Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Medload (https://www.trojaner-board.de/28094-medload.html)

pascal105 04.04.2006 17:33
Medload
 
Kann sich das mal jemand anschauen, habe mit xoft immer den metload gefunden, er reaktiviert sich wahrscheinlich bei aufstarten

danke

Logfile of HijackThis v1.99.1
Scan saved at 18:17:55, on 04.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\Logitech\Easy Synchronization\servicestub.exe
C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
I:\SEETEC\SAPDB\DEPEND\pgm\kernel.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\UnrealStreaming\UMediaServer\UMediaServer.exe
i:\seetec\sapdb\indep_prog\pgm\serv.exe
I:\Seetec\tools\Setup\SeeTec5_ENT_SRV.exe
I:\Seetec\tools\Setup\SeeTec5_EVT_SRV.exe
I:\Seetec\tools\Setup\SeeTec5_AUTH_SRV.exe
I:\Seetec\tools\Setup\SeeTec5_ALARM_SRV.exe
I:\Seetec\tools\Setup\Chain\SeeTec5_MDB.exe
I:\Seetec\tools\Setup\SeeTec5_CM.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\Logitech\MediaLife\MediaLifeService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programme\Logitech\Easy Messaging\MobilePhoneSuite.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Nokia\Nokia PC Suite 6\pcsync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\MOZILLA1.6\MOZILLA.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programme\NetLimiter\NetLimiter.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\XoftSpy\XoftSpy.exe
C:\Programme\Azureus\Azureus.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Pascal\LOKALE~1\Temp\Rar$EX00.406\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.looksmart.com/p/search?pi=lstb2&tv=1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NetLimiter] C:\Programme\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programme\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Easy Messaging] C:\Programme\Logitech\Easy Messaging\MobilePhoneSuite.exe --nogui
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dmplk.exe] C:\WINDOWS\system32\dmplk.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\pcsync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094491857078
O17 - HKLM\System\CCS\Services\Tcpip\..\{14B3C669-2F87-4BF3-B7EE-0E90FE0BF217}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{2142F869-B176-421E-9112-B9E92B7DABB4}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A5E6BF2-093E-4E56-83C5-47A1098BA5CF}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{36D3FF39-60BE-47A7-BA8F-82B00A7DC96E}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{792BB544-6795-48A9-B3E3-D96C2ED7A337}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB8757B4-74C2-4EB3-95FC-31D9FA94BE16}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF85269F-00E0-4A86-9064-A518C1C37C12}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD37898B-0E3A-4C73-BA63-76C5BF2A3A5F}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{14B3C669-2F87-4BF3-B7EE-0E90FE0BF217}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{14B3C669-2F87-4BF3-B7EE-0E90FE0BF217}: NameServer = 85.255.114.23,85.255.112.112
O18 - Protocol: bw+0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: dvd4free - dvd4free.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programme\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAPDB: .ISEETEC (SAP DBTech-.ISEETEC) - SAP AG - I:\SEETEC\SAPDB\DEPEND\pgm\kernel.exe
O23 - Service: SAPDB: SEETEC (SAP DBTech-SEETEC) - SAP AG - I:\SEETEC\SAPDB\DEPEND\pgm\kernel.exe
O23 - Service: SeeTec5_ALARM - Alexandria Software Consulting - I:\Seetec\tools\Setup\SeeTec5_ALARM_SRV.exe
O23 - Service: SeeTec5_AUTH - Alexandria Software Consulting - I:\Seetec\tools\Setup\SeeTec5_AUTH_SRV.exe
O23 - Service: SeeTec5_CM - Alexandria Software Consulting - I:\Seetec\tools\Setup\SeeTec5_CM.exe
O23 - Service: SeeTec5_ENT - Alexandria Software Consulting - I:\Seetec\tools\Setup\SeeTec5_ENT_SRV.exe
O23 - Service: SeeTec5_EVT - Alexandria Software Consulting - I:\Seetec\tools\Setup\SeeTec5_EVT_SRV.exe
O23 - Service: SeeTec5_MDB - Alexandria Software Consulting - I:\Seetec\tools\Setup\Chain\SeeTec5_MDB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UMediaServer - Unreal Streaming Technologies Group. - C:\Programme\UnrealStreaming\UMediaServer\UMediaServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: XServer - SAP AG - i:\seetec\sapdb\indep_prog\pgm\serv.exe

BataAlexander 04.04.2006 20:28
Hallo,

scanne folgende Dateien online bei Jotti und virustotal und poste das Ergebnis hier:

C:\WINDOWS\system32\dmplk.exe
dvd4free.dll (suchen!)

Lade Dir Blacklight und poste das Log hier. Benutzt Du Ghost oder ist es nur installiert?
Und wie kommt
Zitat:
O23 - Service: XServer - SAP AG - i:\seetec\sapdb\indep_prog\pgm\serv.exe
auf Deinen Rechner durch Dich? Er kommuniziert in Die Ukraine, Dein Rechner, also wenn Du ein Ghost image hast, würde ich zum Rücksichern raten.

