|
Log-Analyse und Auswertung: HILFE BitteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.04.2005, 19:21 | #16 |
| HILFE Bitte Hallo zusammen, hier mein letztes HijackThis Log: Logfile of HijackThis v1.99.1 Scan saved at 20:19:49, on 23.04.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\Cpqdiag\Cpqdfwag.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\QuickTime\qttask.exe C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe C:\Programme\Logitech\Video\LogiTray.exe C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe C:\SpeedUp\SpeedItUp.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\LVComS.exe C:\Programme\Siemens\Gigaset WLAN Adapter\wlm.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\AOL 9.0b\waol.exe C:\Programme\AOL 9.0b\shellmon.exe C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe C:\WINDOWS\system32\addku.exe C:\WINDOWS\msrn32.exe C:\Programme\Internet Explorer\iexplore.exe C:\PROGRA~1\Logitech\Video\AlbumDB2.exe C:\PROGRA~1\Logitech\Video\FxSvr2.exe C:\Programme\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - C:\WINDOWS\system32\atlnp32.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [SpeedItUp] C:\SpeedUp\SpeedItUp.exe -MINI O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [addku.exe] C:\WINDOWS\system32\addku.exe O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AVKBar] "C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKBar.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/ O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://rtl.midasplayer.de/midasa.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex...amesplayer.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylomgames.com/activex/zylomloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab30149.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7C650A10-AF28-4523-8D5E-680C22E1AE39}: NameServer = 205.188.146.145 O18 - Protocol: bw+0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkau.exe" /s (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\aolserv.exe O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe O23 - Service: G DATA AntiVirenKit Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE Für mich immer noch Kauderwelsch aber Ihr kennt Euch zum Glück damit aus. DANKE schon jetzt Micha |
23.04.2005, 19:36 | #17 |
Administrator, a.D. | HILFE Bitte @ MichaF
__________________Die Malware ist immer noch aktiv. Führe zunächst dies aus: Rechtsklick auf die Find.bat -> 'Ziel speichern unter…' z.B. C:\ -> Find.bat doppelklicken und den Scan abwarten -> den Inhalt der C:\eScan_neu.txt hier posten [1]. [1] Strg+A (alles markieren) -> Strg+C (kopieren) -> Strg+V (hier in den Thread einfügen)
__________________ |
23.04.2005, 19:54 | #18 |
| HILFE Bitte Hallo Cidre,
__________________danke für die Antwort. Habe die Findbat gespeichert.Die ratterte nach dem öffnen sofort los und war wieder weg. Meintest Du mit der escan neu.txt das ich escan nochmal neu laufen lassen muß ? Micha |
23.04.2005, 20:00 | #19 |
Administrator, a.D. | HILFE Bitte Nein, du solltest lediglich unter C:\ die eScan_neu.txt öffnen und danach deren Inhalt hier posten. |
23.04.2005, 20:09 | #20 |
| HILFE Bitte Hallo Cidre, sorry aber irgendwie hab ich einen ganzen Baum vorm Kopf.Ich habe keine escan neu.txt nur eine escan alt.txt. Wo oder besser wie soll ich die finden ? Danke für Deine Geduld Micha |
23.04.2005, 20:10 | #21 |
| HILFE Bitte Dann poste uns deren Inhalt.
