Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   HILFE Bitte (https://www.trojaner-board.de/16975-hilfe-bitte.html)

MichaF 22.04.2005 22:33
HILFE Bitte
 
Hallo,

mir wurde das Forum empfohlen und nun bitte ich um Hilfe.

Ich bin schon den ganzen Tag auf der Spur eines HiJackers.Aber ich finde Ihn nicht.
Habe bereits Spybot, Ad-Aware und HiJackThis durch.Habe aber keine Ahnung was ich nun machen soll.

Kann mir jemand helfen ?

Habe auch schon ein Log erstellt aber weiß nicht wie ich es zeigen soll.

Vielen Dank Euch allen

Michael

Cidre 22.04.2005 22:59
Hallo,

halte dich an diese Anleitung und poste es.

MichaF 22.04.2005 23:15
Hallo und Danke ich glaube ich habs.

Hier sollte das Log stehen:

Logfile of HijackThis v1.99.1
Scan saved at 00:09:49, on 23.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sdkau.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe
C:\SpeedUp\SpeedItUp.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\WINDOWS\crdv32.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\LVComS.exe
C:\Programme\Siemens\Gigaset WLAN Adapter\wlm.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\aolshare\Coach\de_de\ab3.exe
C:\Programme\AOL 9.0b\waol.exe
C:\Programme\AOL 9.0b\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\DOKUME~1\Micha\LOKALE~1\Temp\Rar$EX01.082\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pcqhx.dll/sp.html#34321
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pcqhx.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pcqhx.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pcqhx.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pcqhx.dll/sp.html#34321
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pcqhx.dll/sp.html#34321
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D477064-C0A0-92DC-477A-47E26D658ED6} - C:\WINDOWS\system32\javavq32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SpeedItUp] C:\SpeedUp\SpeedItUp.exe -MINI
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [crdv32.exe] C:\WINDOWS\crdv32.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunOnce: [sdkau.exe] C:\WINDOWS\sdkau.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AVKBar] "C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKBar.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://rtl.midasplayer.de/midasa.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex...amesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C650A10-AF28-4523-8D5E-680C22E1AE39}: NameServer = 205.188.146.145
O18 - Protocol: bw+0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netpj32.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\aolserv.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
O23 - Service: G DATA AntiVirenKit Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


Und was nun ? (sorry aber habe echt keine Ahnung :balla: )

MichaF 23.04.2005 08:59
Hallo unf guten Morgen,

kann mir jetzt jemand sagen welche Einträge ich aus dem Log fixen soll ?

Vielen Dank

Micha

MichaF 23.04.2005 09:17
Nochmal Hallo,

kann mir niemand helfen ?

oder hab ich was falsch gemacht ?

Micha

The Saint 23.04.2005 09:33
Dein HJT sieht gar nicht gut aus!

Mach mal folgendes:

Lade dir ESCAN herunter und scanne wie folgt:

Erstelle diesen Ordner auf deinem Laufwerk c:\bases (WICHTIG).
Entzippe das heruntergeladene Programm mit rechtsklick "entpacken nach c:\bases
Wechsle danach in den abgesicherten Modus.
Öffne nun den Explorer,suche nach dem Ordner c:\bases und startet die Datei mwavscan.exe.

Jetzt wird das Betriebssystem gescannt dauert so ca. 1Std. nach Beendigung des Scans wechselst man zurück in den normalen Modus.

Nun öffnest du mit dem Editor, die mwav.log und wählst unter bearbeiten -> suchen, hier gibst du infected ein.

Alle Zeilen in der infected steht markieren, und hier einfügen.
Ganz unten steht die Zusammenfassung, diese auch hier posten :)

Diese Einstellungen beachten http://www.trojaner-board.de/42731-escan-anleitung.html

MichaF 23.04.2005 13:14
Hier bin ich wieder,

nach 1.45 Stunden ist escan auch durch.

