Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Großes Problem mit IEXPLORE.EXE (https://www.trojaner-board.de/39520-grosses-problem-iexplore-exe.html)

Amilo 01.06.2007 15:10
Großes Problem mit IEXPLORE.EXE
 
Hallo,
Habe , nachdem ich NetPumper installiert habe , genau das selbe Problem wie der User im folgenden Thread: http://www.trojaner-board.de/30276-p...chliessen.html

Habe es schon mit der Anleitung darin probiert, aber ich kenne mich auf dem Gebiet leider überhaupt nicht aus und weiß deshalb auch nicht welche Vorgänge aus dem HiJack Log ich denn nun löschen soll.

Ich hoffe jemand kann mir helfen. Das Arbeiten mit dem PC ist damit nämlich kaum möglich (der PC lahmt sehr stark wenn die IEXPLORE.EXE Vorgänge offen sind...)

Hier das Log-File:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\appxb.exe
C:\WINDOWS\system32\atlkw.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\Programme\Gemeinsame Dateien\AOL\1176997484\ee\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\AOL 9.0b\aoltray.exe
C:\Programme\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Programme\madotate\madotate.exe
C:\Programme\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\AOL 9.0b\waol.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Programme\AOL 9.0b\shellmon.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\WINDOWS\system32\ifcconf.exe
C:\WINDOWS\System32\odtemdt2.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\***\Desktop\Neuer Ordner (2)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vtrwa.dll/sp.html#44794%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vtrwa.dll/sp.html#44794%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vtrwa.dll/sp.html#44794%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vtrwa.dll/sp.html#44794%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vtrwa.dll/sp.html#44794%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vtrwa.dll/sp.html#44794%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vtrwa.dll/sp.html#44794%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: Class - {03A3BAA1-D30D-1740-266D-DFB41175C0B6} - C:\WINDOWS\ntrd.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {08484541-BCCD-C18F-32D6-EB815B6DEC10} - C:\WINDOWS\system32\ntim.dll (file missing)
O2 - BHO: Class - {0CF480F1-257D-1A25-B315-E66C5C67677C} - C:\WINDOWS\sysxq32.dll (file missing)
O2 - BHO: Class - {19AA31BF-1750-E89C-CB6E-11F9A6477CE9} - C:\WINDOWS\system32\d3ki32.dll
O2 - BHO: Class - {1E9299A9-BF6A-EDA4-8182-44CC97B4CE96} - C:\WINDOWS\nthb32.dll (file missing)
O2 - BHO: Class - {1EABA81C-2968-BCA1-3144-3C81DF7686E0} - C:\WINDOWS\system32\cryh.dll
O2 - BHO: Class - {22FDEABC-8EB3-A5F1-D02C-CEB942AC6387} - C:\WINDOWS\system32\msaz32.dll
O2 - BHO: Class - {263D02F9-1BD5-1743-9A90-F30CE927DC96} - C:\WINDOWS\apiof32.dll (file missing)
O2 - BHO: Class - {27C69AB9-7058-A173-08CD-4881744A47E8} - C:\WINDOWS\system32\netop.dll
O2 - BHO: Class - {28A68239-82F8-8D30-DC8C-F32FA43F4BF6} - C:\WINDOWS\system32\winpa.dll
O2 - BHO: Class - {29094C8C-2B29-460F-F696-483BB24C0D75} - C:\WINDOWS\addrd32.dll (file missing)
O2 - BHO: Class - {2D81EABA-6451-4C7C-3C50-B8A5D81AD9AB} - C:\WINDOWS\sdkwi.dll
O2 - BHO: Class - {2ECC0E95-435F-646C-368F-766F51423169} - C:\WINDOWS\system32\crop32.dll
O2 - BHO: Class - {2F81B0AE-8954-D01D-E50B-7FCBA7679003} - C:\WINDOWS\system32\ntds.dll