__________________ --> HILFE Bitte |
23.04.2005, 20:18 | #22 |
| HILFE Bitte Hallo, ok hier ist die alte: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Apr 23 11:38:28 2005 => File C:\WINDOWS\system32\javavq32.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken. Sat Apr 23 11:38:39 2005 => File C:\WINDOWS\crdv32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken. Sat Apr 23 11:38:39 2005 => File C:\WINDOWS\sdkau.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken. Sat Apr 23 11:38:59 2005 => System found infected with sw Spyware/Adware! Action taken: No Action Taken. Sat Apr 23 11:38:59 2005 => File System Found infected by "sw Spyware/Adware" Virus. Action Taken: No Action Taken. Sat Apr 23 11:38:59 2005 => System found infected with se Spyware/Adware! Action taken: No Action Taken. Sat Apr 23 11:38:59 2005 => File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken. Sat Apr 23 11:38:59 2005 => System found infected with hsa Spyware/Adware! Action taken: No Action Taken. Sat Apr 23 11:38:59 2005 => File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken. Sat Apr 23 11:39:28 2005 => File C:\WINDOWS\appkj.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken. Sat Apr 23 11:39:31 2005 => File C:\WINDOWS\ietq32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken. Sat Apr 23 11:39:36 2005 => File C:\WINDOWS\pcqhx.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken. Sat Apr 23 11:39:39 2005 => File C:\WINDOWS\sdkcr32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken. Sat Apr 23 11:39:42 2005 => File C:\WINDOWS\whmwh.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken. Sat Apr 23 11:39:45 2005 => File C:\WINDOWS\System32\addii.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken. Sat Apr 23 11:40:44 2005 => File C:\WINDOWS\System32\jccld.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken. Sat Apr 23 11:41:10 2005 => File C:\WINDOWS\System32\msgm32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken. Sat Apr 23 12:07:59 2005 => File C:\Dokumente und Einstellungen\Micha\Eigene Dateien\backups\backup-20050422-155650-170.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken. Sat Apr 23 12:28:58 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* Sat Apr 23 13:03:06 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP347\A0047642.dll infected by "not-a-virus:AdWare.SaveNow.as" Virus. Action Taken: No Action Taken. Sat Apr 23 13:05:26 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049738.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken. Sat Apr 23 13:05:28 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049801.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken. Sat Apr 23 13:05:29 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049816.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken. Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049839.exe infected by "not-a-virus:Porn-Dialer.Win32.PluginAccess" Virus. Action Taken: No Action Taken. Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049840.exe infected by "not-a-virus:Porn-Dialer.Win32.PluginAccess" Virus. Action Taken: No Action Taken. Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049841.exe infected by "Trojan-Downloader.Win32.Small.aa" Virus. Action Taken: No Action Taken. Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049842.exe infected by "not-a-virus:AdWare.SaveNow.ay" Virus. Action Taken: No Action Taken. Sat Apr 23 13:07:17 2005 => File C:\WINDOWS\appkj.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken. Sat Apr 23 13:11:01 2005 => File C:\WINDOWS\ietq32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken. Sat Apr 23 13:14:11 2005 => File C:\WINDOWS\pcqhx.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken. Sat Apr 23 13:14:27 2005 => File C:\WINDOWS\sdkcr32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken. Sat Apr 23 13:16:28 2005 => File C:\WINDOWS\system32\addii.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken. Sat Apr 23 13:20:14 2005 => File C:\WINDOWS\system32\jccld.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken. Sat Apr 23 13:20:44 2005 => File C:\WINDOWS\system32\msgm32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken. Sat Apr 23 13:23:25 2005 => File C:\WINDOWS\whmwh.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken. Sat Apr 23 13:23:48 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Apr 23 12:26:07 2005 => File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Sat Apr 23 12:27:00 2005 => File C:\Programme\AOL 9.0a\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Sat Apr 23 12:27:52 2005 => File C:\Programme\AOL 9.0b\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Sat Apr 23 12:30:13 2005 => File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Sat Apr 23 12:50:06 2005 => File C:\Sun\AppServer\jdk\demo\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken. Sat Apr 23 12:50:33 2005 => File C:\Sun\AppServer\jdk\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statisktiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Apr 23 13:23:48 2005 => Total Virus(es) Found: 37 Sat Apr 23 13:23:48 2005 => Total Errors: 271 Sat Apr 23 13:23:48 2005 => Time Elapsed: 01:45:44 Sat Apr 23 13:23:48 2005 => Total Objects Scanned: 69531 Sat Apr 23 11:36:32 2005 => Virus Database Date: 2005/04/20 Sat Apr 23 13:23:48 2005 => Virus Database Date: 2005/04/20 Sat Apr 23 13:38:01 2005 => Virus Database Date: 2005/04/20 Sat Apr 23 15:09:00 2005 => Virus Database Date: 2005/04/20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ Und jetzt fragt sich Klein Micha: Wasn nu zu tun ? Grüße Micha |
23.04.2005, 20:30 | #23 |
| HILFE Bitte Gehe wie folgt vor: Wechsle in den abgesicherten Modus bei deaktiviertes Systemwiederherstellung: www.bsi.bund.de/av/texte/wiederher.htm Lösche manuell: C:\WINDOWS\system32\javavq32.dll C:\WINDOWS\crdv32.exe C:\WINDOWS\sdkau.exe C:\WINDOWS\appkj.exe C:\WINDOWS\ietq32.exe C:\WINDOWS\pcqhx.dll C:\WINDOWS\sdkcr32.exe C:\WINDOWS\whmwh.dll :\WINDOWS\System32\addii C:\WINDOWS\System32\jccld.dll :\WINDOWS\System32\msgm32.exe File C:\Dokumente und Einstellungen\Micha\Eigene Dateien\backups\backup-20050422-155650-170.dll Leere den Inhalt folgenden Ordners: C:\Programme\AVPersonal\INFECTED\ Lade dir auch Spybot und Adaware runter und lösche deren Funde. Spybot:http://www.safer-networking.org/de/spybotsd/index.html Adaware: http://www.lavasoftusa.com/software/adaware/ Mit Spybot auch noch zusätzlich immunisieren. Neu booten,Systemwiederherstellung aktivieren und neuenLog von HijackThis posten. Edit:Falls die Dateien nicht findest: Windows Explorer (Win Taste +E) -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK" Die Einstellungen danach wieder rückgängig machen.