Hier die Dateien mit infected:

Sat Apr 23 11:38:28 2005 => File C:\WINDOWS\system32\javavq32.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:39 2005 => File C:\WINDOWS\crdv32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:39 2005 => File C:\WINDOWS\sdkau.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => System found infected with sw Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => File System Found infected by "sw Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => System found infected with se Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => System found infected with hsa Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:28 2005 => File C:\WINDOWS\appkj.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:31 2005 => File C:\WINDOWS\ietq32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:36 2005 => File C:\WINDOWS\pcqhx.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:39 2005 => File C:\WINDOWS\sdkcr32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:42 2005 => File C:\WINDOWS\whmwh.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:45 2005 => File C:\WINDOWS\System32\addii.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:40:44 2005 => File C:\WINDOWS\System32\jccld.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:41:10 2005 => File C:\WINDOWS\System32\msgm32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 12:07:59 2005 => File C:\Dokumente und Einstellungen\Micha\Eigene Dateien\backups\backup-20050422-155650-170.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 12:28:58 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sat Apr 23 13:03:06 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP347\A0047642.dll infected by "not-a-virus:AdWare.SaveNow.as" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:26 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049738.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:28 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049801.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:29 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049816.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049839.exe infected by "not-a-virus:Porn-Dialer.Win32.PluginAccess" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049840.exe infected by "not-a-virus:Porn-Dialer.Win32.PluginAccess" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049841.exe infected by "Trojan-Downloader.Win32.Small.aa" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049842.exe infected by "not-a-virus:AdWare.SaveNow.ay" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:07:17 2005 => File C:\WINDOWS\appkj.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:11:01 2005 => File C:\WINDOWS\ietq32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:14:11 2005 => File C:\WINDOWS\pcqhx.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:14:27 2005 => File C:\WINDOWS\sdkcr32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:16:28 2005 => File C:\WINDOWS\system32\addii.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:20:14 2005 => File C:\WINDOWS\system32\jccld.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:20:44 2005 => File C:\WINDOWS\system32\msgm32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:23:25 2005 => File C:\WINDOWS\whmwh.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:23:48 2005 => Total Objects Scanned: 69531
Sat Apr 23 13:23:48 2005 => Total Virus(es) Found: 37
Sat Apr 23 13:23:48 2005 => Total Disinfected Files: 0
Sat Apr 23 13:23:48 2005 => Total Files Renamed: 0
Sat Apr 23 13:23:48 2005 => Total Deleted Objects: 0
Sat Apr 23 13:23:48 2005 => Total Errors: 271
Sat Apr 23 13:23:48 2005 => Time Elapsed: 01:45:44
Sat Apr 23 13:23:48 2005 => Virus Database Date: 2005/04/20
Sat Apr 23 13:23:48 2005 => Virus Database Count: 126821

Sat Apr 23 13:23:48 2005 => Scan Completed.

Ich habe zwar keine Ahnung aber das sieht ganz schön mies aus finde ich

ABER ERSTMAL DANKE an THE SAINT !!!!!!

Was soll ich nun machen ?????

Danke für die ANtwort
Micha

The Saint 23.04.2005 13:38
Es gibt 2 Möglichkeiten:

1.) Das aus dem Escan log alles zu löschen (eine Menge Arbeit)
2.) Dein System neu zu installieren und zwar nach dieser Anleitung

MichaF 23.04.2005 13:50
Danke schon mal.

Wie kann ich das denn aus escan löschen ?

Habesoviele Daten auf dem Rechner das es ewig dauern würde bis ich alles neu drauf habe.

Würde gerne erst das Löschen versuchen.

Hilfst Du mir noch mal bitte ?

Danke

Micha

Rene-gad 23.04.2005 13:55
@MichaF
Zitat:
Wie kann ich das denn aus escan löschen ?
Log ausdrucken, Dateien über Windows-Suchfunktion finden, löschen.
Wie The Saint schon gesagt hat - jede Menge Arbeit. Ich würde dir die Lösung 2 empfehlen

The Saint 23.04.2005 14:06
Zitat:
Zitat von MichaF
Danke schon mal.

Wie kann ich das denn aus escan löschen ?

Habesoviele Daten auf dem Rechner das es ewig dauern würde bis ich alles neu drauf habe.

Würde gerne erst das Löschen versuchen.

Hilfst Du mir noch mal bitte ?

