Laptop voller Trojaner

Damon Ridenow · 08.03.2007, 12:50

Hallo,

seit Montag versuchen wir, den Laptop meiner Partnerin von einer Infektion zu befreien. Gemeldet wurden von verschiedenen Antiviren-Programmen, die wir versucht haben, unter anderem ein Trojaner BHO.g und einen adware.agent. Unter c:/Dokumente und Einstellungen/name/Lokale Einstellungen/Temp finden sich immer wieder .exe-Dateien, die als Trojaner erkannt und gelöscht werden können. Nach jedem Reboot ist das Problem wieder da.

HijackThis hat nun die C:\WINDOWS\system32\urqqpnn.dll gefunden, die sich nicht löschen lässt, weil sie in einem aktiven Prozess hängt; eine Analyse mit einem Prozess-Monitor zeigt, dass sie entweder mit der winlogon.exe oder der explorer.exe gekoppelt ist.

Ich habs nicht geschafft, den Laptop von CD zu booten, um die .dll entfernen zu können und bin mit meinem Latein am Ende.

Das ursprüngliche Problem war, dass der Laptop seit etwa 2 Wochen einen extrem langsamen Bootvorgang aufweist und dann relativ instabil ist, bspw Antiviren-Software abstürzt oder Programme sich aufhängen.

Vielen Dank bereits im Voraus für Hilfe.

Logfile of HijackThis v1.99.1
Scan saved at 12:37:33, on 08.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\mel\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {9B8E9200-85B9-402A-BD72-C17F41CD7C97} - C:\WINDOWS\system32\urqqpnn.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TkBellExe] !"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] !C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] !"C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [QuickTime Task] !"C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] !C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] !NDSTray.exe
O4 - HKLM\..\Run: [LVCOMSX] !C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] !C:\Programme\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] !C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] !C:\Programme\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ehTray] !C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] !C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATICCC] !"C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MSConfig] !C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\cxgrxtrn.dll",setvm
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Update] C:\Programme\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: bw+0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: jkklk - C:\WINDOWS\system32\jkklk.dll (file missing)
O20 - Winlogon Notify: urqqpnn - C:\WINDOWS\SYSTEM32\urqqpnn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

felix1 · 08.03.2007, 13:15

Hallo,

versuche mal die Datei mit dem Programm "Unlocker" zu löschen.

Zitat:

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

Hatte mal ein Leidensgenosse von dir geholfen die dll mit unlocker zu killen. Die dll war, wie bei dir mit winlogon.exe verknüpft!! Der PC war beim hochbooten schnarchlangsam.

Unlocker 1.8.5 - Freeware - ZDNet.de, Downloads, Utilities, System-Tools

Gruss

Franz1968 · 08.03.2007, 13:28

igfxdev.dll ist ein Intel-Treiber. Lieber nicht löschen.

undoreal · 08.03.2007, 13:50

Zitat:

HijackThis hat nun die C:\WINDOWS\system32\urqqpnn.dll gefunden,

wie darf ich denn das verstehen? HJT's automatische Auswertung ist äußerst ungenau.
Das Häkchen bei "Mark everything found for fixing after scan" muss raus! (Config in HJT)

Und was soll das?:

Zitat:

versuche mal die Datei mit dem Programm "Unlocker" zu löschen.
Zitat:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

Zitat:

igfxdev.dll ist ein Intel-Treiber. Lieber nicht löschen.

das würde ich nämlich auch sagen.

Also Damon Ridenow. Irgentwas stimmt doch auch mit deinen Prozessen nicht.. Waren das immer so wenig oder bootet er einfach nicht zu Ende und d.h. haben wir so ein log?

Befolge mal bitte die Anleitung zu MWAVE die in meiner Signatur verlinkt ist.
Poste das Ergebnis dann mit Hilfe der find.Bat. Arbeite die Anleitung also GANZ GENAU ab. Hinweis: Der scan dauert extrem lange!

