8d000 0x18 0x200 0.21 c3598d3596c18281a739cf5541bc5721
.reloc 0x8e000 0x95d4 0x9600 6.65 b1e654c8fb0afa94e3daf969d2f077ab
.rsrc 0x98000 0x35600 0x35600 5.70 4c2f6d6f0b441e1f315ecd7baba057b4
.debug 0xce000 0x3a8362 0x3a8362 5.16 ebaf3d16c525a23df18c5371d34255f7

( 15 imports )
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
> kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> user32.dll: CreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostThreadMessageA, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> kernel32.dll: lstrcpyA, WriteProcessMemory, WriteFile, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, SuspendThread, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVolumeInformationA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FlushInstructionCache, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
> advapi32.dll: ReportEventA, RegisterEventSourceA, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, DeregisterEventSource
> advapi32.dll: StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, CloseServiceHandle
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
> comctl32.dll: _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
> netapi32.dll: Netbios

( 0 exports )

a5cl3p1o5 19.03.2009 01:01
die volle Info (sprich alle Scannerergebnisse plus die kryptischen Daten darunter [md5 und co]) wäre toll!

littlefrank 19.03.2009 01:15
Datei mqooo.exe empfangen 2009.03.19 01:06:16 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 2/39 (5.13%)

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.03.18 -
AhnLab-V3 5.0.0.2 2009.03.18 -
AntiVir 7.9.0.120 2009.03.18 -
Authentium 5.1.2.4 2009.03.18 -
Avast 4.8.1335.0 2009.03.18 -
AVG 8.5.0.283 2009.03.19 -
BitDefender 7.2 2009.03.19 -
CAT-QuickHeal 10.00 2009.03.18 -
ClamAV 0.94.1 2009.03.18 -
Comodo 1066 2009.03.18 -
DrWeb 4.44.0.09170 2009.03.19 -
eSafe 7.0.17.0 2009.03.18 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.18 -
F-Secure 8.0.14470.0 2009.03.19 -
Fortinet 3.117.0.0 2009.03.19 -
GData 19 2009.03.19 -
Ikarus T3.1.1.48.0 2009.03.18 -
K7AntiVirus 7.10.674 2009.03.17 -
Kaspersky 7.0.0.125 2009.03.19 -
McAfee 5557 2009.03.18 -
McAfee+Artemis 5557 2009.03.18 -
McAfee-GW-Edition 6.7.6 2009.03.18 Trojan.LooksLike.Dropper
Microsoft 1.4502 2009.03.18 Trojan:Win32/Skintrim.gen!D
NOD32 3946 2009.03.18 -
Norman 6.00.06 2009.03.18 -
nProtect 2009.1.8.0 2009.03.18 -
Panda 10.0.0.10 2009.03.18 -
PCTools 4.4.2.0 2009.03.18 -
Prevx1 V2 2009.03.19 -
Rising 21.21.22.00 2009.03.18 -
Sophos 4.39.0 2009.03.18 -
Sunbelt 3.2.1858.2 2009.03.18 -
Symantec 1.4.4.12 2009.03.19 -
TheHacker 6.3.3.0.283 2009.03.16 -
TrendMicro 8.700.0.1004 2009.03.18 -
VBA32 3.12.10.1 2009.03.18 -
ViRobot 2009.3.18.1654 2009.03.18 -
VirusBuster 4.6.5.0 2009.03.18 -
weitere Informationen
File size: 259072 bytes
MD5...: 17062c6b14ea1760f7b5d12ddd3058e1
SHA1..: b861ed2fa0321bc2b9aff6a8be1ff37b57ef1638
SHA256: 42abf3731ec9d682cc289dfed8c188a7f6580ee77d7c1c59dd95ff6f08189b40
SHA512: 8d59de5017cbe253ec8dac5c505b4374d7b39eb2b948efc82c1fe76fc74fd778
9f4b556052cd3902da94b5a7fa1de77570fbf732dfa9a348d411edc254225093
ssdeep: 6144:A77weFpFa1x2hKAEPlPt1uZbryu/qVvJwfUP+F:q1F7a1Q0lPwryUo/+
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x30784
timedatestamp.....: 0x43fe12f4 (Thu Feb 23 19:54:28 2006)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2f91c 0x2fa00 7.43 adb2ed8d7084a50f6a8994d758f0cbaf
.rdata 0x31000 0xcbb4 0xcc00 5.72 238ac13cb405f342b8d6a97d5a163fc7
.data 0x3e000 0x285c 0x2a00 5.49 99aef854a3f43aeef2a6c22455af9519