Danke

Micha
Lösche folgende Dateien:

C:\WINDOWS\system32\javavq32.dll
C:\WINDOWS\crdv32.exe
C:\WINDOWS\sdkau.exe
C:\WINDOWS\appkj.exe
C:\WINDOWS\ietq32.exe
C:\WINDOWS\pcqhx.dll
C:\WINDOWS\sdkcr32.exe
C:\WINDOWS\whmwh.dll
C:\WINDOWS\System32\addii.exe
C:\WINDOWS\System32\jccld.dll
C:\WINDOWS\System32\msgm32.exe
C:\Dokumente und Einstellungen\Micha\Eigene Dateien\backups\backup-20050422-155650-170.dll

C:\Programme\AVPersonal\INFECTED\*.*

Die Systemwiederherstellung abschalten und dies geschieht folgendermaßen.

Rechter Mausklick auf das Symbol Arbeitsplatz --> Eigenschaften --> Systemwiederherstellung (Haken bei "Systemwiederherstellung bei allen Laufwerken deaktivieren setzen").

Lade dir CLEARPROG
herunter und führe dieses aus.

Scanne danach mit Spybot!

MichaF 23.04.2005 15:00
Danke The Saint,

Ich bekomme diese Einträge nicht gelöscht:

javavq32.dll
crdv32.exe
sdkau.exe

Da schreibt er immer: kann nicht gelöscht werden, wird gerade verwandt oder ist schreibgeschützt.

Was kann ich denn da machen ?

Das andere ist weg und CLEARPROg hab ich auch schon mal laufen lassen

Spybot kommt jetzt dran ;o)

Danke

Micha

smulfi 23.04.2005 15:11
versuch sie halt in der eingabeaufforderung, sprich im dos fenster zu löschen
auch ist wichtig, dass sie nichtmehr am laufen sind, sprich du den prozess im taskmanager zuerst beendest.

MichaF 23.04.2005 15:20
Hallo Smulfi,

danke für den Rat !

die :crdv32.exe bekomme ich raus aber sdkau.exe kommt wieder nachdem ich sie gelöscht habe.

Und wie kann ich die mit der Eingabeaufforderung löschen ?

Da steht ja immer der Pfad.Soll ich dann den anderen Pfad dahinkopiern ?

Sory aber habe doch keine Ahnung

Danke für die Antwort

Micha

smulfi 23.04.2005 15:42
okay...eigabeaufforderung findest du unter start->programme->zubehör-eingabeaufforderung

dort gehst du dann zu C:\WINDOWS\

wenn du dich in dem verzeichnis befindest den befehl: del sdkau.exe eingeben....danach müsste sie weg sein

die verzeichnisse wechselst du indem du z.b abwärts cd.. eigibst und mit return bestätigst und aufwärts den pfad angeben und mit return bestätigen

MichaF 23.04.2005 19:21
Hallo zusammen,

hier mein letztes HiJackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 20:19:49, on 23.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe
C:\SpeedUp\SpeedItUp.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programme\Siemens\Gigaset WLAN Adapter\wlm.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\AOL 9.0b\waol.exe
C:\Programme\AOL 9.0b\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\WINDOWS\system32\addku.exe
C:\WINDOWS\msrn32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\Programme\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - C:\WINDOWS\system32\atlnp32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SpeedItUp] C:\SpeedUp\SpeedItUp.exe -MINI
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AVKBar] "C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKBar.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://rtl.midasplayer.de/midasa.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex...amesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C650A10-AF28-4523-8D5E-680C22E1AE39}: NameServer = 205.188.146.145
O18 - Protocol: bw+0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkau.exe" /s (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\aolserv.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
O23 - Service: G DATA AntiVirenKit Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Für mich immer noch Kauderwelsch aber Ihr kennt Euch zum Glück damit aus.

DANKE schon jetzt

Micha

Cidre 23.04.2005 19:36
@ MichaF

Die Malware ist immer noch aktiv. Führe zunächst dies aus:

Rechtsklick auf die Find.bat -> 'Ziel speichern unter…' z.B. C:\ -> Find.bat doppelklicken und den Scan abwarten -> den Inhalt der C:\eScan_neu.txt hier posten [1].