Gruss

Undoreal

irrlicht · 08.03.2007, 14:30

Hallo,
ich würde ihm erst mal das an die Hand geben und raten dieser Anleitung zu folgen.....

L2mfix - guard.tmp - Look2Me Remover - popups - Look2Me-Destroyer
Irrlicht

undoreal · 08.03.2007, 15:24

Zitat:

Hallo,
ich würde ihm erst mal das an die Hand geben und raten dieser Anleitung zu folgen.....
L2mfix - guard.tmp - Look2Me Remover - popups - Look2Me-Destroyer
Irrlicht

besser! kein eScan; mach das zuerst!

PS: Proggi kannte ich nicht.

mfg

Undoreal

felix1 · 08.03.2007, 15:51

Zitat:

Zitat von Franz1968

igfxdev.dll ist ein Intel-Treiber. Lieber nicht löschen.

Upps, das habe ich übersehen. Hast natürlich recht!! Ist ein Treiber von Intel. Allerdings hatte jemand das gleiche Problem mit dem selben Verhalten und hat diese dll mit unlocker gelöscht. Dann lief sein System wieder. Das verwundert mich doch ein bisschen. Hatte auf ein getarnten Virus/Trojaner getippt!

Damon Ridenow · 08.03.2007, 16:33

Merci erstmal für die vielen Antworten.

Ich hab zwischenzeitlich noch weiter herumprobiert und die C:\WINDOWS\system32\urqqpnn.dll an http://www.virustotal.com/ gesendet. Heraus kam folgendes Log:

ntiVir 7.3.1.41 03.08.2007 no virus found
Authentium 4.93.8 03.07.2007 no virus found
Avast 4.7.936.0 03.07.2007 no virus found
AVG 7.5.0.447 03.08.2007 no virus found

BitDefender 7.2 03.08.2007 MemScan:Trojan.Downloader.NF

CAT-QuickHeal 9.00 03.07.2007 no virus found
ClamAV devel-20060426 03.08.2007 no virus found

DrWeb 4.33 03.08.2007 Trojan.Virtumod

eSafe 7.0.14.0 03.07.2007 no virus found

eTrust-Vet 30.6.3464 03.08.2007 Win32/Chisyne!generic

Ewido 4.0 03.07.2007 no virus found
FileAdvisor 1 03.08.2007 no virus found
Fortinet 2.85.0.0 03.08.2007 no virus found
F-Prot 4.3.1.45 03.07.2007 no virus found
F-Secure 6.70.13030.0 03.08.2007 no virus found

Ikarus T3.1.1.3 03.08.2007 MemScanTrojan.Downloader.NF

Kaspersky 4.0.2.24 03.08.2007 no virus found
McAfee 4979 03.07.2007 no virus found
Microsoft 1.2204 03.08.2007 no virus found
NOD32v2 2102 03.08.2007 no virus found
Norman 5.80.02 03.07.2007 no virus found

Panda 9.0.0.4 03.08.2007 Trj/Agent.ELE
Prevx1 V2 03.08.2007 SpywareQuake

Sophos 4.15.0 03.07.2007 no virus found
Sunbelt 2.2.907.0 03.07.2007 no virus found
Symantec 10 03.08.2007 no virus found
TheHacker 6.1.6.072 03.07.2007 no virus found
UNA 1.83 03.07.2007 no virus found
VBA32 3.11.2 03.07.2007 no virus found
VirusBuster 4.3.19:9 03.07.2007 no virus found

Als ich versuchte, diese .dll mit Unlocker von der winlogon.exe und explorer.exe zu entkoppeln, hatte ich im nächsten Moment das BIOS vor Augen und der PC bootete neu.

Mein HijackThis-Log war übrigens im abgesicherten Modus erstellt.

Ich werde mich nun an den Link von "Irrlicht" machen und schauen, was ich dadurch erreichen kann.

Damon Ridenow · 08.03.2007, 18:47

Ich hab nun die ersten drei Programme von Irrlicht's Link durchlaufen lassen.

