CreatrixMedia/neededware Hijacker O15 - Trusted Zone: http://www.neededware. |
|
---|---|
24.04.2005, 12:07
...neu hier
Beiträge: 1 |
#1
Hallo erst einmal, ich hatte bis jetzt noch nie Probleme mit Viren .........
|
|
|
04.06.2005, 12:39
...neu hier
Beiträge: 3 |
#2
Hi,
Habe scheinbar das gleiche Problem wie madferrit. Bin sämtliche Schritte durchgegangen, die genannt wurden, auch wenn an der ein oder anderen Stelle bestimmte Daten nicht existierten. So, das neue Log: Logfile of HijackThis v1.99.1 Scan saved at 12:38:02, on 04.06.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\Logi_MwX.Exe C:\Programme\Saitek\Software\Profiler.exe C:\Programme\Saitek\Software\SaiSmart.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Mixer.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\DOKUME~1\Admin\LOKALE~1\Temp\dc.exe C:\Programme\Logitech\SetPoint\KEM.exe C:\Programme\Logitech\SetPoint\KHALMNPR.EXE C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Admin\Desktop\!!!ÜBELTÄTER!!!\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gac-portal.de/forum R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programme\SurfSideKick 3\SskBho.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINDOWS\System32\WinStat11.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Profiler] C:\Programme\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] C:\Programme\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [Task manager] taskmngr.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [wdeplxb] C:\WINDOWS\System32\wdeplxb.exe O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\RunServices: [Task manager] taskmngr.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [Task manager] taskmngr.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [BD] "C:\DOKUME~1\Admin\LOKALE~1\Temp\dc.exe" O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O15 - Trusted Zone: http://www.neededware.com O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20a512ddce2b09888305/netzip/RdxIE601_de.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5B4ABDD4-244C-4F33-B343-C363EBFEC783}: NameServer = 192.168.0.1,192.168.0.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{79F1AC73-12C8-4723-99C9-CE32D02901BF}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5B4ABDD4-244C-4F33-B343-C363EBFEC783}: NameServer = 192.168.0.1,192.168.0.100 O17 - HKLM\System\CS2\Services\Tcpip\..\{5B4ABDD4-244C-4F33-B343-C363EBFEC783}: NameServer = 192.168.0.1,192.168.0.100 O18 - Protocol: bw+0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Ich persönlich kenne mich nicht damit aus, also kann ich nur hoffen, dass ihr daraus etwas lesen könnt Getan hat sich nach der ganzen Arbeit nur eines: Ich kann mir meine Startseite wieder selber aussuchen, und sie bleitb dann auch... Es bleiben jedoch die ewigen PopUps, die sich selbst installierenden Programme (Casino) und der Kram im TaskManager Würde mich sehr über hilfe freuen |
|
|
04.06.2005, 15:53
Ehrenmitglied
Beiträge: 29434 |
#3
Hallo@Ami
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programme\SurfSideKick 3\SskBho.dll O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINDOWS\System32\WinStat11.dll O4 - HKLM\..\Run: [Task manager] taskmngr.exe O4 - HKLM\..\Run: [wdeplxb] C:\WINDOWS\System32\wdeplxb.exe O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe O4 - HKLM\..\RunServices: [Task manager] taskmngr.exe O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [Task manager] taskmngr.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [BD] "C:\DOKUME~1\Admin\LOKALE~1\Temp\dc.exe" O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O15 - Trusted Zone: http://www.neededware.com O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab O18 - Protocol: bw+0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll PC neustarten •KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\DOKUME~1\Admin\LOKALE~1\Temp\dc.exe C:\Programme\SurfSideKick 3\SskBho.dll C:\Programme\SurfSideKick 3\Ssk.exe C:\WINDOWS\System32\WinStat11.dll C:\WINDOWS\System32\taskmngr.exe C:\WINDOWS\System32\wdeplxb.exe PC neustarten Start--> Ausfuehren--> cmd--> kopiere nur die Eintraege der letzten Tage raus einzeln reinkopieren: cd\ cd %windir%\system32 dir /a:-d /o:-d > %systemdrive%\system32.txt start %systemdrive%\system32.txt cls exit cd\ cd %temp%\ dir /a:-d /o:-d > %systemdrive%\systemtemp.txt start %systemdrive%\systemtemp.txt cls exit cd\ cd %windir% dir /a:-d /o:-d > %systemdrive%\system.txt start %systemdrive%\system.txt cls exit cd\ dir /a:-d /o:-d > %systemdrive%\sys.txt start %systemdrive%\sys.txt cls exit CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html dann mache Onlinescans (Symantec+ Panda und andere und poste, was gefunden, aber nicht geloescht wurde) http://virus-protect.org/onlinescan.html --------------------------------------------- INFO:Trojan.IrcBounce http://securityresponse.symantec.com/avcenter/venc/data/trojan.ircbounce.html * Dll32.hlp * Dll32nt.hlp * Xvpll.hlp * Httpsearch.ini * Nt32.ini * Gg.bat * Seced.bat * Tftp8675 * V.exe * Mt.exe __________ MfG Sabina rund um die PC-Sicherheit |
|
|
04.06.2005, 18:02
...neu hier
Beiträge: 3 |
#4
Ok, bin dabei.