( 8 imports )
> GDI32.dll: StartDocA, CreatePen, GetTextMetricsA, GetTextExtentPointW, SetTextAlign, ScaleViewportExtEx, CreateDIBSection, AddFontResourceA, GetEnhMetaFilePaletteEntries, Arc, GetLayout, EnumFontFamiliesA, GetCharWidthA, ExtTextOutA, CreateBrushIndirect, EnumMetaFile, SetDIBColorTable, EnumFontsA, SelectClipRgn, GetTextAlign, InvertRgn, FrameRgn
> WINSPOOL.DRV: DeletePortA, EnumPortsA, DeleteMonitorA
> USER32.dll: EnableMenuItem, SetWindowsHookExA, ReuseDDElParam, FillRect, GetSysColor, InsertMenuItemW, CreatePopupMenu, GetDlgItemTextW, IsCharAlphaW, SetClassLongW, GetPropA, IsWindowUnicode, GetKeyboardLayoutList, CharLowerBuffA, RemovePropA, EnableScrollBar, DispatchMessageA, AdjustWindowRectEx, DdeFreeStringHandle
> KERNEL32.dll: GetModuleHandleA, GetDateFormatW, FormatMessageA, GetShortPathNameA, FindFirstFileA, GlobalReAlloc, CreateFileW, VirtualAlloc, HeapFree, LoadLibraryExW, InitializeCriticalSection, GlobalUnlock, FindClose, EnumCalendarInfoA, HeapSetInformation, SetFilePointerEx, SystemTimeToTzSpecificLocalTime, ReleaseMutex, CreateTimerQueueTimer, CreateThread, FindResourceW, IsDBCSLeadByte, CreateFileMappingA, GetOEMCP, GetTickCount, SetLastError, SetWaitableTimer, ResetEvent, lstrlenW, MapViewOfFileEx, GetFullPathNameW, GlobalHandle, CreateTimerQueue, GlobalSize, HeapDestroy, lstrcmpiW, MoveFileW, IsBadCodePtr, CreateEventA, GetConsoleCP, TerminateThread, GlobalMemoryStatus, RemoveDirectoryW, GetDiskFreeSpaceExW, WideCharToMultiByte, SizeofResource, GetOverlappedResult, GetPrivateProfileIntA, MapViewOfFile, GetSystemDirectoryA, FindResourceA, GetVersionExA, GetThreadPriority, GetConsoleOutputCP, CreateIoCompletionPort, GetFileType, CreateProcessW, GetSystemDirectoryW, GetProcessHeap, HeapCreate, GetPrivateProfileIntW, GetLocaleInfoA, LocalReAlloc, MultiByteToWideChar, GetSystemPowerStatus, GetTempPathA, CreateFileMappingW, ExitThread, Beep, SetFileAttributesW, IsBadWritePtr, GetStartupInfoA
> ADVAPI32.dll: IsValidSecurityDescriptor, RegOpenKeyExW, FreeSid, CreateServiceA, RegEnumValueW, LookupPrivilegeValueW, RegFlushKey, OpenThreadToken, RegQueryValueA, GetUserNameW, RegSetValueExA, CryptAcquireContextA, MakeSelfRelativeSD, InitializeSecurityDescriptor, RegCreateKeyW
> SHLWAPI.dll: StrRChrW, PathAppendW, PathRenameExtensionW
> VERSION.dll: GetFileVersionInfoSizeW, VerQueryValueA, GetFileVersionInfoW
> MSVCRT.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, _XcptFilter, sprintf, _exit, malloc, _mbsrchr, iswdigit, atoi, _msize, atof, ceil, isspace, _wcsicmp, _setmbcp, tolower, iswalnum, wcscpy, localtime, _cexit, swscanf, _splitpath, exit, wcsncmp, wcstod, free, _wtoi, _errno, _ismbblead, wcstoul, strncmp, fread, _ltow, towlower, wcscspn, time, wcstok, qsort, fclose, _ecvt, _wcsupr, _strnicmp, _CxxThrowException, _fpreset, swprintf, bsearch, _expand, wcschr, _stricmp, realloc, _purecall, _wcsnicmp, _c_exit, _wsplitpath, isdigit

