Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: HILFE Bitte

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 23.04.2005, 19:21   #16
MichaF
 
HILFE Bitte - Ausrufezeichen

HILFE Bitte



Hallo zusammen,

hier mein letztes HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 20:19:49, on 23.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe
C:\SpeedUp\SpeedItUp.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programme\Siemens\Gigaset WLAN Adapter\wlm.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\AOL 9.0b\waol.exe
C:\Programme\AOL 9.0b\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\WINDOWS\system32\addku.exe
C:\WINDOWS\msrn32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\Programme\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - C:\WINDOWS\system32\atlnp32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SpeedItUp] C:\SpeedUp\SpeedItUp.exe -MINI
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AVKBar] "C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKBar.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://rtl.midasplayer.de/midasa.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex...amesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C650A10-AF28-4523-8D5E-680C22E1AE39}: NameServer = 205.188.146.145
O18 - Protocol: bw+0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkau.exe" /s (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\aolserv.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
O23 - Service: G DATA AntiVirenKit Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Für mich immer noch Kauderwelsch aber Ihr kennt Euch zum Glück damit aus.

DANKE schon jetzt

Micha

Alt 23.04.2005, 19:36   #17
Cidre
Administrator, a.D.
 
HILFE Bitte - Standard

HILFE Bitte



@ MichaF

Die Malware ist immer noch aktiv. Führe zunächst dies aus:

Rechtsklick auf die Find.bat -> 'Ziel speichern unter…' z.B. C:\ -> Find.bat doppelklicken und den Scan abwarten -> den Inhalt der C:\eScan_neu.txt hier posten [1].

[1] Strg+A (alles markieren) -> Strg+C (kopieren) -> Strg+V (hier in den Thread einfügen)
__________________

__________________

Alt 23.04.2005, 19:54   #18
MichaF
 
HILFE Bitte - Ausrufezeichen

HILFE Bitte



Hallo Cidre,

danke für die Antwort.

Habe die Findbat gespeichert.Die ratterte nach dem öffnen sofort los und war wieder weg.

Meintest Du mit der escan neu.txt das ich escan nochmal neu laufen lassen muß ?

Micha
__________________

Alt 23.04.2005, 20:00   #19
Cidre
Administrator, a.D.
 
HILFE Bitte - Standard

HILFE Bitte



Nein, du solltest lediglich unter C:\ die eScan_neu.txt öffnen und danach deren Inhalt hier posten.
__________________
Gruß, Cidre


Alt 23.04.2005, 20:09   #20
MichaF
 
HILFE Bitte - Ausrufezeichen

HILFE Bitte



Hallo Cidre,

sorry aber irgendwie hab ich einen ganzen Baum vorm Kopf.Ich habe keine escan neu.txt nur eine escan alt.txt.

Wo oder besser wie soll ich die finden ?

Danke für Deine Geduld

Micha


Alt 23.04.2005, 20:10   #21
cronos
 
HILFE Bitte - Standard

HILFE Bitte



Dann poste uns deren Inhalt.
__________________
--> HILFE Bitte

Alt 23.04.2005, 20:18   #22
MichaF
 
HILFE Bitte - Ausrufezeichen

HILFE Bitte



Hallo,

ok hier ist die alte:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Apr 23 11:38:28 2005 => File C:\WINDOWS\system32\javavq32.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:39 2005 => File C:\WINDOWS\crdv32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:39 2005 => File C:\WINDOWS\sdkau.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => System found infected with sw Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => File System Found infected by "sw Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => System found infected with se Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => System found infected with hsa Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:28 2005 => File C:\WINDOWS\appkj.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:31 2005 => File C:\WINDOWS\ietq32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:36 2005 => File C:\WINDOWS\pcqhx.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:39 2005 => File C:\WINDOWS\sdkcr32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:42 2005 => File C:\WINDOWS\whmwh.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:45 2005 => File C:\WINDOWS\System32\addii.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:40:44 2005 => File C:\WINDOWS\System32\jccld.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:41:10 2005 => File C:\WINDOWS\System32\msgm32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 12:07:59 2005 => File C:\Dokumente und Einstellungen\Micha\Eigene Dateien\backups\backup-20050422-155650-170.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 12:28:58 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sat Apr 23 13:03:06 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP347\A0047642.dll infected by "not-a-virus:AdWare.SaveNow.as" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:26 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049738.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:28 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049801.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:29 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049816.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049839.exe infected by "not-a-virus:Porn-Dialer.Win32.PluginAccess" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049840.exe infected by "not-a-virus:Porn-Dialer.Win32.PluginAccess" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049841.exe infected by "Trojan-Downloader.Win32.Small.aa" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049842.exe infected by "not-a-virus:AdWare.SaveNow.ay" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:07:17 2005 => File C:\WINDOWS\appkj.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:11:01 2005 => File C:\WINDOWS\ietq32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:14:11 2005 => File C:\WINDOWS\pcqhx.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:14:27 2005 => File C:\WINDOWS\sdkcr32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:16:28 2005 => File C:\WINDOWS\system32\addii.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:20:14 2005 => File C:\WINDOWS\system32\jccld.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:20:44 2005 => File C:\WINDOWS\system32\msgm32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:23:25 2005 => File C:\WINDOWS\whmwh.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:23:48 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Apr 23 12:26:07 2005 => File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Apr 23 12:27:00 2005 => File C:\Programme\AOL 9.0a\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Apr 23 12:27:52 2005 => File C:\Programme\AOL 9.0b\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Apr 23 12:30:13 2005 => File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Apr 23 12:50:06 2005 => File C:\Sun\AppServer\jdk\demo\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sat Apr 23 12:50:33 2005 => File C:\Sun\AppServer\jdk\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statisktiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Apr 23 13:23:48 2005 => Total Virus(es) Found: 37
Sat Apr 23 13:23:48 2005 => Total Errors: 271
Sat Apr 23 13:23:48 2005 => Time Elapsed: 01:45:44
Sat Apr 23 13:23:48 2005 => Total Objects Scanned: 69531
Sat Apr 23 11:36:32 2005 => Virus Database Date: 2005/04/20
Sat Apr 23 13:23:48 2005 => Virus Database Date: 2005/04/20
Sat Apr 23 13:38:01 2005 => Virus Database Date: 2005/04/20
Sat Apr 23 15:09:00 2005 => Virus Database Date: 2005/04/20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Und jetzt fragt sich Klein Micha: Wasn nu zu tun ?