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 08.03.2007 16:49:09

Attempting to delete infected files...

Making registry repairs.

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administratoren - Succeeded

------------------------------------------------------------------------
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqqpnn]
"Asynchronous"=dword:00000001
"DllName"="urqqpnn.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"EulaAccepted"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"sv1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f�r Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschaftenseite f�r vorherige Versionen"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorherige Versionen"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{E91B2703-013E-4A99-AD33-2B6FB00AA356}"="RecordNow! ContextMenuExt"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{97090E2F-3062-4459-855B-014F0D3CDBB1}"="Windows Deskbar"
"{13E7F612-F261-4391-BEA2-39DF4F3FA311}"="Windows Desktop Search"
"{D426CFD0-87FC-4906-98D9-A23F5D515D61}"="Windows Desktop Search Outlook Express ISearchFolder Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"
"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"
"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"
"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"
"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"
"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"
"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"
"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"
"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"
"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"
"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"
"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"
"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"
"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"
"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"
"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"
"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"
"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"
"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"
"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"
"{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice Property Sheet Handler"
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning"
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
advpack.dll Mon 8 Jan 2007 19:00:48 A.... 124.928 122,00 K
corpol.dll Mon 8 Jan 2007 19:01:14 A.... 17.408 17,00 K
cxgrxtrn.dll Thu 8 Mar 2007 11:20:44 A.... 123.412 120,52 K
elbycdio.dll Thu 11 Jan 2007 17:34:20 A.... 81.920 80,00 K
extmgr.dll Fri 12 Jan 2007 9:27:42 A.... 132.608 129,50 K
ieakeng.dll Mon 8 Jan 2007 19:02:02 A.... 153.088 149,50 K
ieaksie.dll Mon 8 Jan 2007 19:02:02 A.... 230.400 225,00 K
ieakui.dll Mon 8 Jan 2007 19:02:02 A.... 161.792 158,00 K
ieapfltr.dll Mon 8 Jan 2007 19:02:02 ..... 383.488 374,50 K
iedkcs32.dll Mon 8 Jan 2007 19:02:02 A.... 384.000 375,00 K
ieframe.dll Fri 12 Jan 2007 9:27:42 A.... 6.054.400 5,77 M
iernonce.dll Mon 8 Jan 2007 19:02:04 A.... 44.544 43,50 K
iertutil.dll Mon 8 Jan 2007 19:02:04 A.... 266.752 260,50 K
jsproxy.dll Fri 12 Jan 2007 9:27:42 A.... 27.136 26,50 K
msfeeds.dll Fri 12 Jan 2007 9:27:42 ..... 458.752 448,00 K
msfeed~1.dll Fri 12 Jan 2007 9:27:42 ..... 51.712 50,50 K
mshtml.dll Fri 12 Jan 2007 9:27:42 A.... 3.580.416 3,41 M
mshtmled.dll Fri 12 Jan 2007 9:27:42 A.... 477.696 466,50 K
msrating.dll Mon 8 Jan 2007 19:03:02 A.... 193.024 188,50 K
mstime.dll Fri 12 Jan 2007 9:27:42 A.... 670.720 655,00 K
occache.dll Mon 8 Jan 2007 19:04:08 A.... 102.400 100,00 K
px.dll Mon 25 Dec 2006 14:20:22 ..... 405.504 396,00 K
pxmas.dll Mon 25 Dec 2006 14:20:20 ..... 172.032 168,00 K
pxsfs.dll Mon 25 Dec 2006 14:20:20 ..... 1.191.936 1,14 M
pxwave.dll Mon 25 Dec 2006 14:20:20 ..... 339.968 332,00 K
shell32.dll Tue 19 Dec 2006 22:49:40 A.... 8.494.592 8,10 M
shsvcs.dll Tue 19 Dec 2006 22:49:42 A.... 135.168 132,00 K
url.dll Mon 8 Jan 2007 19:04:54 A.... 105.984 103,50 K
urlmon.dll Fri 12 Jan 2007 9:27:42 A.... 1.149.952 1,09 M
urqqpnn.dll Mon 5 Mar 2007 12:45:48 ..... 26.685 26,06 K
webcheck.dll Fri 12 Jan 2007 9:27:42 A.... 232.960 227,50 K
wiaservc.dll Tue 19 Dec 2006 19:17:04 A.... 334.336 326,50 K
wininet.dll Fri 12 Jan 2007 9:27:42 A.... 822.784 803,50 K