( 0 exports )

a5cl3p1o5 19.03.2009 01:23
Lade Dir Avenger runter, starte es und gebe folgenden Text in das "Input script here:"-Feld ein:

Zitat:
Files to delete:
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
C:\Programme\AVSKey-Lock\AVSKey.exe
c:\dokumente und einstellungen\littlefrank\lokale einstellungen\anwendungsdaten\mqooo.exe
C:\WINDOWS\system32\FsUsbExService.Exe
Der Computer wird neu starten. Anschließend eine neues HijackThis-Logfile bitte.

littlefrank 19.03.2009 01:55
soo, nachdem er Windows wieder gestartet hat, kam ne Fehlermeldung, die ich via Print optisch festgehalten habe. Falls Du dann mal schauen möchtest...

HiJackThis brachte folgendes zur Auswertung:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:46:37, on 19.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programme\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe
C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\ACD Systems\EN\DevDetect.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jappy.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Programme\Toshiba\Windows Utilities\Hotkey.exe" /lang DE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mqooo] "c:\dokumente und einstellungen\littlefrank\lokale einstellungen\anwendungsdaten\mqooo.exe" mqooo
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - {9E958ACA-8CB9-414B-B5C6-2F044D71F7B2} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE19F866-1C53-45F8-A466-7C47AA567A44}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVSKey-Lock (AvskeyService) - Unknown owner - C:\Programme\AVSKey-Lock\AVSKey.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FsUsbExService - Unknown owner - C:\WINDOWS\system32\FsUsbExService.Exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Programme\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 22364 bytes

Soo, ich danke Dir erstmal für Deine Hilfe! Ne angenehme Nacht erstmal:D

LG DLFrank:D

Angel21 19.03.2009 10:29
Zitat:
O18 - Protocol: bw+0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


a bissl arg viel, oder? :)

a5cl3p1o5 19.03.2009 10:34
Hallo littlefrank,

ich wurde gebeten, Dich die bisherigen Veränderungen rückgängig machen zu lassen. Dies erreichst Du, indem Du aus der backup.zip, welche sich unter c:\avenger\backup.zip findet, die Dateien wieder entpackst und an ihren alten Ursprungsort setzt (das Passwort ist infected).
Ich wollte etwas testen, bevor wir regulär weitermachen ...

Dass ich wusste, was ich mache, bevor ich Dich Avenger ausführen ließ, zeigt ein Schriftwechsel per privater Nachricht:

Gesprächspartner:
Zitat:
Der name, die doppelten Selbstlaute, aber auch das hier:
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

im system 32?
ich:
.
. (Zwischenzeitich über etwas anderes unterhalten)
.
ich:
Zitat:
es ist zwar nicht böse, aber m.E. überflüssig. Es ist ein Digital Right Management Tool.
Zeitpunkt des letzten Zitats: Heute, 00:52 <-- 31 Minuten bevor ich Avenger ausführen ließ!!!
die PNs liegen weiterhin vor ...

Was ich zugegeben nicht wusste, ist dass sich SweetIM auch regulär deinstallieren lässt und nicht per Avenger "deaktiviert" werden muss.

Naja, wie gesagt: bitte stelle die Dateien wieder her. Ich hoffe, Du wirst anschließend von jemandem kompetenten weiter betreut.

Grüße
a5cl3p1o5

a5cl3p1o5 19.03.2009 10:36
@Angel21: das wir nur angezeigt, weil HijackThis nach auffälligen Zahlen-Buchstaben-Mixs sucht. Die Einträge sind aber unbedenklich.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:02 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129