Grüße

Micha

Alt 23.04.2005, 20:30   #23
cronos
 
HILFE Bitte - Standard

HILFE Bitte



Gehe wie folgt vor:

Wechsle in den abgesicherten Modus bei deaktiviertes Systemwiederherstellung:

www.bsi.bund.de/av/texte/wiederher.htm

Lösche manuell:
C:\WINDOWS\system32\javavq32.dll
C:\WINDOWS\crdv32.exe
C:\WINDOWS\sdkau.exe
C:\WINDOWS\appkj.exe
C:\WINDOWS\ietq32.exe
C:\WINDOWS\pcqhx.dll
C:\WINDOWS\sdkcr32.exe
C:\WINDOWS\whmwh.dll
:\WINDOWS\System32\addii
C:\WINDOWS\System32\jccld.dll
:\WINDOWS\System32\msgm32.exe
File C:\Dokumente und Einstellungen\Micha\Eigene Dateien\backups\backup-20050422-155650-170.dll

Leere den Inhalt folgenden Ordners:

C:\Programme\AVPersonal\INFECTED\

Lade dir auch Spybot und Adaware runter und lösche deren Funde.

Spybot:http://www.safer-networking.org/de/spybotsd/index.html

Adaware: http://www.lavasoftusa.com/software/adaware/

Mit Spybot auch noch zusätzlich immunisieren.

Neu booten,Systemwiederherstellung aktivieren und neuenLog von HijackThis posten.

Edit:Falls die Dateien nicht findest:

Windows Explorer (Win Taste +E) -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK"
Die Einstellungen danach wieder rückgängig machen.
__________________
Only cronos endures

Alt 23.04.2005, 20:36   #24
MichaF
 
HILFE Bitte - Ausrufezeichen

HILFE Bitte



Hallo Cronos,

alles schon gemacht, hier das neue LOG :

Logfile of HijackThis v1.99.1
Scan saved at 21:34:41, on 23.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe
C:\SpeedUp\SpeedItUp.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programme\Siemens\Gigaset WLAN Adapter\wlm.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\AOL 9.0b\waol.exe
C:\Programme\AOL 9.0b\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\WINDOWS\system32\addku.exe
C:\WINDOWS\msrn32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - C:\WINDOWS\system32\atlnp32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SpeedItUp] C:\SpeedUp\SpeedItUp.exe -MINI
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AVKBar] "C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKBar.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://rtl.midasplayer.de/midasa.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex...amesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C650A10-AF28-4523-8D5E-680C22E1AE39}: NameServer = 205.188.146.145
O18 - Protocol: bw+0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkau.exe" /s (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\aolserv.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
O23 - Service: G DATA AntiVirenKit Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Und nun ?

Micha

Alt 23.04.2005, 20:47   #25
The Saint
 
HILFE Bitte - Standard

HILFE Bitte



Zitat:
C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Falls du diese Einträge nicht kennst bitte Fixe also alle 018 Einträge

und diesen hier: O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - C:\WINDOWS\system32\atlnp32.dll

O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0....g-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0....r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0....u-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0....s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0....m-ob-assets.cab

danach führe dies aus http://www.derbilk.de/SpSeHjfix112.zip

Wenn du meinen 2.ten Vorschlag (System neu installieren) durchgeführt hättest, wärst du schon längst fertig.
Jetzt mußt du alles durchchecken und kannst dir noch immer nicht sicher sein das dein System danach besser läuft bzw. sicher ist.

