Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   HijackThis-Log - Bitte testen... ;-) (https://www.trojaner-board.de/29020-hijackthis-log-bitte-testen.html)

Spaguzzi 05.05.2006 01:27
HijackThis-Log - Bitte testen... ;-)
 
Habe seit einigen Tagen Trojanerprobleme, unter anderem Trpjan.Downloader und Proxy.Lager... Bitte mal die Log testen... thx

Hier meine Log:

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Programme\Logitech\MediaLife\MediaLifeService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\explorer.exe
C:\Programme\CA\eTrust Antivirus\InocIT.exe
C:\Programme\eMule\emule.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Dokumente und Einstellungen\***\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {63855B38-1C11-48A3-9BD4-B94C64A1FAB2} - C:\WINDOWS\system32\wnpsrcwp.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Programme\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Ad-Aware] "C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [AAW] "C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: bw+0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: .neoaugnpr - - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: DirectX Service (DirectService) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe

cosinus 05.05.2006 02:07
Logfiles bitte immer komplett posten, der Logfile-Header ist unvollständig!
Zitat:
C:\WINDOWS\system32\wnpsrcwp.dll
C:\WINDOWS\system32\runsrv32.exe
c:\windows\system32\directx.exe (file missing)
Verdächtige Dateien, die aus dem Logfile hervorgehen. Die directx.exe könnte es in sich haben, dabei könnte es sich nämlich um diesen Backdoor-Trojaner handeln! Auch wenn die Datei directx.exe als "missing" angegeben wird, die Hintertür könnte vor dem Löschen dieses Schädlings schon eingerichtet worden sein.
Mach bitte einen vollständigen Systemcheck mit escan nach Anleitung in meiner Signatur. Bitte lies diese sorgfältig!

Spaguzzi 05.05.2006 03:46
Hier nochmal die komplette Log:

Logfile of HijackThis v1.99.1
Scan saved at 04:37:10, on 05.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Programme\Logitech\MediaLife\MediaLifeService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programme\eMule\emule.exe
C:\WINDOWS\explorer.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Softwin\BitDefender9\bdnagent.exe
C:\Programme\Softwin\BitDefender9\bdoesrv.exe
C:\Programme\Softwin\BitDefender9\bdswitch.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender9\vsserv.exe
c:\programme\softwin\bitdefender9\bdmcon.exe
c:\programme\softwin\bitdefender9\bdlite.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\***\Desktop\Toolz\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {63855B38-1C11-48A3-9BD4-B94C64A1FAB2} - C:\WINDOWS\system32\wnpsrcwp.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Programme\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Ad-Aware] "C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\programme\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\programme\softwin\bitdefender9\bdswitch.exe"
O4 - HKLM\..\RunOnce: [AAW] "C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [RmvHomeDir] C:\WINDOWS\RmvDirX.exe C:\Programme\CA\eTrust Antivirus
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: bw+0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: .neoaugnpr - - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: DirectX Service (DirectService) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

P.S.: eScan Log kommt noch.... Der Trojan war es aber nicht, aber Spybot hat einen "ActiveWindowsDesktop" und etwas namens Tibs.vs gefunden.
Mein Antivirus-Tool ist Bitdefender,. dazu kommen trotz Batteriewechsel Störungen bis Disfunktion von Maus und Tastatur, besonders wenn ich im Inet surfe.

Spaguzzi 05.05.2006 10:39
Hier eScan Log:

Datei C:\WINDOWS\SYSTEM32\TIFINYJR.KDF infiziert von "Trojan-Clicker.Win32.Small.js" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Object "alexa Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Object "alexa Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Object "bridge Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Object "1.dll - adware.sa Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Datei C:\WINDOWS\system32\phqghume.exe infiziert von "Packed.Win32.Tibs" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\WINDOWS\system32\ycmtukhp.exe infiziert von "Packed.Win32.Tibs" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\WINDOWS\system32\phqghume.exe infiziert von "Packed.Win32.Tibs" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\WINDOWS\system32\ycmtukhp.exe infiziert von "Packed.Win32.Tibs" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\WINDOWS\system32\phqghume.exe infiziert von "Packed.Win32.Tibs" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\WINDOWS\system32\ycmtukhp.exe infiziert von "Packed.Win32.Tibs" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.


