CreatrixMedia/neededware Hijacker O15 - Trusted Zone: http://www.neededware.

24.04.2005, 12:07
...neu hier

Beiträge: 1
#1 Hallo erst einmal, ich hatte bis jetzt noch nie Probleme mit Viren .........
Seitenanfang Seitenende
04.06.2005, 12:39
...neu hier

Beiträge: 3
#2 Hi,
Habe scheinbar das gleiche Problem wie madferrit.
Bin sämtliche Schritte durchgegangen, die genannt wurden, auch wenn an der ein oder anderen Stelle bestimmte Daten nicht existierten.
So, das neue Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:38:02, on 04.06.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Programme\Saitek\Software\Profiler.exe
C:\Programme\Saitek\Software\SaiSmart.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\DOKUME~1\Admin\LOKALE~1\Temp\dc.exe
C:\Programme\Logitech\SetPoint\KEM.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Admin\Desktop\!!!ÜBELTÄTER!!!\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gac-portal.de/forum
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programme\SurfSideKick 3\SskBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINDOWS\System32\WinStat11.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Profiler] C:\Programme\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Programme\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Task manager] taskmngr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [wdeplxb] C:\WINDOWS\System32\wdeplxb.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Task manager] taskmngr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Task manager] taskmngr.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BD] "C:\DOKUME~1\Admin\LOKALE~1\Temp\dc.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20a512ddce2b09888305/netzip/RdxIE601_de.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B4ABDD4-244C-4F33-B343-C363EBFEC783}: NameServer = 192.168.0.1,192.168.0.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{79F1AC73-12C8-4723-99C9-CE32D02901BF}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5B4ABDD4-244C-4F33-B343-C363EBFEC783}: NameServer = 192.168.0.1,192.168.0.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{5B4ABDD4-244C-4F33-B343-C363EBFEC783}: NameServer = 192.168.0.1,192.168.0.100
O18 - Protocol: bw+0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



Ich persönlich kenne mich nicht damit aus, also kann ich nur hoffen, dass ihr daraus etwas lesen könnt ;)

Getan hat sich nach der ganzen Arbeit nur eines: Ich kann mir meine Startseite wieder selber aussuchen, und sie bleitb dann auch...
Es bleiben jedoch die ewigen PopUps, die sich selbst installierenden Programme (Casino) und der Kram im TaskManager

Würde mich sehr über hilfe freuen ;)
Seitenanfang Seitenende
04.06.2005, 15:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#3 Hallo@Ami

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programme\SurfSideKick 3\SskBho.dll
O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINDOWS\System32\WinStat11.dll
O4 - HKLM\..\Run: [Task manager] taskmngr.exe
O4 - HKLM\..\Run: [wdeplxb] C:\WINDOWS\System32\wdeplxb.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [Task manager] taskmngr.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Task manager] taskmngr.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BD] "C:\DOKUME~1\Admin\LOKALE~1\Temp\dc.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab

O18 - Protocol: bw+0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B7C580A8-DF77-4CF8-AEE0-D4D31B20B59C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

PC neustarten

•KillBox
http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\DOKUME~1\Admin\LOKALE~1\Temp\dc.exe
C:\Programme\SurfSideKick 3\SskBho.dll
C:\Programme\SurfSideKick 3\Ssk.exe
C:\WINDOWS\System32\WinStat11.dll
C:\WINDOWS\System32\taskmngr.exe
C:\WINDOWS\System32\wdeplxb.exe

PC neustarten

Start--> Ausfuehren--> cmd--> kopiere nur die Eintraege der letzten Tage raus

einzeln reinkopieren:

cd\
cd %windir%\system32
dir /a:-d /o:-d > %systemdrive%\system32.txt
start %systemdrive%\system32.txt
cls
exit

cd\
cd %temp%\
dir /a:-d /o:-d > %systemdrive%\systemtemp.txt
start %systemdrive%\systemtemp.txt
cls
exit

cd\
cd %windir%
dir /a:-d /o:-d > %systemdrive%\system.txt
start %systemdrive%\system.txt
cls
exit

cd\
dir /a:-d /o:-d > %systemdrive%\sys.txt
start %systemdrive%\sys.txt
cls
exit


CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html



dann mache Onlinescans (Symantec+ Panda und andere und poste, was gefunden, aber nicht geloescht wurde)
http://virus-protect.org/onlinescan.html