O2 - BHO: Class - {32DAA6BE-6853-C120-02B0-7E948F785121} - C:\WINDOWS\system32\msjv.dll
O2 - BHO: Class - {3992544B-E35C-E7B2-CC5E-542598989C13} - C:\WINDOWS\system32\apiuv.dll
O2 - BHO: Class - {3EB92E28-EE9A-43B7-6D25-F4D8822B3138} - C:\WINDOWS\sysmh32.dll (file missing)
O2 - BHO: Class - {4263150C-85E5-7432-04D3-FC91D0E2083A} - C:\WINDOWS\appyy32.dll (file missing)
O2 - BHO: Class - {4A8FA403-6D03-3DF6-B04E-8F3E905BDA8C} - C:\WINDOWS\system32\apipb32.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: Class - {510C09CC-B06A-EFC8-2E17-38F386848F3E} - C:\WINDOWS\crtl32.dll (file missing)
O2 - BHO: Class - {513F26D2-529F-C72B-3DB2-BFE1824D6026} - C:\WINDOWS\system32\addqv.dll
O2 - BHO: Class - {51E6232D-D6D8-0B28-FE18-2CDD5A3EB81A} - C:\WINDOWS\system32\appas32.dll
O2 - BHO: Class - {522DCDB2-3199-3427-AF7A-5B84CDB03151} - C:\WINDOWS\system32\sysya.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {565D9CD0-2D1B-B265-3401-B4D542904CEA} - C:\WINDOWS\system32\ntew32.dll
O2 - BHO: Class - {5E6B4C95-6BEF-0CB7-4598-2570C18C2CE9} - C:\WINDOWS\system32\appne.dll
O2 - BHO: Class - {63196008-394F-92A3-D468-B7F1C729D832} - C:\WINDOWS\system32\ntlb32.dll
O2 - BHO: Class - {63FEB9FC-0CFF-19B6-22B8-41BEE619AC8D} - C:\WINDOWS\system32\ipbz.dll
O2 - BHO: Class - {6671C461-7CCF-9AA0-86E0-D85FD407E962} - C:\WINDOWS\system32\mfcet32.dll
O2 - BHO: Class - {6813A243-6455-01F2-5ABA-4D5390F9C114} - C:\WINDOWS\ipkq.dll (file missing)
O2 - BHO: Class - {692CAE5A-4A45-E144-6735-C691484DAB07} - C:\WINDOWS\system32\sysnn32.dll
O2 - BHO: Class - {6BFA37D8-ADF9-E5C1-1BA2-6D5FC51992FE} - C:\WINDOWS\netzs.dll
O2 - BHO: Class - {70E8EDCB-E658-5238-0B7C-4032E35AADD5} - C:\WINDOWS\system32\ipnn32.dll
O2 - BHO: Class - {75DB1C5D-4338-B2DA-7E2E-486E23737320} - C:\WINDOWS\system32\crnz.dll
O2 - BHO: Class - {764788F7-270A-2065-77B9-E89626EE98D8} - C:\WINDOWS\system32\netxs.dll
O2 - BHO: Class - {76551A46-3CFF-6B1B-D3B8-FBF43EA1977B} - C:\WINDOWS\sysns.dll
O2 - BHO: Class - {7A9255F3-6C7E-1DF9-4197-04A41E0B4D35} - C:\WINDOWS\system32\apidh32.dll
O2 - BHO: Class - {7C0FF55E-E9AE-F913-0FC2-E683C07B83BA} - C:\WINDOWS\system32\sysin.dll
O2 - BHO: Class - {8391C5AE-D71D-1C39-7030-6A643F55B86D} - C:\WINDOWS\system32\addxg32.dll
O2 - BHO: Class - {84A7FA6F-91FF-4596-D0F9-6EBB535B64A8} - C:\WINDOWS\d3ap.dll (file missing)
O2 - BHO: Class - {850AB9B1-1258-DE09-759D-A5B88E566256} - C:\WINDOWS\ieer32.dll
O2 - BHO: Class - {873458BD-F460-8C2C-C434-DA1479C9FA9D} - C:\WINDOWS\iemh32.dll
O2 - BHO: Class - {8D2AB820-4792-EC0B-EEC6-7066F20405E7} - C:\WINDOWS\system32\atlpo.dll
O2 - BHO: Class - {92606481-D877-8991-1150-67646D27BA88} - C:\WINDOWS\sysvu32.dll
O2 - BHO: Class - {92B2D986-CF62-44F7-66D4-D1D7DD85E680} - C:\WINDOWS\mski.dll (file missing)
O2 - BHO: Class - {94E2EE2C-7353-1954-E7DE-C8D3E86E1509} - C:\WINDOWS\ntug32.dll
O2 - BHO: Class - {97ABFC94-0DCD-6F23-07CA-0397C1202816} - C:\WINDOWS\system32\ieic32.dll
O2 - BHO: Class - {97B49D84-7652-41A1-A24E-3AC2CB7C0CCF} - C:\WINDOWS\system32\sdkes32.dll
O2 - BHO: Class - {99368009-0A9B-D27D-477D-7DCB633E7E12} - C:\WINDOWS\msgt.dll (file missing)
O2 - BHO: Class - {9A72E5B9-1D03-1F14-49AA-B52E51A50ABF} - C:\WINDOWS\system32\ntai.dll
O2 - BHO: Class - {9ABA5138-8227-CC21-68F5-2ABC964FBA9C} - C:\WINDOWS\system32\javawe32.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: Class - {9F1DF47B-EB7B-6789-0D82-E2A50C229205} - C:\WINDOWS\ntro.dll (file missing)