Gruß

Schrulli

pascal105 06.04.2006 16:48
Seetec ist eine Software für Kamera`s. habe es deinstalliert.
Konnte deine Dateien gar nicht mehr finden auf dem rechner



Logfile of HijackThis v1.99.1
Scan saved at 17:42:53, on 06.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\Logitech\Easy Synchronization\servicestub.exe
C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\UnrealStreaming\UMediaServer\UMediaServer.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\NetLimiter\NetLimiter.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\Logitech\MediaLife\MediaLifeService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programme\Logitech\Easy Messaging\MobilePhoneSuite.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Nokia\Nokia PC Suite 6\pcsync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programme\Mozilla1.6\mozilla.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Azureus\Azureus.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Pascal\LOKALE~1\Temp\Rar$EX00.719\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.looksmart.com/p/search?pi=lstb2&tv=1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NetLimiter] C:\Programme\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programme\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Easy Messaging] C:\Programme\Logitech\Easy Messaging\MobilePhoneSuite.exe --nogui
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dmplk.exe] C:\WINDOWS\system32\dmplk.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\pcsync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094491857078
O17 - HKLM\System\CCS\Services\Tcpip\..\{14B3C669-2F87-4BF3-B7EE-0E90FE0BF217}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{2142F869-B176-421E-9112-B9E92B7DABB4}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A5E6BF2-093E-4E56-83C5-47A1098BA5CF}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{36D3FF39-60BE-47A7-BA8F-82B00A7DC96E}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{792BB544-6795-48A9-B3E3-D96C2ED7A337}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB8757B4-74C2-4EB3-95FC-31D9FA94BE16}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF85269F-00E0-4A86-9064-A518C1C37C12}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD37898B-0E3A-4C73-BA63-76C5BF2A3A5F}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{14B3C669-2F87-4BF3-B7EE-0E90FE0BF217}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{14B3C669-2F87-4BF3-B7EE-0E90FE0BF217}: NameServer = 85.255.114.23,85.255.112.112
O18 - Protocol: bw+0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {936F2262-0B92-49FE-A9E1-036CC373D72A} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: dvd4free - dvd4free.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programme\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UMediaServer - Unreal Streaming Technologies Group. - C:\Programme\UnrealStreaming\UMediaServer\UMediaServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BataAlexander 06.04.2006 17:40
Hallo,

ich wollte ein Blacklight Log.

Gruß

Schrulli

pascal105 06.04.2006 18:13
Aus diesem proggi kann man gar kein log auswerten, oder wie muss ich das machen?
gefunden hat es nichts

pascal105 08.04.2006 15:32
oder meinst du das?

04/06/06 19:01:14 [Info]: BlackLight Engine 1.0.35 initialized
04/06/06 19:01:14 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/06/06 19:01:15 [Note]: 7019 4
04/06/06 19:01:15 [Note]: 7005 0
04/06/06 19:01:18 [Note]: 7006 0
04/06/06 19:01:18 [Note]: 7011 2492
04/06/06 19:01:18 [Note]: 7026 0
04/06/06 19:01:18 [Note]: 7026 0
04/06/06 19:01:18 [Note]: FSRAW library version 1.7.1015
04/06/06 19:21:14 [Note]: 7007 0

BataAlexander 09.04.2006 02:29
Hallo,

das Log meinte ich, danke.
Bei welchem Provider bist Du? Sagt Dir h**p://www.wvfiber.net was?
Wenn nein, diese im HJT im abgesicheretn Modus fixen:

O17 - HKLM\System\CCS\Services\Tcpip\..\{14B3C669-2F87-4BF3-B7EE-0E90FE0BF217}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{2142F869-B176-421E-9112-B9E92B7DABB4}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A5E6BF2-093E-4E56-83C5-47A1098BA5CF}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{36D3FF39-60BE-47A7-BA8F-82B00A7DC96E}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{792BB544-6795-48A9-B3E3-D96C2ED7A337}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB8757B4-74C2-4EB3-95FC-31D9FA94BE16}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF85269F-00E0-4A86-9064-A518C1C37C12}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD37898B-0E3A-4C73-BA63-76C5BF2A3A5F}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{14B3C669-2F87-4BF3-B7EE-0E90FE0BF217}: NameServer = 85.255.114.23,85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{14B3C669-2F87-4BF3-B7EE-0E90FE0BF217}: NameServer = 85.255.114.23,85.255.112.112

dies auch fixen:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.looksmart.com/p/search?pi=lstb2&tv=1

suche diese Datei:

C:\WINDOWS\system32\dmplk.exe

in meiner Anleitung ist eine Anleitung von Rene-Gad zum Sichtbarmachen von Dateien verlinkt, nutze diese um die Datei zu finden.
Scanne sie dann online bei Jotti und virustotal ( in meiner Signatur verlinkt)
Poste das Ergbnis hier.

Dann poste noch die vier Logs der datfind.bat, aber nur die Dateien der letzten drei Monate.

Gruß

Schrulli


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19