Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   winjks32.dll TROJANER...Brauche Hilfe (https://www.trojaner-board.de/33632-winjks32-dll-trojaner-brauche-hilfe.html)

lenny79 18.11.2006 00:55
winjks32.dll TROJANER...Brauche Hilfe
 
Hallo ich habe alle 15min die Info mit einem TROJANER infiziert zu sein. Leider kann ich diese nicht löschen und auch nicht in Quarantäne setzen. ich habe im Netz einiges versucht zu recherchieren jedoch ohne erfolg.

Ich bitte um Hilfe.


Logfile of HijackThis v1.99.1
Scan saved at 00:52:50, on 18/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\boylu\LOCALS~1\Temp\Rar$EX00.000\Analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [newdebug] C:\DOCUME~1\boylu\APPLIC~1\PROGRA~1\Gram Dog.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {59F0E9AB-381F-40E3-83D1-05EFBA4BA61B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjks32 - C:\WINDOWS\SYSTEM32\winjks32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

nochdigger 18.11.2006 07:18
mOIn auch

Zitat:
Zitat von lenny79 (Beitrag 240665)
Hallo ich habe alle 15min die Info mit einem TROJANER infiziert zu sein.
Wo meckert dein Antivirenprogramm welche Datei(en) an (Pfad/Datei angabe)?

Zitat:
Zitat von lenny79 (Beitrag 240665)
C:\DOCUME~1\boylu\LOCALS~1\Temp\Rar$EX00.000\Analyse.exe
Hast du HijackThis umbenannt?


Kannst du alle Dateien und Ordner auf deinem Rechner sehen?
wenn nicht, bitte so einstellen :
Start --> Einstellungen --> Systemsteuerung --> Ordneroptionen --> Ansicht -->
häkchen raus bei - Erweiterungen bei bekannten Dateitypen ausblenden -
häkchen raus bei - Geschützte Systemdateien ausblenden -
anhaken - Inhalte von Systemordnern anzeigen -
bei Versteckte Dateien und Ordner - alle Dateien und Ordner anzeigen lassen -
--> Übernehmen
Zitat:
Zitat von lenny79 (Beitrag 240665)
O4 - HKCU\..\Run: [newdebug] C:\DOCUME~1\boylu\APPLIC~1\PROGRA~1\Gram Dog.exe
O20 - Winlogon Notify: winjks32 - C:\WINDOWS\SYSTEM32\winjks32.dll
lasse diese Dateien hier
Virustotal
oder hier
Jotti
überprüfen (kann bisschen dauern),
poste die Ergebnisse mit der Angabe der größe der hochgeladenen Datei sowie die MD5 und SHA1 angaben,
auch wenn nichts gefunden wurde.

MFG

lenny79 19.11.2006 15:01
Hi,

Danke für die Hilfe, jedoch konnte ich die Datein nicht anhängen. Ich habe diese Nachricht bekommen:

"You don't have appropriate permission to perform this operation"

Ich hatte letztens irgend etwas mal gelesen, dass man im Abgesichertem Modus den Virus terminieren kann...

Bzgl. Hast du HijackThis umbenannt?
Hijackthis, ja ich habe den Namen verändert zu Analyse.exe.

Bzgl. Wo meckert dein Antivirenprogramm welche Datei(en) an (Pfad/Datei angabe)?
Alert lautet:
Norton Antivirus has detected a virus on your computer.
Object Name C:\WINDOWS\system32\winjks32.dll
Virus Name Trojan.Abwiz
Action Taken Unable to repair this file.
Access to the file was denied.


Was soll ich tun?

Besten Gruss

nochdigger 19.11.2006 16:29
mOIn auch

Zitat:
jedoch konnte ich die Datein nicht anhängen
nicht anhängen, hochladen sollst du die Datei, am besten bei Virustotal oben auf das weiße Feld klicken neben -select File- und dann diesen Pfad einfügen :
C:\WINDOWS\system32\winjks32.dll
danach klickst auf -send- und wartest bis die Ergebnisse erscheinen, diese kopierst du ab und postest sie hierher.

Bei diesem Eintrag
C:\DOCUME~1\boylu\APPLIC~1\PROGRA~1\Gram Dog.exe
bin ich mir eigentlich sicher, dass es sich hier um Swizzor handelt und so gehst du vor --> Swizzor entfernen

MFG

lenny79 19.11.2006 21:46
ok. Habe es gemacht.
Hier das Ergebnis...

STATUS: SCANNINGFile "winjks32.dll" received on 11.19.2006 at 21:35:02 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AntiVir 7.2.0.39 11.19.2006 no virus found


Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

cosinus 20.11.2006 00:18
Die Datei schützt sich selber, daher wohl die Null Byte.
Geh mal so vor: Besorg dir Killbox und öffne es. Füge den Pfad zu dieser Datei also

C:\WINDOWS\system32\winjks32.dll

in das Adressfeld ein. Nimm unten die Option delete on reboot und klick auf das rote Schild mit dem weißen X. Die darauffolgende Frage beantwortest Du mit Ja, es folgt ein Neustart.
Wenn Windows wieder oben ist, ist die Date dann gelöscht aber eine Sicherheitskopie wurde angelegt im Ordner C:\!KILLBOX\. Werte dann die Datei

C:\!KILLBOX\winjks32.dll

bei Jotti oder Virustotal aus und poste das Ergebnis.

lenny79 20.11.2006 23:07
Hi, ich habe Deinen Rat befolgt und die Datei mit Killbox gelöscht. Danach wollte ich wie Du es geraten hast mit TotalVirus scanen jedoch kann ich die Datei nicht finden.

Ich bekomme die Nachricht:
C:\!KILLBOX\winjks32.dll refers to a location that is unavailable...

was soll ich machen?

cosinus 20.11.2006 23:41
Dann war die Datei tatsächlich schon weg. :schmoll:
Führe doch mal Blacklight aus und poste das Ergebnis. Dann sehen wir weiter.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:58 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131