33 items found: 33 files, 0 directories.
Total of file sizes: 27.132.497 bytes 25,88 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
klkkj.tmp Mon 5 Mar 2007 13:43:48 ..SH. 454.542 443,89 K
mcrh.tmp Tue 6 Mar 2007 14:34:52 A.... 143 0,14 K

2 items found: 2 files (1 H/S), 0 directories.
Total of file sizes: 454.685 bytes 444,03 K
**********************************************************************************
Directory Listing of system files:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E079-2281

Verzeichnis von C:\WINDOWS\System32

08.03.2007 11:29 453.691 klkkj.ini2
08.03.2007 11:20 1.591.190 nrtxrgxc.ini
08.03.2007 11:20 453.918 klkkj.bak2
08.03.2007 09:51 476 vdlcwcaq.ini
05.03.2007 14:34 454.657 klkkj.ini
05.03.2007 13:43 454.542 klkkj.tmp
05.03.2007 13:36 353 egjlm.ini
17.02.2007 10:57 <DIR> dllcache
28.07.2006 18:51 <DIR> Microsoft
7 Datei(en) 3.408.827 Bytes
2 Verzeichnis(se), 41.202.974.720 Bytes frei

Damon Ridenow · 08.03.2007, 18:49

Logfile of HijackThis v1.99.1
Scan saved at 18:39:09, on 08.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Softwin\BitDefender8\bdnagent.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
c:\programme\softwin\bitdefender8\bdmcon.exe
c:\programme\softwin\bitdefender8\bdlite.exe
C:\Programme\Opera\Opera.exe
C:\Dokumente und Einstellungen\mel\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {2B6B1E40-9C40-49E4-AA9D-803CCA21400F} - C:\WINDOWS\system32\mllmm.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {9B8E9200-85B9-402A-BD72-C17F41CD7C97} - C:\WINDOWS\system32\urqqpnn.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\hncqyjxf.dll (file missing)
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TkBellExe] !"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] !C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] !"C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [QuickTime Task] !"C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] !C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] !NDSTray.exe
O4 - HKLM\..\Run: [LVCOMSX] !C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] !C:\Programme\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] !C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] !C:\Programme\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ehTray] !C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] !C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATICCC] !"C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MSConfig] !C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programme\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\pjbkuoyb.dll",setvm
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: bw+0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: mllmm - C:\WINDOWS\system32\mllmm.dll
O20 - Winlogon Notify: urqqpnn - C:\WINDOWS\SYSTEM32\urqqpnn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Die Datei c:\windows\system32\mllmm.dll wird übrigens als Trojaner Vundo identifiziert, lässt sich aber ebenso wenig wie die urqqpnn.dll löschen oder umbenennen.

undoreal · 08.03.2007, 21:53

Zitat:

Mein HijackThis-Log war übrigens im abgesicherten Modus erstellt.

lol und das sagst du uns jetzt.. O.k. das bestätigt folgendes:

Zitat:

Also Damon Ridenow. Irgentwas stimmt doch auch mit deinen Prozessen nicht.. Waren das immer so wenig oder bootet er einfach nicht zu Ende und d.h. haben wir so ein log?

Zitat:

Die Datei c:\windows\system32\mllmm.dll wird übrigens als Trojaner Vundo identifiziert, lässt sich aber ebenso wenig wie die urqqpnn.dll löschen oder umbenennen.

Schön dass du Eigenarbeit leistest tue dies zur Sicherheit auch mit dieser Datei:
" C:\WINDOWS\system32\pjbkuoyb.dll "

Auf Vundo hatte ich schon getippt.

Nun Arbeite folgendes ab:

-Vudofix

-Danach machst du bitte einen eScan mit MWAVE. Anleitung wie gesagt in meiner Signatur.

-Danach erstellst du bitte ein neues HJT log (normal Modus)

-Dann poste den Bericht von Vundofix, eScan und HJT.

mfg

Undoreal

Damon Ridenow · 08.03.2007, 22:20

Zitat:

Zitat von undoreal

lol und das sagst du uns jetzt..

Sorry, ich dachte, dass man HijackThis im abgesicherten Modus laufen lassen sollte *smile*

Der Check der pjbkuoyb.dll ergab folgende Rückmeldung:

Complete scanning result of "pjbkuoyb.dll", received in VirusTotal at 03.08.2007, 22:11:26 (CET).
Antivirus Version Update Result
AntiVir 7.3.1.41 03.08.2007 ADSPY/Virtumonde.HB.1
Authentium 4.93.8 03.07.2007 no virus found
Avast 4.7.936.0 03.08.2007 no virus found
AVG 7.5.0.447 03.08.2007 Adware Generic.VSL
BitDefender 7.2 03.08.2007 no virus found
CAT-QuickHeal 9.00 03.08.2007 AdWare.Virtumonde.hb (Not a Virus)
ClamAV devel-20060426 03.08.2007 no virus found
DrWeb 4.33 03.08.2007 Trojan.Virtumod
eSafe 7.0.14.0 03.08.2007 no virus found
eTrust-Vet 30.6.3464 03.08.2007 Win32/Vundo!generic
Ewido 4.0 03.07.2007 no virus found
FileAdvisor 1 03.08.2007 no virus found
Fortinet 2.85.0.0 03.08.2007 suspicious
F-Prot 4.3.1.45 03.08.2007 no virus found
F-Secure 6.70.13030.0 03.08.2007 no virus found
Ikarus T3.1.1.3 03.08.2007 no virus found
Kaspersky 4.0.2.24 03.08.2007 not-a-virus:AdWare.Win32.Virtumonde.hb
McAfee 4980 03.08.2007 no virus found
Microsoft 1.2204 03.08.2007 no virus found
NOD32v2 2104 03.08.2007 no virus found
Norman 5.80.02 03.07.2007 no virus found
Panda 9.0.0.4 03.08.2007 Spyware/Virtumonde
Prevx1 V2 03.08.2007 no virus found
Sophos 4.15.0 03.07.2007 Virtumundo
Sunbelt 2.2.907.0 03.07.2007 no virus found
Symantec 10 03.08.2007 Trojan.Vundo
TheHacker 6.1.6.072 03.07.2007 no virus found
UNA 1.83 03.07.2007 no virus found
VBA32 3.11.2 03.07.2007 no virus found
VirusBuster 4.3.19:9 03.08.2007 Adware.Virtumonde.BM

Aditional Information
File size: 123412 bytes
MD5: bce5ebeb870d84f52f06cabfbd9f2868
SHA1: 50dfc629e1f4c238c93a22c5e9b757d7ee997f4c

Momentaner Stand ist, dass Antivir in regelmäßigen Abständen Trojaner findet und entfernt, mit HijackThis finde ich auch immer wieder neue Schädlinge im Angebot.

Ich lass nun Vundofix drüberlaufen und mach dann den eScan.

Merci nochmals für die Hilfe, mit den Trojanern kann man ja echt verzweifeln

undoreal · 08.03.2007, 22:25

Zitat:

pjbkuoyb.dll

Treffer

Zitat:

Nun Arbeite folgendes ab:

-Vudofix

-Danach machst du bitte einen eScan mit MWAVE. Anleitung wie gesagt in meiner Signatur.

-Danach erstellst du bitte ein neues HJT log (normal Modus)

-Dann poste den Bericht von Vundofix, eScan und HJT.

mfg

Undoreal

Damon Ridenow · 09.03.2007, 00:06

Auftrag ausgeführt, und mit Erfolg, scheint mir. Vundo ist definitiv besiegt, der Laptop bootet wie eine Eins *sektkorkenknallenlass*

Vielen vielen Dank an die vielen Helfer auf diesem Board, vor allem natürlich an dich, Undoreal, der du den entscheidenden Tipp gegeben hast.

Also: Vundofix fand vier Dateien, die er in Quarantäne verlegte:

Die mit winlogon.exe und explorer.exe verknüpfte c:\windows\system32\urqqpnn.dll
c:\windows\system32\mmllm.dll
c:\windows\system32\mmllm.ini
c:\windows\system32\mmllm.bak1
-----------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Microsoft Windows XP [Version 5.1.2600]
Thu Mar 08 22:52:09 2007 => Version 9.1.7
Thu Mar 08 22:49:53 2007 => Virus-Datenbank Datum: 3/7/2007
Thu Mar 08 23:48:50 2007 => Virus-Datenbank Datum: 3/7/2007
Thu Mar 08 23:50:17 2007 => Virus-Datenbank Datum: 3/7/2007
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Mar 08 22:53:14 2007 => System found infected with wareout Adware (1.dat)! Action taken: Keine Aktion vorgenommen.
Thu Mar 08 22:53:14 2007 => System found infected with drivecleaner2006 Corrupted Adware/Spyware (pv.exe)! Action taken: Keine Aktion vorgenommen.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Thu Mar 08 22:53:14 2007 => Offending file found: C:\1.dat
Thu Mar 08 22:53:14 2007 => Offending file found: C:\WINDOWS\system32\pv.exe
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
Thu Mar 08 22:53:16 2007 => Offending Folder found: C:\Dokumente und Einstellungen\mel\Anwendungsdaten\toshiba\pcdiag\v3.0
~~~~~~~~~~~
Registry
~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Mar 08 23:48:50 2007 => Gefundene Viren: 3
Thu Mar 08 23:48:50 2007 => Anzahl Fehler: 145
Thu Mar 08 23:48:50 2007 => Dauer des Scans bisher: 00:56:40
Thu Mar 08 23:48:50 2007 => Gescannte Dateien: 101793
Thu Mar 08 22:52:10 2007 => Specherüberprüfung: Aktiviert
Thu Mar 08 22:52:10 2007 => Registry Überprüfung: Aktiviert
Thu Mar 08 22:52:10 2007 => System-Ordner Überprüfung: Aktiviert
Thu Mar 08 22:52:10 2007 => Überprüfung der Systembereiche: Deaktiviert
Thu Mar 08 22:52:10 2007 => Überprüfung der Dienste: Aktiviert
Thu Mar 08 22:52:10 2007 => Überprüfung der Festplatten: Deaktiviert
Thu Mar 08 22:52:10 2007 => Überprüfung aller Festplatten :Aktiviert

Damon Ridenow · 09.03.2007, 00:09

Logfile of HijackThis v1.99.1
Scan saved at 00:00:18, on 09.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\mel\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TkBellExe] !"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] !C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] !"C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [QuickTime Task] !"C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] !C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] !NDSTray.exe
O4 - HKLM\..\Run: [LVCOMSX] !C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] !C:\Programme\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] !C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] !C:\Programme\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ehTray] !C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] !C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATICCC] !"C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MSConfig] !C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: bw+0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {57677BEF-21E9-4366-83C9-EB7A625BF832} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

08.03.2007, 13:28	#3
Franz1968 /// Helfer-Team	Laptop voller Trojaner igfxdev.dll ist ein Intel-Treiber. Lieber nicht löschen. __________________ __________________ Geändert von Franz1968 (08.03.2007 um 13:29 Uhr) Grund: Link hinzugefügt.

Laptop voller Trojaner

Log-Analyse und Auswertung: Laptop voller Trojaner