__________________ Only cronos endures |
23.04.2005, 20:36 | #24 |
| HILFE Bitte Hallo Cronos, alles schon gemacht, hier das neue LOG : Logfile of HijackThis v1.99.1 Scan saved at 21:34:41, on 23.04.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\Cpqdiag\Cpqdfwag.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\QuickTime\qttask.exe C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe C:\Programme\Logitech\Video\LogiTray.exe C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe C:\SpeedUp\SpeedItUp.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\LVComS.exe C:\Programme\Siemens\Gigaset WLAN Adapter\wlm.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\AOL 9.0b\waol.exe C:\Programme\AOL 9.0b\shellmon.exe C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe C:\WINDOWS\system32\addku.exe C:\WINDOWS\msrn32.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - C:\WINDOWS\system32\atlnp32.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [SpeedItUp] C:\SpeedUp\SpeedItUp.exe -MINI O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [addku.exe] C:\WINDOWS\system32\addku.exe O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AVKBar] "C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKBar.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/ O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://rtl.midasplayer.de/midasa.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex...amesplayer.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylomgames.com/activex/zylomloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab30149.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7C650A10-AF28-4523-8D5E-680C22E1AE39}: NameServer = 205.188.146.145 O18 - Protocol: bw+0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkau.exe" /s (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\aolserv.exe O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe O23 - Service: G DATA AntiVirenKit Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE Und nun ? Micha |
23.04.2005, 20:47 | #25 | |
| HILFE BitteZitat:
und diesen hier: O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - C:\WINDOWS\system32\atlnp32.dll O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0....g-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0....r-ob-assets.cab O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0....u-ob-assets.cab O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0....s-ob-assets.cab O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0....m-ob-assets.cab danach führe dies aus http://www.derbilk.de/SpSeHjfix112.zip Wenn du meinen 2.ten Vorschlag (System neu installieren) durchgeführt hättest, wärst du schon längst fertig. Jetzt mußt du alles durchchecken und kannst dir noch immer nicht sicher sein das dein System danach besser läuft bzw. sicher ist. Geändert von The Saint (23.04.2005 um 20:55 Uhr) |
23.04.2005, 20:54 | #26 |
| HILFE Bitte @ the saint Ich denke nicht, dass das Tool gebraucht wird. Dann sähe der Log eher wie folgt aus: http://trojaner-info.de/anleitungen/...out_blank.html Und ich sehe hier rein gar nichts von se.dll Warum allerdings hier haufenweise der O18 Eintrag ausgeworfen wird, ist mir unklar.Bug von HJT?
__________________ Only cronos endures |
23.04.2005, 20:56 | #27 |
| HILFE Bitte So alles gemacht. Was nun ? Neue Log von HiJackTHis ? oder was anderes ? Micha |
23.04.2005, 20:57 | #28 | |
| HILFE BitteZitat:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321 Dann bitte ich um Entschuldigung! |
23.04.2005, 20:57 | #29 |
| HILFE Bitte Neuen Log erstellen. Den Inhalt der mwav. log löschen. Escan erneut durchführen und auch Log davon posten.
__________________ Only cronos endures |
23.04.2005, 21:04 | #30 |
| HILFE Bitte @ the saint Sogar ich mache manchmal Fehler.Nimms dir nicht zu Herzen HiHi
__________________ Only cronos endures |
Themen zu HILFE Bitte |
ad-aware, ahnung, bereits, empfohlen, erstell, erstellt, forum, helfen, hijackthis, keine ahnung, log, spybot |