Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Brauche Hilfe mit "TR/Dldr.Zlob.adr" (https://www.trojaner-board.de/44192-brauche-hilfe-tr-dldr-zlob-adr.html)

Blacky1987 03.10.2007 17:00
Brauche Hilfe mit "TR/Dldr.Zlob.adr"
 
HIer mein LOGFIILE von HiJackThis 1.99.1:

Logfile of HijackThis v1.99.1
Scan saved at 17:40:32, on 03.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Logitech-Maus\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Anwendungen\ICQ 6\ICQ.exe
C:\WINDOWS\system32\msiexec.exe
C:\Anwendungen\SpyWareEntferner\spftray.exe
C:\Anwendungen\SpyWareEntferner\spfprc.exe
C:\Anwendungen\SpyWareEntferner\SPYWAREfighter.exe
C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\dominik\LOKALE~1\Temp\Rar$EX00.797\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {0D5227BF-0C5B-4EA8-833C-FE09F1496F39} - C:\WINDOWS\div32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: (no name) - {E1DCD716-B521-4D2C-A6C4-C31EFE0EF409} - C:\WINDOWS\system32\wintrusu.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: The advpn - {E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5} - C:\WINDOWS\advpn.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Long slow road itch\Third Chic.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Anwendungen\SpyWareEntferner\spftray.exe
O4 - HKCU\..\Run: [cast trans] C:\DOKUME~1\dominik\ANWEND~1\SCRSET~1\PHONE LIES.exe
O4 - Startup: hamachi.lnk = C:\Anwendungen\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Anwendungen\ICQ 6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Anwendungen\ICQ 6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B58C6B1-1154-40AA-A087-FED60E9C68A6}: NameServer = 217.237.150.51,217.237.148.22
O18 - Protocol: bw+0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {113D062C-1045-44FF-96FD-1BA5E8A2685C} - C:\Programme\Logitech-Maus\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: mssql - {75875DDB-26A0-4C73-A258-36950D0FBA11} - C:\WINDOWS\mssql.dll (file missing)
O21 - SSODL: msmhost - {000F2404-92EA-4F6B-A543-C5036C8F0205} - C:\WINDOWS\msmhost.dll (file missing)
O21 - SSODL: msmdev - {1F2552D9-4BBD-4C72-9046-311C3BC81323} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nb.exe
O23 - Service: Pripas (pripas) - Unknown owner - C:\WINDOWS\pripas\bin\pripasserver.exe (file missing)
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Anwendungen\SpyWareEntferner\spfprc.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Anwendungen\T-Com Speed Manager\TSMSvc.exe

Gefunden wurde der Trojaner in:
- "C:\WINDOWS\advpn.dll"
- "C:\System Volume Information\_restore{AAF2AAF0-FECB-47D6-9EDC-B585AEF0291E}\RP168\A0047738.exe"

Was soll ich eurer meinung nach tun?????

Hab auch das Problem, dass in letzter Zeit, wenn ich surfe, viele Popup-Fenster sich öffnen mit nervender Werbung??

Hiern och der scan von "SmitfraudFix":

SmitFraudFix v2.236

Scan done at 18:12:12,09, 03.10.2007
Run from C:\downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\div32.dll FOUND !
C:\WINDOWS\syscore.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\dominik


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\dominik\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme

C:\Programme\VideoAccessCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.kleevisch.de/bilder/mix-media/pimmel-man-2-sml.jpg"
"SubscribedURL"="http://www.kleevisch.de/bilder/mix-media/pimmel-man-2-sml.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

nochdigger 03.10.2007 17:23
Hallo

zuerst mach bitte alle versteckten Dateien und Ordner sichtbar.
Deaktiviere die Systemwiederherstellung, die kann nach der Bereinigung wieder aktiviert werden.
Dann arbeite diese Anleitung ab --> Swizzor entfernen
Relevanter Eintrag für dich ist :
Zitat:
O4 - HKCU\..\Run: [cast trans] C:\DOKUME~1\dominik\ANWEND~1\SCRSET~1\PHONE LIES.exe
Nach dem du dich um Swizzor gekümmert hast, wechsel in den abgesicherten Modus und lass smitfraudfix nochmal laufen (Option 2)

-Poste den rapport.txt
-Erstelle ein neues Hijackthis Log, erstelle hierfür aber einen eigenen Ordner z.B. C:\HJT und entpacke das Programm dort hinein, dann benenne die Hijackthis.exe um in z.B. ABC.exe.


MFG


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19