Anmerkungen: cd\ cd %windir%\system32 dir /a:-d /o:-d > %systemdrive%\system32.txt start %systemdrive%\system32.txt 04.06.2005 16:59 2.238 partypoker.ico 04.06.2005 16:59 9.248 WinStat11.dat 03.06.2005 08:51 159.024 WinStat11.dll 02.06.2005 20:19 3.002 CONFIG.NT 01.06.2005 15:36 49.152 wdeplxbndw30104lib.dll 01.06.2005 15:36 36.352 epx30104.exe 01.06.2005 15:36 36.352 wdeplxb.exe 29.05.2005 18:12 1.463 WinStat10.dat 29.05.2005 18:12 154.928 WinStat10.dll 27.05.2005 20:59 49.152 evzjujndw30103lib.dll 27.05.2005 20:59 39.704 evzjuj.exe 20.05.2005 23:50 372.736 aswBoot.exe 20.05.2005 23:44 90.112 AVASTSS.scr 16.05.2005 11:38 181.040 FNTCACHE.DAT 15.05.2005 23:02 380.350 perfh009.dat 15.05.2005 23:02 52.764 perfc009.dat 15.05.2005 23:02 391.000 perfh007.dat 15.05.2005 23:02 63.580 perfc007.dat 15.05.2005 23:02 897.954 PerfStringBackup.INI 12.05.2005 14:59 2.184 wpa.dbl 20.04.2005 12:39 176.167 rmoc3260.dll cd\ cd %temp%\ dir /a:-d /o:-d > %systemdrive%\systemtemp.txt start %systemdrive%\systemtemp.txt 04.06.2005 17:42 2.060 jusched.log 04.06.2005 17:40 746 kb.log 04.06.2005 17:34 53.870 backdoor.log 04.06.2005 14:52 0 aaxAF9.tmp 04.06.2005 11:57 16.384 ~DFDF02.tmp 04.06.2005 11:56 16.384 ~DF14DB.tmp 04.06.2005 11:50 16.384 ~DFFF30.tmp 04.06.2005 11:49 16.384 ~DFB65B.tmp 04.06.2005 11:38 26.576 Biost___.ttf 03.06.2005 14:09 0 aax2B6.tmp 03.06.2005 09:03 16.384 ~DF9A3C.tmp 03.06.2005 08:38 416 java_install_reg.log 02.06.2005 20:18 16.384 ~DFFAC4.tmp 02.06.2005 19:58 16.384 ~DFB0C6.tmp 17.05.2005 18:39 36.864 CmdLineExt02.dll cd\ cd %windir% dir /a:-d /o:-d > %systemdrive%\system.txt start %systemdrive%\system.txt 04.06.2005 17:47 466.080 WindowsUpdate.log 04.06.2005 17:42 0 0.log 04.06.2005 17:42 159 wiadebug.log 04.06.2005 17:42 50 wiaservc.log 04.06.2005 17:41 2.048 bootstat.dat 04.06.2005 17:41 32.536 SchedLgU.Txt 02.06.2005 21:48 505 ODBC.INI 02.06.2005 19:56 45 IFHKHLIJ.ini 02.06.2005 16:28 106 drwatson.log 01.06.2005 15:36 816.046 setupapi.log 30.05.2005 15:21 2.498 Microsoft.MIF 26.05.2005 22:58 130.963 wmsetup.log 14.05.2005 22:05 420 nsw.log cd\ dir /a:-d /o:-d > %systemdrive%\sys.txt start %systemdrive%\sys.txt 04.06.2005 18:00 0 sys.txt 04.06.2005 17:59 1.145 systemtemp.txt 04.06.2005 17:58 99.545 system32.txt 04.06.2005 17:52 6.463 system.txt 04.06.2005 17:41 805.306.368 pagefile.sys PS: Ich kann nicht auf "http://virus-protect.org/onlinescan.html" gehen, da sonst IExplore.exe ein Problem feststellt ... ? Dieser Beitrag wurde am 04.06.2005 um 18:06 Uhr von Ami editiert.
|
|
|
04.06.2005, 19:30
Ehrenmitglied
Beiträge: 29434 |
#5
Hallo@Ami
Gehe in die registry Start-->Ausfuehren-> regedit HKEY_LOCAL_MACHINE\Software\wserv-->loeschen "ID"="[Random CLSID]" "LastAdShownDate"="[Initially blank]" "LastAppInstalled"="[Initially blank]" "LastUpdateCheck"="[Initially blank]" "Version"="[Adware version number]" •KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\DOKUME~1\Admin\LOKALE~1\Temp\dc.exe C:\Programme\SurfSideKick 3\SskBho.dll C:\Programme\SurfSideKick 3\Ssk.exe C:\WINDOWS\System32\WinStat11.dll C:\WINDOWS\System32\taskmngr.exe C:\WINDOWS\System32\wdeplxb.exe C:\Programme\PartyPoker\PartyPoker.exe C:\WINDOWS\System32\partypoker.ico C:\WINDOWS\System32\WinStat11.dat C:\WINDOWS\System32\wdeplxbndw30104lib.dll C:\WINDOWS\System32\epx30104.exe C:\WINDOWS\System32\WinStat10.dat C:\WINDOWS\System32\WinStat10.dll C:\WINDOWS\System32\evzjujndw30103lib.dll PC neustarten laden+ scannen http://bilder.informationsarchiv.net/Nikitas_Tools/Nailfix.zip laden+ scannen http://bilder.informationsarchiv.net/Nikitas_Tools/ewido-setup.exe dann mache Onlinescans (Symantec+ Panda und andere und poste, was gefunden, aber nicht geloescht wurde) http://virus-protect.org/onlinescan.html + poste das neue Log vom HijackThis ---------------------------- Zitat INFO: __________ MfG Sabina rund um die PC-Sicherheit |
|
|
04.06.2005, 21:37
...neu hier
Beiträge: 3 |
#6
Symantec:
C:\WINDOWS\system32\o is infected with Download.Trojan C:\Programme\teamspeak2_RC2\KeyPress.dll is infected with PWS.Hooker.Trojan Panda: C:\Programme\SurfSideKick 3\SskBho.dll - Spyware:Spyware/SurfSideKick C:\Programme\SurfSideKick 3\SskCore.dll - Spyware:Spyware/SurfSideKick C:\PROGRA~1\SURFSI~1\Ssk.exe - Spyware:Spyware/SurfSideKick C:\PROGRA~1\SURFSI~1\Ssk.exe - Spyware:Spyware/SurfSideKick C:\Programme\SurfSideKick* - Spyware:Spyware/SurfSideKick C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sskcwrd.dll - Spyware:Spyware/SurfSideKick C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sskknwrd.dll - Spyware:Spyware/SurfSideKick C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Ssk.log - Spyware:Spyware/SurfSideKick C:\Dokumente und Einstellungen\Admin\SSK3_B5 Verticlick 8.exe - Spyware:Spyware/SurfSideKick C:\Programme\SurfSideKick 3\Ssk.exe - Spyware:Spyware/SurfSideKick C:\Programme\SurfSideKick 3\SskBho.dll - Spyware:Spyware/SurfSideKick C:\Programme\SurfSideKick 3\SskCore.dll - Spyware:Spyware/SurfSideKick C:\WINDOWS\system32\evzjuj.exe - Adware:Adware/Neededware C:\WINDOWS\system32\evzjujndw30103lib.dll - Adware:Adware/Neededware Ansonsten 7 Viren/Trojaner/Downloader. CZM desinfiziert Neues Log: Logfile of HijackThis v1.99.1 Scan saved at 22:07:37, on 04.06.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\Logi_MwX.Exe C:\Programme\Saitek\Software\Profiler.exe C:\Programme\Saitek\Software\SaiSmart.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Mixer.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Logitech\SetPoint\KEM.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Admin\Desktop\!!!ÜBELTÄTER!!!\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gac-portal.de/forum R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programme\SurfSideKick 3\SskBho.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Profiler] C:\Programme\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] C:\Programme\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe O4 - HKLM\..\Run: [pli] C:\WINDOWS\System32\pli.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O15 - Trusted Zone: http://www.neededware.com O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20a512ddce2b09888305/netzip/RdxIE601_de.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5B4ABDD4-244C-4F33-B343-C363EBFEC783}: NameServer = 192.168.0.1,192.168.0.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{79F1AC73-12C8-4723-99C9-CE32D02901BF}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5B4ABDD4-244C-4F33-B343-C363EBFEC783}: NameServer = 192.168.0.1,192.168.0.100 O17 - HKLM\System\CS2\Services\Tcpip\..\{5B4ABDD4-244C-4F33-B343-C363EBFEC783}: NameServer = 192.168.0.1,192.168.0.100 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Dieser Beitrag wurde am 04.06.2005 um 22:07 Uhr von Ami editiert.
|
|
|
04.06.2005, 22:10
Ehrenmitglied
Beiträge: 29434 |
#7
Gehe in die registry
Start-->Ausfuehren-> regedit HKEY_LOCAL_MACHINE\Software\wserv-->loeschen Fixe mit dem HijackThis: R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programme\SurfSideKick 3\SskBho.dll O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe O4 - HKLM\..\Run: [pli] C:\WINDOWS\System32\pli.exe O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe O15 - Trusted Zone: http://www.neededware.com PC neustarten •KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\DOKUME~1\Admin\LOKALE~1\Temp\dc.exe C:\WINDOWS\System32\WinStat11.dll C:\WINDOWS\System32\taskmngr.exe C:\WINDOWS\System32\wdeplxb.exe C:\Programme\PartyPoker\PartyPoker.exe C:\WINDOWS\System32\partypoker.ico C:\WINDOWS\System32\WinStat11.dat C:\WINDOWS\System32\wdeplxbndw30104lib.dll C:\WINDOWS\System32\epx30104.exe C:\WINDOWS\System32\WinStat10.dat C:\WINDOWS\System32\WinStat10.dll C:\WINDOWS\System32\evzjujndw30103lib.dll C:\WINDOWS\system32\evzjuj.exe C:\WINDOWS\System32\pli.exe C:\WINDOWS\system32\o C:\ndw2.cab C:\Programme\SurfSideKick 3\SskBho.dll C:\Programme\SurfSideKick 3\Ssk.exe C:\Programme\SurfSideKick 3\SskCore.dll C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Ssk.log C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sskcwrd.dll C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sskknwrd.dll C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet C:\Dokumente und Einstellungen\Admin\SSK3_B5 Verticlick 8.exe PC neustarten CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html laden+ scannen http://bilder.informationsarchiv.net/Nikitas_Tools/Nailfix.zip laden+ scannen http://bilder.informationsarchiv.net/Nikitas_Tools/ewido-setup.exe mache einen neuen Onlinescan, berichte+ poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|