[1] Strg+A (alles markieren) -> Strg+C (kopieren) -> Strg+V (hier in den Thread einfügen)

MichaF 23.04.2005 19:54
Hallo Cidre,

danke für die Antwort.

Habe die Findbat gespeichert.Die ratterte nach dem öffnen sofort los und war wieder weg.

Meintest Du mit der escan neu.txt das ich escan nochmal neu laufen lassen muß ?

Micha

Cidre 23.04.2005 20:00
Nein, du solltest lediglich unter C:\ die eScan_neu.txt öffnen und danach deren Inhalt hier posten.

MichaF 23.04.2005 20:09
Hallo Cidre,

sorry aber irgendwie hab ich einen ganzen Baum vorm Kopf.Ich habe keine escan neu.txt nur eine escan alt.txt.

Wo oder besser wie soll ich die finden ?

Danke für Deine Geduld :(

Micha

cronos 23.04.2005 20:10
Dann poste uns deren Inhalt.

MichaF 23.04.2005 20:18
Hallo,

ok hier ist die alte:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Apr 23 11:38:28 2005 => File C:\WINDOWS\system32\javavq32.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:39 2005 => File C:\WINDOWS\crdv32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:39 2005 => File C:\WINDOWS\sdkau.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => System found infected with sw Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => File System Found infected by "sw Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => System found infected with se Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => System found infected with hsa Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 11:38:59 2005 => File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:28 2005 => File C:\WINDOWS\appkj.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:31 2005 => File C:\WINDOWS\ietq32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:36 2005 => File C:\WINDOWS\pcqhx.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:39 2005 => File C:\WINDOWS\sdkcr32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:42 2005 => File C:\WINDOWS\whmwh.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:39:45 2005 => File C:\WINDOWS\System32\addii.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:40:44 2005 => File C:\WINDOWS\System32\jccld.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 11:41:10 2005 => File C:\WINDOWS\System32\msgm32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 12:07:59 2005 => File C:\Dokumente und Einstellungen\Micha\Eigene Dateien\backups\backup-20050422-155650-170.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 12:28:58 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sat Apr 23 13:03:06 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP347\A0047642.dll infected by "not-a-virus:AdWare.SaveNow.as" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:26 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049738.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:28 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049801.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:29 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049816.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049839.exe infected by "not-a-virus:Porn-Dialer.Win32.PluginAccess" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049840.exe infected by "not-a-virus:Porn-Dialer.Win32.PluginAccess" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049841.exe infected by "Trojan-Downloader.Win32.Small.aa" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:05:30 2005 => File C:\System Volume Information\_restore{0AB430A5-8B27-442B-966C-D6346AF14838}\RP374\A0049842.exe infected by "not-a-virus:AdWare.SaveNow.ay" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:07:17 2005 => File C:\WINDOWS\appkj.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:11:01 2005 => File C:\WINDOWS\ietq32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:14:11 2005 => File C:\WINDOWS\pcqhx.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:14:27 2005 => File C:\WINDOWS\sdkcr32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:16:28 2005 => File C:\WINDOWS\system32\addii.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:20:14 2005 => File C:\WINDOWS\system32\jccld.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:20:44 2005 => File C:\WINDOWS\system32\msgm32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:23:25 2005 => File C:\WINDOWS\whmwh.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 13:23:48 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Apr 23 12:26:07 2005 => File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Apr 23 12:27:00 2005 => File C:\Programme\AOL 9.0a\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Apr 23 12:27:52 2005 => File C:\Programme\AOL 9.0b\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Apr 23 12:30:13 2005 => File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Apr 23 12:50:06 2005 => File C:\Sun\AppServer\jdk\demo\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sat Apr 23 12:50:33 2005 => File C:\Sun\AppServer\jdk\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statisktiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Apr 23 13:23:48 2005 => Total Virus(es) Found: 37
Sat Apr 23 13:23:48 2005 => Total Errors: 271
Sat Apr 23 13:23:48 2005 => Time Elapsed: 01:45:44
Sat Apr 23 13:23:48 2005 => Total Objects Scanned: 69531
Sat Apr 23 11:36:32 2005 => Virus Database Date: 2005/04/20
Sat Apr 23 13:23:48 2005 => Virus Database Date: 2005/04/20
Sat Apr 23 13:38:01 2005 => Virus Database Date: 2005/04/20
Sat Apr 23 15:09:00 2005 => Virus Database Date: 2005/04/20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Und jetzt fragt sich Klein Micha: Wasn nu zu tun ?