---------------------------------------------

INFO:Trojan.IrcBounce
http://securityresponse.symantec.com/avcenter/venc/data/trojan.ircbounce.html
* Dll32.hlp
* Dll32nt.hlp
* Xvpll.hlp
* Httpsearch.ini
* Nt32.ini
* Gg.bat
* Seced.bat
* Tftp8675
* V.exe
* Mt.exe
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.06.2005, 18:02
...neu hier

Beiträge: 3
#4 Ok, bin dabei.

Anmerkungen:

cd\
cd %windir%\system32
dir /a:-d /o:-d > %systemdrive%\system32.txt
start %systemdrive%\system32.txt

04.06.2005 16:59 2.238 partypoker.ico
04.06.2005 16:59 9.248 WinStat11.dat
03.06.2005 08:51 159.024 WinStat11.dll
02.06.2005 20:19 3.002 CONFIG.NT
01.06.2005 15:36 49.152 wdeplxbndw30104lib.dll
01.06.2005 15:36 36.352 epx30104.exe
01.06.2005 15:36 36.352 wdeplxb.exe
29.05.2005 18:12 1.463 WinStat10.dat
29.05.2005 18:12 154.928 WinStat10.dll
27.05.2005 20:59 49.152 evzjujndw30103lib.dll
27.05.2005 20:59 39.704 evzjuj.exe
20.05.2005 23:50 372.736 aswBoot.exe
20.05.2005 23:44 90.112 AVASTSS.scr
16.05.2005 11:38 181.040 FNTCACHE.DAT
15.05.2005 23:02 380.350 perfh009.dat
15.05.2005 23:02 52.764 perfc009.dat
15.05.2005 23:02 391.000 perfh007.dat
15.05.2005 23:02 63.580 perfc007.dat
15.05.2005 23:02 897.954 PerfStringBackup.INI
12.05.2005 14:59 2.184 wpa.dbl
20.04.2005 12:39 176.167 rmoc3260.dll


cd\
cd %temp%\
dir /a:-d /o:-d > %systemdrive%\systemtemp.txt
start %systemdrive%\systemtemp.txt

04.06.2005 17:42 2.060 jusched.log
04.06.2005 17:40 746 kb.log
04.06.2005 17:34 53.870 backdoor.log
04.06.2005 14:52 0 aaxAF9.tmp
04.06.2005 11:57 16.384 ~DFDF02.tmp
04.06.2005 11:56 16.384 ~DF14DB.tmp
04.06.2005 11:50 16.384 ~DFFF30.tmp
04.06.2005 11:49 16.384 ~DFB65B.tmp
04.06.2005 11:38 26.576 Biost___.ttf
03.06.2005 14:09 0 aax2B6.tmp
03.06.2005 09:03 16.384 ~DF9A3C.tmp
03.06.2005 08:38 416 java_install_reg.log
02.06.2005 20:18 16.384 ~DFFAC4.tmp
02.06.2005 19:58 16.384 ~DFB0C6.tmp
17.05.2005 18:39 36.864 CmdLineExt02.dll


cd\
cd %windir%
dir /a:-d /o:-d > %systemdrive%\system.txt
start %systemdrive%\system.txt

04.06.2005 17:47 466.080 WindowsUpdate.log
04.06.2005 17:42 0 0.log
04.06.2005 17:42 159 wiadebug.log
04.06.2005 17:42 50 wiaservc.log
04.06.2005 17:41 2.048 bootstat.dat
04.06.2005 17:41 32.536 SchedLgU.Txt
02.06.2005 21:48 505 ODBC.INI
02.06.2005 19:56 45 IFHKHLIJ.ini
02.06.2005 16:28 106 drwatson.log
01.06.2005 15:36 816.046 setupapi.log
30.05.2005 15:21 2.498 Microsoft.MIF
26.05.2005 22:58 130.963 wmsetup.log
14.05.2005 22:05 420 nsw.log


cd\
dir /a:-d /o:-d > %systemdrive%\sys.txt
start %systemdrive%\sys.txt

04.06.2005 18:00 0 sys.txt
04.06.2005 17:59 1.145 systemtemp.txt
04.06.2005 17:58 99.545 system32.txt
04.06.2005 17:52 6.463 system.txt
04.06.2005 17:41 805.306.368 pagefile.sys