Hier Scan-Log vom Bitdefender:

Summary:
C:\WINDOWS\system32\wnpsrcwp.dll Infected: Trojan.Downloader.Agent.RG
C:\WINDOWS\system32\wnpsrcwp.dll Disinfection failed
C:\WINDOWS\system32\wnpsrcwp.dll Moved

cosinus 05.05.2006 11:08
Zitat:
C:\WINDOWS\SYSTEM32\TIFINYJR.KDF
C:\WINDOWS\system32\phqghume.exe
C:\WINDOWS\system32\ycmtukhp.exe
C:\WINDOWS\system32\wnpsrcwp.dll
Diese Dateien löschen, evtl. mit Killbox mit der Option "Delete on Reboot".
Schau auch mal nach, ob Du diese Dateien noch findest:
Zitat:
C:\WINDOWS\system32\wnpsrcwp.dll
C:\WINDOWS\system32\runsrv32.exe
Wenn ja, löschen! Darauf achten, dass ALLE Dateien angezeigt werden! Also auch versteckte und geschützte Systemdateien.
Zitat:
O2 - BHO: (no name) - {63855B38-1C11-48A3-9BD4-B94C64A1FAB2} - C:\WINDOWS\system32\wnpsrcwp.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O23 - Service: DirectX Service (DirectService) - Unknown owner - c:\windows\system32\directx.exe (file missing)
Diese Einträge mit Hijackthis fixen. Am besten das Fixen und Löschen im abgesicherten Modus von Windows durchführen.
Neues Logfile erstellen mit Hijackthis. Nochmal mit escan checken. Beide neuen Logs posten.
Beachte, dass bei einer Bereinigung immer die Möglichkeit besteht, dass nicht alle Schädlinge gefunden und entfernt werden!

BataAlexander 05.05.2006 11:41
Hallo,

Zitat:
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
trojan.abwiz.b
Trojan-Proxy.Win32.Lager.r

in Zusammenhang mit all den anderen Infektionen ist hier eine Neuinstallation am sinnvollsten, eine Anleitung dazu findest Du im meiner Signatur verlinkt.

Was Backdoors so wollen/können liest man hier.

Gruß

Schrulli

Spaguzzi 05.05.2006 12:35
Hier die gefixte Log:

Logfile of HijackThis v1.99.1
Scan saved at 13:32:47, on 05.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Programme\Logitech\MediaLife\MediaLifeService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\Programme\Softwin\BitDefender9\bdnagent.exe
C:\Programme\Softwin\BitDefender9\bdoesrv.exe
C:\programme\softwin\bitdefender9\bdswitch.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender9\vsserv.exe
c:\programme\softwin\bitdefender9\bdmcon.exe
C:\Dokumente und Einstellungen\***\Desktop\Toolz\HijackThis.exe
C:\Programme\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Programme\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [Ad-Aware] "C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\programme\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\programme\softwin\bitdefender9\bdswitch.exe"
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: bw+0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6FCA87EC-FCA5-4E95-88CC-DB11BBFEC5AA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: .neoaugnpr - - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: DirectX Service (DirectService) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Spaguzzi 05.05.2006 12:37
Noch eine Frage: Welchen Antivirus-Scanner würden Sie mir empfehlen. Ich schwanke zwischen Bitdefender und Escan ?

Markus1234 05.05.2006 13:08
Zitat:
Zitat von Schrulli
Hallo,


trojan.abwiz.b
Trojan-Proxy.Win32.Lager.r

in Zusammenhang mit all den anderen Infektionen ist hier eine Neuinstallation am sinnvollsten, eine Anleitung dazu findest Du im meiner Signatur verlinkt.

Was Backdoors so wollen/können liest man hier.

Gruß

Schrulli
@Spaguzzi lise dir die weiterführenden Links bitte durch.

mfg,
Markus

Spaguzzi 05.05.2006 13:57
nochmals escan-log:

Object "alexa Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Object "alexa Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Object "bridge Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Object "1.dll - adware.sa Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Datei C:\!KillBox\phqghume.exe infiziert von "Packed.Win32.Tibs" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\!KillBox\TIFINYJR.KDF infiziert von "Trojan-Clicker.Win32.Small.js" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\!KillBox\ycmtukhp.exe infiziert von "Packed.Win32.Tibs" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.

Spaguzzi 05.05.2006 15:16
Komplette escan-Log:

Object "alexa Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Object "alexa Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Object "bridge Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Object "1.dll - adware.sa Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Datei C:\!KillBox\phqghume.exe infiziert von "Packed.Win32.Tibs" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\!KillBox\TIFINYJR.KDF infiziert von "Trojan-Clicker.Win32.Small.js" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\!KillBox\ycmtukhp.exe infiziert von "Packed.Win32.Tibs" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\System Volume Information\_restore{1DE3AF18-F466-4B03-ACA7-FF7369BE6484}\RP188\A0016224.exe infiziert von "Packed.Win32.Tibs" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\System Volume Information\_restore{1DE3AF18-F466-4B03-ACA7-FF7369BE6484}\RP188\A0016225.exe infiziert von "Packed.Win32.Tibs" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.

unter System Volume kann ich nicht löschen, auch nicht den Ordner öffnen... --> Killbox? :snyper:

cosinus 06.05.2006 13:44
Systemwiederherstellung deaktivieren!

BataAlexander 06.05.2006 16:57
Hallo,
Zitat:
Zitat von cosinus
Systemwiederherstellung deaktivieren!
:confused:

Gruß

Schrulli

cosinus 08.05.2006 07:44
Hi Schrulli,

hab irgendwie Dein Posting überlesen...:headbang:
Dann bringt in diesem Falle das Bereinigen nichts mehr :balla:


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19