Grüße

Micha

cronos 23.04.2005 20:30
Gehe wie folgt vor:

Wechsle in den abgesicherten Modus bei deaktiviertes Systemwiederherstellung:

www.bsi.bund.de/av/texte/wiederher.htm

Lösche manuell:
C:\WINDOWS\system32\javavq32.dll
C:\WINDOWS\crdv32.exe
C:\WINDOWS\sdkau.exe
C:\WINDOWS\appkj.exe
C:\WINDOWS\ietq32.exe
C:\WINDOWS\pcqhx.dll
C:\WINDOWS\sdkcr32.exe
C:\WINDOWS\whmwh.dll
:\WINDOWS\System32\addii
C:\WINDOWS\System32\jccld.dll
:\WINDOWS\System32\msgm32.exe
File C:\Dokumente und Einstellungen\Micha\Eigene Dateien\backups\backup-20050422-155650-170.dll

Leere den Inhalt folgenden Ordners:

C:\Programme\AVPersonal\INFECTED\

Lade dir auch Spybot und Adaware runter und lösche deren Funde.

Spybot:http://www.safer-networking.org/de/spybotsd/index.html

Adaware: http://www.lavasoftusa.com/software/adaware/

Mit Spybot auch noch zusätzlich immunisieren.

Neu booten,Systemwiederherstellung aktivieren und neuenLog von Hijackthis posten.

Edit:Falls die Dateien nicht findest:

Windows Explorer (Win Taste +E) -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK"
Die Einstellungen danach wieder rückgängig machen.

MichaF 23.04.2005 20:36
Hallo Cronos,

alles schon gemacht, hier das neue LOG :

Logfile of HijackThis v1.99.1
Scan saved at 21:34:41, on 23.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe
C:\SpeedUp\SpeedItUp.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programme\Siemens\Gigaset WLAN Adapter\wlm.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\AOL 9.0b\waol.exe
C:\Programme\AOL 9.0b\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\WINDOWS\system32\addku.exe
C:\WINDOWS\msrn32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - C:\WINDOWS\system32\atlnp32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SpeedItUp] C:\SpeedUp\SpeedItUp.exe -MINI
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AVKBar] "C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKBar.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://rtl.midasplayer.de/midasa.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex...amesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C650A10-AF28-4523-8D5E-680C22E1AE39}: NameServer = 205.188.146.145
O18 - Protocol: bw+0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {88482298-D8E1-4D05-923C-50624B821572} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkau.exe" /s (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\aolserv.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
O23 - Service: G DATA AntiVirenKit Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Und nun ?

Micha

The Saint 23.04.2005 20:47
Zitat:
C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Falls du diese Einträge nicht kennst bitte Fixe also alle 018 Einträge

und diesen hier: O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - C:\WINDOWS\system32\atlnp32.dll

O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0....g-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0....r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0....u-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0....s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0....m-ob-assets.cab

danach führe dies aus http://www.derbilk.de/SpSeHjfix112.zip

Wenn du meinen 2.ten Vorschlag (System neu installieren) durchgeführt hättest, wärst du schon längst fertig.
Jetzt mußt du alles durchchecken und kannst dir noch immer nicht sicher sein das dein System danach besser läuft bzw. sicher ist.

cronos 23.04.2005 20:54
@ the saint

Ich denke nicht, dass das Tool gebraucht wird.
Dann sähe der Log eher wie folgt aus:

http://trojaner-info.de/anleitungen/...out_blank.html

Und ich sehe hier rein gar nichts von se.dll

Warum allerdings hier haufenweise der O18 Eintrag ausgeworfen wird, ist mir unklar.Bug von HJT?

MichaF 23.04.2005 20:56
So alles gemacht.

Was nun ?

Neue Log von HiJackTHis ? oder was anderes ?

Micha

The Saint 23.04.2005 20:57
Zitat:
Zitat von cronos
@ the saint

Ich denke nicht, dass das Tool gebraucht wird.
Dann sähe der Log eher wie folgt aus:

http://trojaner-info.de/anleitungen/...out_blank.html

Und ich sehe hier rein gar nichts von se.dll

Warum allerdings hier haufenweise der O18 Eintrag ausgeworfen wird, ist mir unklar.Bug von HJT?
Hab ich mich jetzt hiermit geirrt:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321

Dann bitte ich um Entschuldigung!

cronos 23.04.2005 20:57
Neuen Log erstellen.
Den Inhalt der mwav. log löschen.
Escan erneut durchführen und auch Log davon posten.

cronos 23.04.2005 21:04
@ the saint

Sogar ich mache manchmal Fehler;).Nimms dir nicht zu Herzen :knuddel:
HiHi

MichaF 24.04.2005 08:51
Hallo und Guten Morgen,

also hier meine "infected" Dateien aus dem mwav.log:

Sun Apr 24 00:17:13 2005 => File C:\WINDOWS\system32\wmejl.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:14:29 2005 => File C:\WINDOWS\system32\ntya.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:08:22 2005 => File C:\WINDOWS\system32\atlnp32.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:08:21 2005 => File C:\WINDOWS\system32\atlcj.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:03:37 2005 => File C:\WINDOWS\msrn32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 23:55:36 2005 => File C:\WINDOWS\d3zh.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 23:18:47 2005 => File C:\Programme\hijackthis\backups\backup-20050423-215023-214.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:08:57 2005 => File C:\WINDOWS\System32\wmejl.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:07:52 2005 => File C:\WINDOWS\System32\ntya.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:05:43 2005 => File C:\WINDOWS\System32\atlnp32.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:05:43 2005 => File C:\WINDOWS\System32\atlcj.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:05:21 2005 => File C:\WINDOWS\msrn32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:05:15 2005 => File C:\WINDOWS\d3zh.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:04:44 2005 => File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:04:44 2005 => System found infected with hsa Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 22:04:44 2005 => File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:04:44 2005 => System found infected with se Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 22:04:44 2005 => File System Found infected by "sw Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:04:44 2005 => System found infected with sw Spyware/Adware! Action taken: No Action Taken.
Sat Apr 23 22:04:15 2005 => File C:\WINDOWS\system32\addku.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:04:03 2005 => File C:\WINDOWS\system32\d3ph.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:04:00 2005 => File C:\WINDOWS\system32\atlnp32.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:03:59 2005 => File C:\WINDOWS\msrn32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Sat Apr 23 22:03:59 2005 => File C:\WINDOWS\system32\addku.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Sun Apr 24 00:18:22 2005 => ***** Scanning complete. *****

Sun Apr 24 00:18:22 2005 => Total Objects Scanned: 59113
Sun Apr 24 00:18:22 2005 => Total Virus(es) Found: 27
Sun Apr 24 00:18:22 2005 => Total Disinfected Files: 0
Sun Apr 24 00:18:22 2005 => Total Files Renamed: 0
Sun Apr 24 00:18:22 2005 => Total Deleted Objects: 0
Sun Apr 24 00:18:22 2005 => Total Errors: 269
Sun Apr 24 00:18:22 2005 => Time Elapsed: 02:15:39
Sun Apr 24 00:18:22 2005 => Virus Database Date: 2005/04/20
Sun Apr 24 00:18:22 2005 => Virus Database Count: 126821

Sun Apr 24 00:18:22 2005 => Scan Completed.

Und Nun die Dateien im abgesicherten Modus löschen ?

Micha

The Saint 24.04.2005 10:03
Lade dir Killbox herunter.

Starte den Rechner im abgesicherten Modus .
Hierbei beachte, dass die Systemwiederherstellung abgeschaltet ist und dies geschieht folgendermaßen.

Rechter Mausklick auf das Symbol Arbeitsplatz --> Eigenschaften --> Systemwiederherstellung (Haken bei "Systemwiederherstellung bei allen Laufwerken deaktivieren setzen").
WICHTIG die Systemwiederherstellung muß abgeschaltet sein

danach lösche folgende Einträge:

Zitat:
C:\WINDOWS\system32\wmejl.dll
C:\WINDOWS\system32\ntya.dll
C:\WINDOWS\system32\atlnp32.dll
C:\WINDOWS\system32\atlcj.exe
C:\WINDOWS\msrn32.exe
C:\WINDOWS\d3zh.exe
C:\Programme\hijackthis\backups\backup-20050423-215023-214.dll
C:\WINDOWS\system32\d3ph.dll
C:\WINDOWS\system32\addku.exe
Es kann sein das manche Dateien nicht angezeigt werden dann mache folgendes:
Öffne die Windows Explorer:
Unter Ordneroptionen/Ansicht/
Bei geschützten System Dateien (Hacken entfernen)
Bei Inhalte von Systemdateien anzeigen (Hacken setzen)
Alle Dateien und Ordner anzeigen (anklicken) danach auf OK

Danach sollten alle Dateien sichtbar sein.



Falls sich einige Dateien nicht löschen lassen benutze Killbox!

Weiters fixe folgende Einträge mit HJT (falls noch vorhanden):

Zitat:
C:\WINDOWS\system32\addku.exe
C:\WINDOWS\msrn32.exe

C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe Löschen falls nicht bekannt
C:\SpeedUp\SpeedItUp.exe Löschen falls nicht bekannt

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wmejl.dll/sp.html#34321

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {CC67ADD3-8236-844B-5732-907E26BCF629} - C:\WINDOWS\system32\atlnp32.dll

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe" Löschen falls nicht bekannt
O4 - HKLM\..\Run: [SpeedItUp] C:\SpeedUp\SpeedItUp.exe -MINI Löschen falls nicht bekannt
O4 - HKLM\..\Run: [addku.exe] C:\WINDOWS\system32\addku.exe

O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.0....g-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0....r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.0....u-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.0....s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0....m-ob-assets.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylomgames.com/activex/zylomloader.cab

Alle 018 Einträge

O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkau.exe" /s (file missing)
Danach neustarten und HJT Logfile posten.

The Saint 24.04.2005 10:25
Noch was bitte Einstellungen zur killbox:

Killbox auf "Delete on Reboot" stellen
Den pfad zur Datei eingeben und auf das rote Kreuz klicken..
Danach wirst du gefragt "Do you want to reboot?" auf "no" und erst nach der letzten Pfadangabe auf "yes" klicken.

MichaF 24.04.2005 11:59
Hallo, hier isser wieder :heilig:

alles wie beschrieben gekillt und gemacht.Sieht für mich auch besser aus.

Hier das aktuelle HJT-LOG:

Logfile of HijackThis v1.99.1
Scan saved at 12:57:49, on 24.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe
C:\SpeedUp\SpeedItUp.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programme\Siemens\Gigaset WLAN Adapter\wlm.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\AOL 9.0b\waol.exe
C:\Programme\AOL 9.0b\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Programme\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SpeedItUp] C:\SpeedUp\SpeedItUp.exe -MINI
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AVKBar] "C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKBar.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C650A10-AF28-4523-8D5E-680C22E1AE39}: NameServer = 205.188.146.145
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\aolserv.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKService.exe
O23 - Service: G DATA AntiVirenKit Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA AntiVirenKit präsentiert von AOL\AVKWCtl.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


Was ist jetzt noch zu tun ?

Welchen anderen Brouwser soll ich mir denn als Ersatz für den IE laden ? Und wo kann ich das am besten ?

DANKE an alle die geholfen haben, Ihr seid ne Wucht :daumenhoc

Micha

The Saint 24.04.2005 12:08
Also vorerst mal alle updates von Mikrosoft herunterladen!

Danach den IE- Explorer nur mehr zum updaten verwenden.

Zum surfen verwende den Firefox

Für Emails verwende den Thunderbird

Ansonsten sieht dein Log jetzt sauber aus!

The Saint 24.04.2005 12:13
Ach ja lade dir noch den ccleaner herunter und führe diesen aus!


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131