Geändert von The Saint (23.04.2005 um 20:55 Uhr)

Alt 23.04.2005, 20:54   #26
cronos
 
HILFE Bitte - Standard

HILFE Bitte



@ the saint

Ich denke nicht, dass das Tool gebraucht wird.
Dann sähe der Log eher wie folgt aus:

http://trojaner-info.de/anleitungen/...out_blank.html

Und ich sehe hier rein gar nichts von se.dll

Warum allerdings hier haufenweise der O18 Eintrag ausgeworfen wird, ist mir unklar.Bug von HJT?
__________________
Only cronos endures

Alt 23.04.2005, 20:56   #27
MichaF
 
HILFE Bitte - Ausrufezeichen

HILFE Bitte



So alles gemacht.

Was nun ?

Neue Log von HiJackTHis ? oder was anderes ?

Micha

Alt 23.04.2005, 20:57   #28
The Saint
 
HILFE Bitte - Standard

HILFE Bitte



Zitat:
Zitat von cronos
@ the saint

Ich denke nicht, dass das Tool gebraucht wird.
Dann sähe der Log eher wie folgt aus:

http://trojaner-info.de/anleitungen/...out_blank.html

Und ich sehe hier rein gar nichts von se.dll

Warum allerdings hier haufenweise der O18 Eintrag ausgeworfen wird, ist mir unklar.Bug von HJT?
Hab ich mich jetzt hiermit geirrt:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321

Dann bitte ich um Entschuldigung!

Alt 23.04.2005, 20:57   #29
cronos
 
HILFE Bitte - Standard

HILFE Bitte



Neuen Log erstellen.
Den Inhalt der mwav. log löschen.
Escan erneut durchführen und auch Log davon posten.
__________________
Only cronos endures

Alt 23.04.2005, 21:04   #30
cronos
 
HILFE Bitte - Standard

HILFE Bitte



@ the saint

Sogar ich mache manchmal Fehler.Nimms dir nicht zu Herzen
HiHi
__________________
Only cronos endures

Antwort

Themen zu HILFE Bitte
ad-aware, ahnung, bereits, empfohlen, erstell, erstellt, forum, helfen, hijackthis, keine ahnung, log, spybot




Ähnliche Themen: HILFE Bitte


  1. Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!
    Log-Analyse und Auswertung - 24.07.2013 (6)
  2. Hilfe Mein forum wurde übernomen keine möglichkeiten rein zu kommen bitte um ideen und hilfe
    Diskussionsforum - 29.06.2012 (6)
  3. (3x) Bitte Bitte um Hilfe habe mir AKM Trojaner eingefangen brauche aber dringend meinen PC
    Mülltonne - 08.05.2012 (1)
  4. Hilfe bei Ukash Trojaner! Bitte dringend um Hilfe!
    Log-Analyse und Auswertung - 22.01.2012 (1)
  5. Hilfe Virus! Antivir, internet usw außer gefächt!!! Bitte um Hilfe
    Mülltonne - 15.07.2008 (0)
  6. Viren??Würmer..HILFE! Bitte um Hilfe bei der Auswertung meines hijackthis-log
    Mülltonne - 14.11.2007 (0)
  7. Oh man brauch so dringend Hilfe!!!! Virus?Spyware? Hilfe für einen Laien!Bitte!
    Log-Analyse und Auswertung - 13.06.2007 (6)
  8. SCVHOST.EXE Log file bitte checken! Bitte um hilfe
    Log-Analyse und Auswertung - 06.06.2007 (8)
  9. Ich bin verzweifelt bitte um Dringende Hilfe Bitte bitte
    Plagegeister aller Art und deren Bekämpfung - 08.01.2007 (11)
  10. Bitte, bitte Hilfe wegen Winfixer/ Errorsafe
    Plagegeister aller Art und deren Bekämpfung - 19.12.2006 (3)
  11. Hilfe! EXP/Agent.B Brauche dringent Hilfe, bitte!
    Plagegeister aller Art und deren Bekämpfung - 02.12.2006 (8)
  12. Hilfe 1 Adware Eingefangen Schnelle Hilfe Bitte!!
    Mülltonne - 08.10.2006 (1)
  13. Bitte BITTE bitte HILFE log-file
    Log-Analyse und Auswertung - 18.01.2006 (1)
  14. HILFE, ich habe einige Trojaner - bitte um Eure Hilfe
    Log-Analyse und Auswertung - 01.12.2005 (2)
  15. Schnauze voll von Aurora.brauche dringend hilfe bitte bitte
    Log-Analyse und Auswertung - 08.08.2005 (2)
  16. Bitte Bitte Bitte Hilfe!!! Trojaner
    Log-Analyse und Auswertung - 10.11.2004 (1)
  17. Hilfe,Hilfe,habe Probleme mit Norton Antivirus bitte helfen!!
    Plagegeister aller Art und deren Bekämpfung - 02.03.2004 (1)

Zum Thema HILFE Bitte - Hallo zusammen, hier mein letztes HijackThis Log: Logfile of HijackThis v1.99.1 Scan saved at 20:19:49, on 23.04.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running - HILFE Bitte...
Archiv
Du betrachtest: HILFE Bitte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.