O2 - BHO: Class - {A1A0A8B0-1426-AEE6-1AF3-A0AEC3BAA6FA} - C:\WINDOWS\appul.dll
O2 - BHO: Class - {A1A5E364-E35E-3207-00BC-5BCD057C00C4} - C:\WINDOWS\addim.dll (file missing)
O2 - BHO: Class - {A400880E-3B4B-F103-3D96-C2CBB123366D} - C:\WINDOWS\javahd32.dll
O2 - BHO: Class - {A5B70C48-44FC-EE21-10FB-6B345BD9B634} - C:\WINDOWS\system32\mskh.dll
O2 - BHO: Class - {A8A23479-ED9D-1E98-9D3B-BE5D9FF6BBE1} - C:\WINDOWS\netph.dll
O2 - BHO: Class - {A989CF03-97C5-2ED8-BCEB-B1BB49B32314} - C:\WINDOWS\system32\ntci32.dll
O2 - BHO: Class - {AA0E41C6-7850-AD03-4758-F830E674D570} - C:\WINDOWS\system32\javawp.dll
O2 - BHO: Class - {AC5FBA74-3B09-DD85-9101-E3BA6AA5F315} - C:\WINDOWS\system32\iejx.dll
O2 - BHO: Class - {AF0E6521-11D3-E910-5998-4ABEE4595D36} - C:\WINDOWS\nthe.dll
O2 - BHO: Class - {AF4453A0-7DB2-2911-EE4F-0941EA0F1D4D} - C:\WINDOWS\netuf.dll
O2 - BHO: Class - {AFF226D4-6484-3652-603F-005908E0DFD4} - C:\WINDOWS\javauq.dll (file missing)
O2 - BHO: Class - {B3D73358-31BE-E57F-D1C6-0062ECF101F4} - C:\WINDOWS\syspu32.dll
O2 - BHO: Class - {B9C08788-99E3-0FDE-627D-4CBCC68F6D36} - C:\WINDOWS\sysmv32.dll
O2 - BHO: Class - {BAA30FC7-144C-D511-86B0-B4821F6A694B} - C:\WINDOWS\ipoj32.dll
O2 - BHO: Class - {BC94F47E-FA75-F7AE-6982-DA5E61BD1650} - C:\WINDOWS\mscu.dll
O2 - BHO: Class - {BCF7B860-1A55-E954-17E0-F2AC36525DF8} - C:\WINDOWS\javalz.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Class - {BE1F0E63-6C92-5B58-E590-B7958EE995B7} - C:\WINDOWS\apive32.dll (file missing)
O2 - BHO: Class - {BEE7E5D8-569A-9AC1-5C5F-875B2717BDB1} - C:\WINDOWS\system32\winth32.dll
O2 - BHO: Class - {BEF00B51-738C-4232-D4D5-D51207153ADE} - C:\WINDOWS\system32\appls.dll
O2 - BHO: Class - {C5933008-BD9D-D18E-FDF7-470E8C5B5132} - C:\WINDOWS\addns32.dll (file missing)
O2 - BHO: Class - {C643F570-05B9-FEDB-D764-AC5B786D4B39} - C:\WINDOWS\system32\atlfa.dll
O2 - BHO: Class - {CC53C364-0498-434A-F962-F0D884823228} - C:\WINDOWS\system32\ntix.dll
O2 - BHO: Class - {CC76A8DE-4196-33A2-4D56-645061976E88} - C:\WINDOWS\system32\apiis32.dll
O2 - BHO: Class - {CD104659-5CC2-29E7-33D3-57FFA736CDED} - C:\WINDOWS\system32\appyt32.dll
O2 - BHO: Class - {CE678389-B1E9-4F6F-091A-C8A48544D7B4} - C:\WINDOWS\apppq32.dll
O2 - BHO: Class - {D0D90AC7-FFCD-EA7E-B827-9D99D7655159} - C:\WINDOWS\system32\apiss.dll
O2 - BHO: Class - {D9152034-827B-EB56-CE58-BDA675970AEB} - C:\WINDOWS\ntzf.dll (file missing)
O2 - BHO: Class - {DA737FB7-D4AB-4D3C-5342-A991014AC8FA} - C:\WINDOWS\ipyz.dll
O2 - BHO: Class - {DB64B283-BB07-8F6F-B9A9-8FB11BD47AD0} - C:\WINDOWS\system32\netkm32.dll
O2 - BHO: Class - {DBBC70C2-63DD-CB69-E88B-B7DB341BA714} - C:\WINDOWS\system32\apisu32.dll
O2 - BHO: Class - {DD570F33-30FC-DD2B-2D52-F5F01014766F} - C:\WINDOWS\system32\javamg32.dll
O2 - BHO: Class - {E118F9B6-686E-47CF-3507-F787ADEDD0FF} - C:\WINDOWS\appla.dll (file missing)
O2 - BHO: Class - {E2D6A434-202A-A2C9-09CC-F6A71EC6CBB4} - C:\WINDOWS\system32\netno.dll
O2 - BHO: Class - {E2EE3398-3679-6B34-51F3-26F80A4F6FA2} - C:\WINDOWS\syszl32.dll (file missing)
O2 - BHO: Class - {E738B04A-1963-CC45-FEB7-57FDF80D6F8D} - C:\WINDOWS\system32\mfcai32.dll
O2 - BHO: Class - {E7D786C8-AEAE-75A3-E2AA-6242E4EDCBE4} - C:\WINDOWS\system32\addwc.dll
O2 - BHO: Class - {EB6CA0F4-3A1C-6772-E64F-4A74CBFD30B5} - C:\WINDOWS\system32\cran32.dll
O2 - BHO: Class - {EC341F61-0A1A-E928-100B-606855DB07DD} - C:\WINDOWS\system32\sdkwx32.dll
O2 - BHO: Class - {EFC5B77D-89C3-A962-9A96-1C6818B08696} - C:\WINDOWS\system32\addni.dll
O2 - BHO: Class - {F00846F6-794A-3935-C204-C7E078510F27} - C:\WINDOWS\netyu.dll
O2 - BHO: Class - {F1983C20-5742-0E88-60CB-E8BD6E1204CA} - C:\WINDOWS\system32\syscu32.dll
O2 - BHO: Class - {F24066EC-902B-5FD0-38BE-FCBA8F762791} - C:\WINDOWS\winqq32.dll
O2 - BHO: Class - {F4625626-5DCB-AEB7-598A-486B27B92A72} - C:\WINDOWS\system32\syswv32.dll
O2 - BHO: Class - {F5E5DE05-657F-880E-A52E-71E8CBCBA712} - C:\WINDOWS\ipwn32.dll (file missing)
O2 - BHO: Class - {F7AAF518-F4CD-02BF-5C23-F0D9E2D6BD30} - C:\WINDOWS\system32\sdkkf.dll
O2 - BHO: Class - {FA4788F1-4822-A986-4D3E-44B435C19A9C} - C:\WINDOWS\winaq32.dll (file missing)
O2 - BHO: Class - {FA991F0E-1BD9-6EAD-EFEC-2317207D5E37} - C:\WINDOWS\apiwn32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Programme\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [funk] funk.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [atlfe32.exe] C:\WINDOWS\system32\atlfe32.exe
O4 - HKLM\..\Run: [Glass2k] C:\Dokumente und Einstellungen\***\Desktop\Glass2k.exe
O4 - HKLM\..\Run: [appnr.exe] C:\WINDOWS\appnr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ifcdiag] C:\WINDOWS\system32\ifcconf.exe
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1176997484\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [appwb.exe] C:\WINDOWS\appwb.exe
O4 - HKLM\..\Run: [idl32.exe] C:\WINDOWS\idl32.exe s
O4 - HKLM\..\Run: [wndtray.exe] C:\WINDOWS\wndtray.exe s
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Third window active this] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Name Bait Third Window\Waiteq.exe
O4 - HKLM\..\Run: [crdp32.exe] C:\WINDOWS\system32\crdp32.exe
O4 - HKLM\..\Run: [atlkw.exe] C:\WINDOWS\system32\atlkw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TIME RDR] C:\DOKUME~1\Eichwald\ANWEND~1\GPLAXI~1\barboptionhold.exe
O4 - Startup: Madotate.lnk = C:\Programme\madotate\madotate.exe
O4 - Startup: VisualTaskTips.lnk = C:\Programme\VisualTaskTips\VisualTaskTips.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0b\aoltray.exe
O4 - Global Startup: GN-WPKG Utility.lnk = C:\Programme\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Search - http://ky.bar.need2find.com/KY/menusearch.html?p=KY
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?60e651b478f342d6b49cfbc0800ee05f
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?60e651b478f342d6b49cfbc0800ee05f
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {09FE188B-6E85-479e-9411-51FB2220DF80} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{445DEA93-50E0-4608-80F4-4B9E1F2CC01E}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{55D5A97B-FE3F-4773-88C7-A719B0CE3B2C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{445DEA93-50E0-4608-80F4-4B9E1F2CC01E}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dbgmgr - C:\WINDOWS\SYSTEM32\ifcmgr32.dll
O20 - Winlogon Notify: odtemdt2 - C:\WINDOWS\system32\odtemdt2.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\appxb.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: SAVScan - Unknown owner - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Win32/Jeefo 01.06.2007 15:39
Folgende Einträge mit Hijackthis fixen( Nochmal scannen, haken in die Kästchen vor betreffende Einträge machen und "Fix checked" drücken ):



O4 - HKLM\..\Run: [funk] funk.exe


O4 - HKLM\..\Run: [atlkw.exe] C:\WINDOWS\system32\atlkw.exe


O4 - HKLM\..\Run: [crdp32.exe] C:\WINDOWS\system32\crdp32.exe


O4 - HKLM\..\Run: [Third window active this] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Name Bait Third Window\Waiteq.exe


O4 - HKLM\..\Run: [wndtray.exe] C:\WINDOWS\wndtray.exe s


O4 - HKLM\..\Run: [idl32.exe] C:\WINDOWS\idl32.exe s



O4 - HKLM\..\Run: [appwb.exe] C:\WINDOWS\appwb.exe




O4 - HKLM\..\Run: [ifcdiag] C:\WINDOWS\system32\ifcconf.exe




O4 - HKLM\..\Run: [appnr.exe] C:\WINDOWS\appnr.exe




O4 - HKLM\..\Run: [atlfe32.exe] C:\WINDOWS\system32\atlfe32.exe



O4 - HKLM\..\Run: [lich] lich.exe



O4 - HKLM\..\Run: [links] links.exe




O4 - HKLM\..\Run: [iexplore.exe] C:\Programme\Internet Explorer\iexplore.exe



O8 - Extra context menu item: &Search - My Search




Danach arbeitest du Combofix ab ( Im Abgesicherten Modus [ Durch rebooten und beim Bootvorgang "F8" drücken gelangst du in den Abesicherten Modus )


Anleitung Combofix



Download Combofix



Danach lässt du ebenfalls im abgesicherten Modus Spybot Search and Destroy durchlaufen (Mitsammt allen aktuellen Updates, die du dir vorher holst.)
Alles rote löschen.


Download



danach machst du einen normalen neustart und erstellst ein neues Logfile ( Hijackthis ) Dieses postest du dann hier.



Tut mir leid, aber deine Kiste ist so verdreckt, da mkuss man erst grobe Putzarbeit verrichten.

irrlicht 01.06.2007 17:13
Hallo,
@Win32/jeefo
Zitat:
Tut mir leid, aber deine Kiste ist so verdreckt, da mkuss man erst grobe Putzarbeit verrichten.
..und was dann ? gedenkst du dann die riesige Sammlung von Backdoors zu entfernen ?:kloppen:

@Amilo
Deinem Log fehlt der Kopf.Gibt es dafür einen guten Grund ?
Hole das bitte nach,oder setze gleich neu auf.Das geht entschieden schneller !
Du reitest ein dermaßen totes Pferd.......:heulen:
Irrlicht

Amilo 01.06.2007 18:01
Habe alles so gemacht wie von Win32/Jeefo beschrieben. Ein paar Sachen wurden entfernt , aber das Hauptproblem das ich beschrieben habe ist leider noch da...

Hier der neue Log:

Logfile of HijackThis v1.99.1
Scan saved at 18:55, on 2007-06-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\AOL\1176997484\ee\AOLSoftware.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\AOL 9.0b\aoltray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\madotate\madotate.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\AOL 9.0b\waol.exe
C:\Programme\AOL 9.0b\shellmon.exe
C:\Dokumente und Einstellungen\***\Desktop\Neuer Ordner (2)\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: Class - {03A3BAA1-D30D-1740-266D-DFB41175C0B6} - C:\WINDOWS\ntrd.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {08484541-BCCD-C18F-32D6-EB815B6DEC10} - C:\WINDOWS\system32\ntim.dll (file missing)
O2 - BHO: Class - {0CF480F1-257D-1A25-B315-E66C5C67677C} - C:\WINDOWS\sysxq32.dll (file missing)
O2 - BHO: Class - {19AA31BF-1750-E89C-CB6E-11F9A6477CE9} - C:\WINDOWS\system32\d3ki32.dll
O2 - BHO: Class - {1E9299A9-BF6A-EDA4-8182-44CC97B4CE96} - C:\WINDOWS\nthb32.dll (file missing)
O2 - BHO: Class - {1EABA81C-2968-BCA1-3144-3C81DF7686E0} - C:\WINDOWS\system32\cryh.dll
O2 - BHO: Class - {22FDEABC-8EB3-A5F1-D02C-CEB942AC6387} - C:\WINDOWS\system32\msaz32.dll
O2 - BHO: Class - {263D02F9-1BD5-1743-9A90-F30CE927DC96} - C:\WINDOWS\apiof32.dll (file missing)
O2 - BHO: Class - {27C69AB9-7058-A173-08CD-4881744A47E8} - C:\WINDOWS\system32\netop.dll
O2 - BHO: Class - {28A68239-82F8-8D30-DC8C-F32FA43F4BF6} - C:\WINDOWS\system32\winpa.dll
O2 - BHO: Class - {29094C8C-2B29-460F-F696-483BB24C0D75} - C:\WINDOWS\addrd32.dll (file missing)
O2 - BHO: Class - {2D81EABA-6451-4C7C-3C50-B8A5D81AD9AB} - C:\WINDOWS\sdkwi.dll
O2 - BHO: Class - {2ECC0E95-435F-646C-368F-766F51423169} - C:\WINDOWS\system32\crop32.dll
O2 - BHO: Class - {2F81B0AE-8954-D01D-E50B-7FCBA7679003} - C:\WINDOWS\system32\ntds.dll
O2 - BHO: Class - {32DAA6BE-6853-C120-02B0-7E948F785121} - C:\WINDOWS\system32\msjv.dll
O2 - BHO: Class - {3992544B-E35C-E7B2-CC5E-542598989C13} - C:\WINDOWS\system32\apiuv.dll
O2 - BHO: Class - {3EB92E28-EE9A-43B7-6D25-F4D8822B3138} - C:\WINDOWS\sysmh32.dll (file missing)
O2 - BHO: Class - {4263150C-85E5-7432-04D3-FC91D0E2083A} - C:\WINDOWS\appyy32.dll (file missing)
O2 - BHO: Class - {4A8FA403-6D03-3DF6-B04E-8F3E905BDA8C} - C:\WINDOWS\system32\apipb32.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: Class - {510C09CC-B06A-EFC8-2E17-38F386848F3E} - C:\WINDOWS\crtl32.dll (file missing)
O2 - BHO: Class - {513F26D2-529F-C72B-3DB2-BFE1824D6026} - C:\WINDOWS\system32\addqv.dll
O2 - BHO: Class - {51E6232D-D6D8-0B28-FE18-2CDD5A3EB81A} - C:\WINDOWS\system32\appas32.dll
O2 - BHO: Class - {522DCDB2-3199-3427-AF7A-5B84CDB03151} - C:\WINDOWS\system32\sysya.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {565D9CD0-2D1B-B265-3401-B4D542904CEA} - C:\WINDOWS\system32\ntew32.dll
O2 - BHO: Class - {5E6B4C95-6BEF-0CB7-4598-2570C18C2CE9} - C:\WINDOWS\system32\appne.dll
O2 - BHO: Class - {63196008-394F-92A3-D468-B7F1C729D832} - C:\WINDOWS\system32\ntlb32.dll
O2 - BHO: Class - {63FEB9FC-0CFF-19B6-22B8-41BEE619AC8D} - C:\WINDOWS\system32\ipbz.dll
O2 - BHO: Class - {6671C461-7CCF-9AA0-86E0-D85FD407E962} - C:\WINDOWS\system32\mfcet32.dll
O2 - BHO: Class - {6813A243-6455-01F2-5ABA-4D5390F9C114} - C:\WINDOWS\ipkq.dll (file missing)
O2 - BHO: Class - {692CAE5A-4A45-E144-6735-C691484DAB07} - C:\WINDOWS\system32\sysnn32.dll
O2 - BHO: Class - {6BFA37D8-ADF9-E5C1-1BA2-6D5FC51992FE} - C:\WINDOWS\netzs.dll
O2 - BHO: Class - {70E8EDCB-E658-5238-0B7C-4032E35AADD5} - C:\WINDOWS\system32\ipnn32.dll
O2 - BHO: Class - {75DB1C5D-4338-B2DA-7E2E-486E23737320} - C:\WINDOWS\system32\crnz.dll
O2 - BHO: Class - {764788F7-270A-2065-77B9-E89626EE98D8} - C:\WINDOWS\system32\netxs.dll
O2 - BHO: Class - {76551A46-3CFF-6B1B-D3B8-FBF43EA1977B} - C:\WINDOWS\sysns.dll
O2 - BHO: Class - {7A9255F3-6C7E-1DF9-4197-04A41E0B4D35} - C:\WINDOWS\system32\apidh32.dll
O2 - BHO: Class - {7C0FF55E-E9AE-F913-0FC2-E683C07B83BA} - C:\WINDOWS\system32\sysin.dll
O2 - BHO: Class - {8391C5AE-D71D-1C39-7030-6A643F55B86D} - C:\WINDOWS\system32\addxg32.dll
O2 - BHO: Class - {84A7FA6F-91FF-4596-D0F9-6EBB535B64A8} - C:\WINDOWS\d3ap.dll (file missing)
O2 - BHO: Class - {850AB9B1-1258-DE09-759D-A5B88E566256} - C:\WINDOWS\ieer32.dll
O2 - BHO: Class - {873458BD-F460-8C2C-C434-DA1479C9FA9D} - C:\WINDOWS\iemh32.dll
O2 - BHO: Class - {8D2AB820-4792-EC0B-EEC6-7066F20405E7} - C:\WINDOWS\system32\atlpo.dll
O2 - BHO: Class - {92606481-D877-8991-1150-67646D27BA88} - C:\WINDOWS\sysvu32.dll
O2 - BHO: Class - {92B2D986-CF62-44F7-66D4-D1D7DD85E680} - C:\WINDOWS\mski.dll (file missing)
O2 - BHO: Class - {94E2EE2C-7353-1954-E7DE-C8D3E86E1509} - C:\WINDOWS\ntug32.dll
O2 - BHO: Class - {97ABFC94-0DCD-6F23-07CA-0397C1202816} - C:\WINDOWS\system32\ieic32.dll
O2 - BHO: Class - {97B49D84-7652-41A1-A24E-3AC2CB7C0CCF} - C:\WINDOWS\system32\sdkes32.dll
O2 - BHO: Class - {99368009-0A9B-D27D-477D-7DCB633E7E12} - C:\WINDOWS\msgt.dll (file missing)
O2 - BHO: Class - {9A72E5B9-1D03-1F14-49AA-B52E51A50ABF} - C:\WINDOWS\system32\ntai.dll
O2 - BHO: Class - {9ABA5138-8227-CC21-68F5-2ABC964FBA9C} - C:\WINDOWS\system32\javawe32.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: Class - {9F1DF47B-EB7B-6789-0D82-E2A50C229205} - C:\WINDOWS\ntro.dll (file missing)
O2 - BHO: Class - {A1A0A8B0-1426-AEE6-1AF3-A0AEC3BAA6FA} - C:\WINDOWS\appul.dll
O2 - BHO: Class - {A1A5E364-E35E-3207-00BC-5BCD057C00C4} - C:\WINDOWS\addim.dll (file missing)
O2 - BHO: Class - {A400880E-3B4B-F103-3D96-C2CBB123366D} - C:\WINDOWS\javahd32.dll
O2 - BHO: Class - {A5B70C48-44FC-EE21-10FB-6B345BD9B634} - C:\WINDOWS\system32\mskh.dll
O2 - BHO: Class - {A8A23479-ED9D-1E98-9D3B-BE5D9FF6BBE1} - C:\WINDOWS\netph.dll
O2 - BHO: Class - {A989CF03-97C5-2ED8-BCEB-B1BB49B32314} - C:\WINDOWS\system32\ntci32.dll
O2 - BHO: Class - {AA0E41C6-7850-AD03-4758-F830E674D570} - C:\WINDOWS\system32\javawp.dll
O2 - BHO: Class - {AC5FBA74-3B09-DD85-9101-E3BA6AA5F315} - C:\WINDOWS\system32\iejx.dll
O2 - BHO: Class - {AF0E6521-11D3-E910-5998-4ABEE4595D36} - C:\WINDOWS\nthe.dll
O2 - BHO: Class - {AF4453A0-7DB2-2911-EE4F-0941EA0F1D4D} - C:\WINDOWS\netuf.dll
O2 - BHO: Class - {AFF226D4-6484-3652-603F-005908E0DFD4} - C:\WINDOWS\javauq.dll (file missing)
O2 - BHO: Class - {B3D73358-31BE-E57F-D1C6-0062ECF101F4} - C:\WINDOWS\syspu32.dll
O2 - BHO: Class - {B9C08788-99E3-0FDE-627D-4CBCC68F6D36} - C:\WINDOWS\sysmv32.dll
O2 - BHO: Class - {BAA30FC7-144C-D511-86B0-B4821F6A694B} - C:\WINDOWS\ipoj32.dll
O2 - BHO: Class - {BC94F47E-FA75-F7AE-6982-DA5E61BD1650} - C:\WINDOWS\mscu.dll
O2 - BHO: Class - {BCF7B860-1A55-E954-17E0-F2AC36525DF8} - C:\WINDOWS\javalz.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Class - {BE1F0E63-6C92-5B58-E590-B7958EE995B7} - C:\WINDOWS\apive32.dll (file missing)
O2 - BHO: Class - {BEE7E5D8-569A-9AC1-5C5F-875B2717BDB1} - C:\WINDOWS\system32\winth32.dll
O2 - BHO: Class - {BEF00B51-738C-4232-D4D5-D51207153ADE} - C:\WINDOWS\system32\appls.dll
O2 - BHO: Class - {C5933008-BD9D-D18E-FDF7-470E8C5B5132} - C:\WINDOWS\addns32.dll (file missing)
O2 - BHO: Class - {C643F570-05B9-FEDB-D764-AC5B786D4B39} - C:\WINDOWS\system32\atlfa.dll
O2 - BHO: Class - {CC53C364-0498-434A-F962-F0D884823228} - C:\WINDOWS\system32\ntix.dll
O2 - BHO: Class - {CC76A8DE-4196-33A2-4D56-645061976E88} - C:\WINDOWS\system32\apiis32.dll
O2 - BHO: Class - {CD104659-5CC2-29E7-33D3-57FFA736CDED} - C:\WINDOWS\system32\appyt32.dll
O2 - BHO: Class - {CE678389-B1E9-4F6F-091A-C8A48544D7B4} - C:\WINDOWS\apppq32.dll
O2 - BHO: Class - {D0D90AC7-FFCD-EA7E-B827-9D99D7655159} - C:\WINDOWS\system32\apiss.dll
O2 - BHO: Class - {D9152034-827B-EB56-CE58-BDA675970AEB} - C:\WINDOWS\ntzf.dll (file missing)
O2 - BHO: Class - {DA737FB7-D4AB-4D3C-5342-A991014AC8FA} - C:\WINDOWS\ipyz.dll
O2 - BHO: Class - {DB64B283-BB07-8F6F-B9A9-8FB11BD47AD0} - C:\WINDOWS\system32\netkm32.dll
O2 - BHO: Class - {DBBC70C2-63DD-CB69-E88B-B7DB341BA714} - C:\WINDOWS\system32\apisu32.dll
O2 - BHO: Class - {DD570F33-30FC-DD2B-2D52-F5F01014766F} - C:\WINDOWS\system32\javamg32.dll
O2 - BHO: Class - {E118F9B6-686E-47CF-3507-F787ADEDD0FF} - C:\WINDOWS\appla.dll (file missing)
O2 - BHO: Class - {E2D6A434-202A-A2C9-09CC-F6A71EC6CBB4} - C:\WINDOWS\system32\netno.dll
O2 - BHO: Class - {E2EE3398-3679-6B34-51F3-26F80A4F6FA2} - C:\WINDOWS\syszl32.dll (file missing)
O2 - BHO: Class - {E738B04A-1963-CC45-FEB7-57FDF80D6F8D} - C:\WINDOWS\system32\mfcai32.dll
O2 - BHO: Class - {E7D786C8-AEAE-75A3-E2AA-6242E4EDCBE4} - C:\WINDOWS\system32\addwc.dll
O2 - BHO: Class - {EB6CA0F4-3A1C-6772-E64F-4A74CBFD30B5} - C:\WINDOWS\system32\cran32.dll
O2 - BHO: Class - {EC341F61-0A1A-E928-100B-606855DB07DD} - C:\WINDOWS\system32\sdkwx32.dll
O2 - BHO: Class - {EFC5B77D-89C3-A962-9A96-1C6818B08696} - C:\WINDOWS\system32\addni.dll
O2 - BHO: Class - {F00846F6-794A-3935-C204-C7E078510F27} - C:\WINDOWS\netyu.dll
O2 - BHO: Class - {F1983C20-5742-0E88-60CB-E8BD6E1204CA} - C:\WINDOWS\system32\syscu32.dll
O2 - BHO: Class - {F24066EC-902B-5FD0-38BE-FCBA8F762791} - C:\WINDOWS\winqq32.dll
O2 - BHO: Class - {F4625626-5DCB-AEB7-598A-486B27B92A72} - C:\WINDOWS\system32\syswv32.dll
O2 - BHO: Class - {F5E5DE05-657F-880E-A52E-71E8CBCBA712} - C:\WINDOWS\ipwn32.dll (file missing)
O2 - BHO: Class - {F7AAF518-F4CD-02BF-5C23-F0D9E2D6BD30} - C:\WINDOWS\system32\sdkkf.dll
O2 - BHO: Class - {FA4788F1-4822-A986-4D3E-44B435C19A9C} - C:\WINDOWS\winaq32.dll (file missing)
O2 - BHO: Class - {FA991F0E-1BD9-6EAD-EFEC-2317207D5E37} - C:\WINDOWS\apiwn32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Glass2k] C:\Dokumente und Einstellungen\Eichwald\Desktop\Glass2k.exe
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1176997484\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ifcdiag] C:\WINDOWS\system32\ifcconf.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TIME RDR] C:\DOKUME~1\Eichwald\ANWEND~1\GPLAXI~1\barboptionhold.exe
O4 - Startup: Madotate.lnk = C:\Programme\madotate\madotate.exe
O4 - Startup: VisualTaskTips.lnk = C:\Programme\VisualTaskTips\VisualTaskTips.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0b\aoltray.exe
O4 - Global Startup: GN-WPKG Utility.lnk = C:\Programme\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?60e651b478f342d6b49cfbc0800ee05f
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?60e651b478f342d6b49cfbc0800ee05f
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {09FE188B-6E85-479e-9411-51FB2220DF80} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{445DEA93-50E0-4608-80F4-4B9E1F2CC01E}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{55D5A97B-FE3F-4773-88C7-A719B0CE3B2C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{445DEA93-50E0-4608-80F4-4B9E1F2CC01E}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dbgmgr - C:\WINDOWS\SYSTEM32\ifcmgr32.dll
O20 - Winlogon Notify: odtemdt2 - C:\WINDOWS\system32\odtemdt2.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: SAVScan - Unknown owner - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Win32/Jeefo 01.06.2007 18:25
Lieber Amilo.

Bitte setze dein System neu auf. Es hat einfach keinen Sinn mehr.


Einen so verseuchten Log sieht man selten :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19