PS:
Ich kann nicht auf "http://virus-protect.org/onlinescan.html" gehen, da sonst IExplore.exe ein Problem feststellt ... ?
Dieser Beitrag wurde am 04.06.2005 um 18:06 Uhr von Ami editiert.
Seitenanfang Seitenende
04.06.2005, 19:30
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5 Hallo@Ami

Gehe in die registry


Start-->Ausfuehren-> regedit

HKEY_LOCAL_MACHINE\Software\wserv-->loeschen

"ID"="[Random CLSID]"
"LastAdShownDate"="[Initially blank]"
"LastAppInstalled"="[Initially blank]"
"LastUpdateCheck"="[Initially blank]"
"Version"="[Adware version number]"


•KillBox
http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\DOKUME~1\Admin\LOKALE~1\Temp\dc.exe
C:\Programme\SurfSideKick 3\SskBho.dll
C:\Programme\SurfSideKick 3\Ssk.exe
C:\WINDOWS\System32\WinStat11.dll
C:\WINDOWS\System32\taskmngr.exe
C:\WINDOWS\System32\wdeplxb.exe

C:\Programme\PartyPoker\PartyPoker.exe
C:\WINDOWS\System32\partypoker.ico
C:\WINDOWS\System32\WinStat11.dat
C:\WINDOWS\System32\wdeplxbndw30104lib.dll
C:\WINDOWS\System32\epx30104.exe
C:\WINDOWS\System32\WinStat10.dat
C:\WINDOWS\System32\WinStat10.dll
C:\WINDOWS\System32\evzjujndw30103lib.dll

PC neustarten

laden+ scannen

http://bilder.informationsarchiv.net/Nikitas_Tools/Nailfix.zip


laden+ scannen

http://bilder.informationsarchiv.net/Nikitas_Tools/ewido-setup.exe

dann mache Onlinescans (Symantec+ Panda und andere und poste, was gefunden, aber nicht geloescht wurde)
http://virus-protect.org/onlinescan.html
+
poste das neue Log vom HijackThis

----------------------------

Zitat

INFO:

CreatrixMedia/neededware Hijacker
C:\WINDOWS\System32\WinStat11.dll
C:\WINDOWS\System32\WinStat11.dat

C:\WINDOWS\System32\WinStat10.dat
C:\WINDOWS\System32\WinStat10.dll

C:\WINDOWS\System32\wdeplxb.exe
C:\WINDOWS\System32\wdeplxbndw30104lib.dll
C:\WINDOWS\System32\epx30104.exe
C:\WINDOWS\System32\evzjujndw30103lib.dll

O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab

HKEY_LOCAL_MACHINE\Software\wserv-->loeschen

"ID"="[Random CLSID]"
"LastAdShownDate"="[Initially blank]"
"LastAppInstalled"="[Initially blank]"
"LastUpdateCheck"="[Initially blank]"
"Version"="[Adware version number]"

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.06.2005, 21:37
...neu hier

Beiträge: 3
#6 Symantec:

C:\WINDOWS\system32\o is infected with Download.Trojan
C:\Programme\teamspeak2_RC2\KeyPress.dll is infected with PWS.Hooker.Trojan


Panda:

C:\Programme\SurfSideKick 3\SskBho.dll - Spyware:Spyware/SurfSideKick
C:\Programme\SurfSideKick 3\SskCore.dll - Spyware:Spyware/SurfSideKick
C:\PROGRA~1\SURFSI~1\Ssk.exe - Spyware:Spyware/SurfSideKick
C:\PROGRA~1\SURFSI~1\Ssk.exe - Spyware:Spyware/SurfSideKick
C:\Programme\SurfSideKick* - Spyware:Spyware/SurfSideKick
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sskcwrd.dll - Spyware:Spyware/SurfSideKick
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sskknwrd.dll - Spyware:Spyware/SurfSideKick
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Ssk.log - Spyware:Spyware/SurfSideKick
C:\Dokumente und Einstellungen\Admin\SSK3_B5 Verticlick 8.exe - Spyware:Spyware/SurfSideKick
C:\Programme\SurfSideKick 3\Ssk.exe - Spyware:Spyware/SurfSideKick
C:\Programme\SurfSideKick 3\SskBho.dll - Spyware:Spyware/SurfSideKick
C:\Programme\SurfSideKick 3\SskCore.dll - Spyware:Spyware/SurfSideKick
C:\WINDOWS\system32\evzjuj.exe - Adware:Adware/Neededware
C:\WINDOWS\system32\evzjujndw30103lib.dll - Adware:Adware/Neededware

Ansonsten 7 Viren/Trojaner/Downloader. CZM desinfiziert


Neues Log:

Logfile of HijackThis v1.99.1
Scan saved at 22:07:37, on 04.06.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Programme\Saitek\Software\Profiler.exe
C:\Programme\Saitek\Software\SaiSmart.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Logitech\SetPoint\KEM.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Admin\Desktop\!!!ÜBELTÄTER!!!\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gac-portal.de/forum
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programme\SurfSideKick 3\SskBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Profiler] C:\Programme\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Programme\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [pli] C:\WINDOWS\System32\pli.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20a512ddce2b09888305/netzip/RdxIE601_de.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B4ABDD4-244C-4F33-B343-C363EBFEC783}: NameServer = 192.168.0.1,192.168.0.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{79F1AC73-12C8-4723-99C9-CE32D02901BF}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5B4ABDD4-244C-4F33-B343-C363EBFEC783}: NameServer = 192.168.0.1,192.168.0.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{5B4ABDD4-244C-4F33-B343-C363EBFEC783}: NameServer = 192.168.0.1,192.168.0.100
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Dieser Beitrag wurde am 04.06.2005 um 22:07 Uhr von Ami editiert.
Seitenanfang Seitenende
04.06.2005, 22:10
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#7 Gehe in die registry

Start-->Ausfuehren-> regedit

HKEY_LOCAL_MACHINE\Software\wserv-->loeschen


Fixe mit dem HijackThis:

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programme\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [pli] C:\WINDOWS\System32\pli.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O15 - Trusted Zone: http://www.neededware.com

PC neustarten

•KillBox
http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\DOKUME~1\Admin\LOKALE~1\Temp\dc.exe
C:\WINDOWS\System32\WinStat11.dll
C:\WINDOWS\System32\taskmngr.exe
C:\WINDOWS\System32\wdeplxb.exe
C:\Programme\PartyPoker\PartyPoker.exe
C:\WINDOWS\System32\partypoker.ico
C:\WINDOWS\System32\WinStat11.dat
C:\WINDOWS\System32\wdeplxbndw30104lib.dll
C:\WINDOWS\System32\epx30104.exe
C:\WINDOWS\System32\WinStat10.dat
C:\WINDOWS\System32\WinStat10.dll
C:\WINDOWS\System32\evzjujndw30103lib.dll
C:\WINDOWS\system32\evzjuj.exe
C:\WINDOWS\System32\pli.exe
C:\WINDOWS\system32\o
C:\ndw2.cab
C:\Programme\SurfSideKick 3\SskBho.dll
C:\Programme\SurfSideKick 3\Ssk.exe
C:\Programme\SurfSideKick 3\SskCore.dll
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Ssk.log
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sskcwrd.dll
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sskknwrd.dll
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet
C:\Dokumente und Einstellungen\Admin\SSK3_B5 Verticlick 8.exe


PC neustarten


CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html




laden+ scannen

http://bilder.informationsarchiv.net/Nikitas_Tools/Nailfix.zip

laden+ scannen
http://bilder.informationsarchiv.net/Nikitas_Tools/ewido-setup.exe

mache einen neuen Onlinescan, berichte+ poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: