Searchweb2.com startseite / AdWare.Lop.e |
||
---|---|---|
#0
| ||
15.12.2004, 23:34
Member
Beiträge: 12 |
||
|
||
16.12.2004, 20:30
Member
Themenstarter Beiträge: 12 |
#2
kann mir jemand helfen?
|
|
|
||
16.12.2004, 20:31
Member
Themenstarter Beiträge: 12 |
#3
kann mir jemand helfen?
|
|
|
||
16.12.2004, 20:35
Member
Beiträge: 23 |
||
|
||
16.12.2004, 20:42
Member
Themenstarter Beiträge: 12 |
#5
wie meinst das?
hab mal mein logfile da rein kopiert, wie kann ich die schädlichen sachen jetzt entfernen? thx by the way |
|
|
||
16.12.2004, 20:44
Member
Themenstarter Beiträge: 12 |
#6
ah sorry hab dich falsch verstanden
ich saugs gleich und erstell ein neues logfile |
|
|
||
16.12.2004, 20:49
Member
Beiträge: 23 |
#7
die bösen files dann fixen
|
|
|
||
16.12.2004, 20:50
Member
Themenstarter Beiträge: 12 |
#8
Logfile of HijackThis v1.99.0
Scan saved at 20:49:51, on 16.12.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Network Associates\Common Framework\FrameworkService.exe C:\Programme\Network Associates\VirusScan\Mcshield.exe C:\Programme\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Messenger Plus! 3\MsgPlus.exe C:\Programme\Network Associates\VirusScan\SHSTAT.EXE C:\Programme\Network Associates\Common Framework\UpdaterUI.exe C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\PROGRA~1\SERVIC~1\bdsis.exe C:\PROGRA~1\SERVIC~1\bdsis.exe C:\Dokumente und Einstellungen\Office World\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {4C105E7F-0034-C693-B62E-B41C978E3031} - C:\DOKUME~1\OFFICE~1\ANWEND~1\MFCD01~1\Dvd win.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: (no name) - {F385BC6E-0003-ACC7-9123-CEE4221F515B} - C:\DOKUME~1\OFFICE~1\ANWEND~1\MFCD01~1\Dvd win.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Wave Vc Plan 1] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Knobpilewavevc\Extra Third.exe O4 - HKLM\..\Run: [HELPCLOSEELSEFOUR] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\insidesecondhelpclose\Comp heck.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [bone junk] C:\DOKUME~1\OFFICE~1\ANWEND~1\LOGOAX~1\DebugDeleteNurb.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.bluewin.ch O16 - DPF: ConferenceRoom Java Client - http://irc2.bluewin.ch/java/cr.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/de/filesharingctrl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O18 - Protocol: bw+0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Macromedia Licensing Service - Unknown - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Framework-Dienst - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
|
|
||
16.12.2004, 20:51
Member
Themenstarter Beiträge: 12 |
#9
war zu spät
wie fix ich die bösen files? |
|
|
||
16.12.2004, 20:51
Member
Beiträge: 23 |
#10
also wenn du das saves und dann auf www.hijackthis.de
auf durchsuchen und dann auswerten kannst du die bösen files sehen und dann fixen ok |
|
|
||
17.12.2004, 14:39
Ehrenmitglied
Beiträge: 29434 |
#11
Hallo@Chill0r
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {4C105E7F-0034-C693-B62E-B41C978E3031} - C:\DOKUME~1\OFFICE~1\ANWEND~1\MFCD01~1\Dvd win.exe O2 - BHO: (no name) - {F385BC6E-0003-ACC7-9123-CEE4221F515B} - C:\DOKUME~1\OFFICE~1\ANWEND~1\MFCD01~1\Dvd win.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Wave Vc Plan 1] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Knobpilewavevc\Extra Third.exe O4 - HKLM\..\Run: [HELPCLOSEELSEFOUR] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\insidesecondhelpclose\Comp heck.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [bone junk] C:\DOKUME~1\OFFICE~1\ANWEND~1\LOGOAX~1\DebugDeleteNurb.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O18 - Protocol: bw+0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll neustarten KillBox geh auf Delete File on Reboot und klick auf das rote Kreuz, wenn gefragt wird, ob reboot-> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" http://www.bleepingcomputer.com/files/killbox.php C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll C:\DOKUME~1\OFFICE~1\ANWEND~1\MFCD01~1\Dvd win.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Knobpilewavevc\Extra Third.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\insidesecondhelpclose\Comp heck.exe neustarten #Windows Explorer -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK" Ueberpruefe, ob die Dateien geloescht sind: C:\DOKUME~1\OFFICE~1\ANWEND~1\MFCD01~1\Dvd win.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Knobpilewavevc\Extra Third.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\insidesecondhelpclose\Comp heck.exe Datenträgerbereinigung: und Löschen der Temporary-Dateien <Start<Ausfuehren--> reinschreiben : cleanmgr loesche nur: #Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k arbeite das ab: #eScan-Erkennungstool -->entpacken und updaten wie erklaert. http://www.rokop-security.de/board/index.php?showtopic=3867 gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml und den Scanner mit der "mwav.exe" starten. Alle Häkchen setzen : Auswählen: Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory -->und "Scan " klicken. <Öffne die mwav.log [oder: -->klick: "view Log" ] -> Bearbeiten -> Suchen -> Wenn man infizierte Dateien in dem "eScan- Log" finden will, sollte man nach infected suchen und die Einträge hier posten, bzw die Dateien im abgesicherten Modus loeschen Dann poste das neue Log noch einmal. __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 17.12.2004 um 14:40 Uhr von Sabina editiert.
|
|
|
||
17.12.2004, 21:40
...neu hier
Beiträge: 3 |
#12
Hallo Leute.
Eure Seite wurde mir von Bekannten eines anderen Forums empfohlen und ich muss sagen es ist toll wie ihr anderen mit Problemen helft und vor allem euch die Zeit dafür nehmt. Das sieht man selten noch. Natürlich wurde mir eure Seite nicht ohne Grund empfohlen. Ich hab auch so ein Sch.... Problem mit Homeserch oder so..., jedenfalls kommt immer diese Seite als meine Startseite. Ich poste mal meinen Hijack: Logfile of HijackThis v1.98.2 Scan saved at 21:24:18, on 17.12.2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\PROGRA~1\Navnt\navapsvc.exe C:\PROGRA~1\Navnt\npssvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\PROGRA~1\Navnt\alertsvc.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\Programme\Java\jre1.5.0\bin\jusched.exe C:\Programme\Navnt\navapw32.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\WINNT\system32\d3oe.exe C:\WINNT\system32\wintg.exe C:\DOKUME~1\THOMAS~1\LOKALE~1\Temp\mwavscan.com C:\DOKUME~1\THOMAS~1\LOKALE~1\Temp\kavss.exe C:\Programme\Symantec\pcAnywhere\Winaw32.exe G:\Income\hijackthis_198\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\oquqb.dll/sp.html#24098 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\oquqb.dll/sp.html#24098 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\oquqb.dll/sp.html#24098 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\oquqb.dll/sp.html#24098 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\oquqb.dll/sp.html#24098 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\oquqb.dll/sp.html#24098 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\oquqb.dll/sp.html#24098 R3 - Default URLSearchHook is missing O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll O2 - BHO: (no name) - {53964538-2E6C-15F4-EDE3-42B484B586B1} - C:\WINNT\system32\netik32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [wintg.exe] C:\WINNT\system32\wintg.exe O4 - HKLM\..\RunOnce: [d3oe.exe] C:\WINNT\system32\d3oe.exe O4 - Global Startup: EPSON Status Monitor 3.2 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programme\GetRight\getright.exe O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programme\Navnt\navapw32.exe O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O15 - Trusted Zone: *.awmdabest.com O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F65C5E51-AA56-49B6-9843-D4B65D306465}: NameServer = 212.185.253.9,192.168.0.1 Es wäre super Nett wenn ihr mir auch weiter helfen könntet. Gruß Woerni. Dieser Beitrag wurde am 17.12.2004 um 23:38 Uhr von Sabina editiert.
|
|
|
||
18.12.2004, 00:14
Ehrenmitglied
Beiträge: 29434 |
#13
Hallo@Woerni
AboutBuster.zip downloaden, einen neuen Ordner anlegen und alle Dateien in diesen Ordner entpacken. AboutBuster starten und updaten. Noch nicht scannen lassen. www.malwarebytes.biz/AboutBuster.zip AdAware downloaden, installieren und updaten. Ebenfalls noch nicht scannen lassen. http://www.lavasoft.de/support/download/ _______________________________________________________________ Windows so einstellen, daß alle Dateien angezeigt werden (Systemsteuerung - Ordneroptionen - Ansicht - "Alle Dateien und Ordner anzeigen" aktivieren und "Geschützte Systemdateien ausblenden" deaktivieren). Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fix.reg auf dem Desktop speichern. ------------------------------------------------------------------------------------------------------------------ REGEDIT4 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_O?*001E*2019*017DRT*00F1*00E5*00C8*00B2$*000E*00D3] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\O?’ŽrtñåȲ$Ó] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\½O.#ž‚„õØ´â] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY___NS_SERVICE_3] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY___NS_SERVICE_3] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__NS_Service_3] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW] ------------------------------------------------------------------------------------------------------------------------ Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). http://www.tu-berlin.de/www/software/virus/savemode.shtml Die Datei fix.reg auf dem Desktop doppelklicken. #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\oquqb.dll/sp.html#24098 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\oquqb.dll/sp.html#24098 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\oquqb.dll/sp.html#24098 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\oquqb.dll/sp.html#24098 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\oquqb.dll/sp.html#24098 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\oquqb.dll/sp.html#24098 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\oquqb.dll/sp.html#24098 R3 - Default URLSearchHook is missing O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll O2 - BHO: (no name) - {53964538-2E6C-15F4-EDE3-42B484B586B1} - C:\WINNT\system32\netik32.dll O4 - HKLM\..\Run: [wintg.exe] C:\WINNT\system32\wintg.exe O4 - HKLM\..\RunOnce: [d3oe.exe] C:\WINNT\system32\d3oe.exe O15 - Trusted Zone: *.awmdabest.com O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab Button "Fix checked" Loesche: <C:\WINNT\system32\netik32.dll <C:\WINNT\oquqb.dll <C:\WINNT\system32\wintg.exe <C:\WINNT\system32\d3oe.exe scanne mit AbuotBuster, Adaware und dem Symantec und eScan (mwav.exe) --> loesche dann noch alles, was der eScan anzeigt. #Datenträgerbereinigung: und Löschen der Temporary-Dateien <Start<Ausfuehren--> reinschreiben : cleanmgr loesche nur: #Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein Dann poste das Log noch einmal. Poste bitte ein anders HijackThis: HijackThis/1.99 BETA Version Download: http://www.merijn.org/files/beta/hijackthis199_beta.zip Alternativ: http://www.hijackthis.de/downloads/...his199_beta.zip Lade/entpacke das Tool --> scan --> save--> es öffnet sich der Editor --> nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfüge __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 18.12.2004 um 00:20 Uhr von Sabina editiert.
|
|
|
||
18.12.2004, 17:46
Member
Themenstarter Beiträge: 12 |
#14
das sind meine viren, wie soll ich da am besten vorgehen um die zu löschen?
File C:\Programme\NewDotNet\newdotnet6_30.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\ANWEND~1\MFCD01~1\DVDWIN~1.EXE infected by "TrojanDownloader.Win32.Swizzor.bo" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\ANWEND~1\LOGOAX~1\DebugDeleteNurb.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Value Radio-veo-10049.exe tagged as not-a-virus:RiskWare.Dialer.Hacker. No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\92a38bd1.exe infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\97891337.exe infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\aewrosas.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\bplgrwet.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\ecnivfcl.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\gcarjzsq.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\gplrrfxy.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\jglygpzr.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\khpcsswp.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\iceqf.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\nrstduey.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\pfwqfnkh.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\rmiwawaq.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\siydoocg.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\slgkrpkf.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\tikbwdbe.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\tvbzzopf.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\tybemvfu.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\vomqnujd.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\OFFICE~1\LOKALE~1\Temp\wyuevcom.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\!Submit\Extra Third.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\insidesecondhelpclose\bendacid.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Knobpilewavevc\pop amok.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Flurin\Lokale Einstellungen\Temp\istactivex.exe infected by "TrojanDownloader.Win32.IstBar.bt" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\Ante Copy Play.exe infected by "TrojanDownloader.Win32.Swizzor.cb" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\DebugDeleteNurb.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\dupesetuppoplist.exe infected by "Trojan-Downloader.Win32.Swizzor.cc" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\jkolqicg.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\jyouw.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\jypsbjpq.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\llqzqwoy.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\Mfcd01Title\Dvd win.exe infected by "TrojanDownloader.Win32.Swizzor.bo" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Desktop\backups\backup-20041218-131122-597.dll infected by "TrojanDownloader.Win32.Swizzor.bo" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\92a38bd1.exe infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\97891337.exe infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\aewrosas.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\bplgrwet.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\ecnivfcl.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\gcarjzsq.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\gplrrfxy.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\jglygpzr.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\khpcsswp.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\iceqf.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\nrstduey.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\pfwqfnkh.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\rmiwawaq.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\siydoocg.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\slgkrpkf.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\tikbwdbe.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\tvbzzopf.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\tybemvfu.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\vomqnujd.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\wyuevcom.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Programme\C2Media\Setup.exe infected by "Trojan-Downloader.Win32.Swizzor.cg" Virus. Action Taken: No Action Taken. File C:\Programme\Macromedia\Macromedia_Flash\setup\Flash_Video_Exporter.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Programme\NewDotNet\newdotnet6_30.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. File C:\Programme\setup\Flash_Video_Exporter.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP260\A0296218.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP264\A0298571.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP264\A0298572.exe infected by "TrojanDownloader.Win32.Swizzor.cb" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP264\A0298573.exe infected by "Trojan-Downloader.Win32.Swizzor.cc" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP264\A0298574.exe infected by "TrojanDownloader.Win32.Swizzor.bo" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP265\A0298595.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP265\A0298596.exe infected by "TrojanDownloader.Win32.Swizzor.bo" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP265\A0298597.exe infected by "TrojanDownloader.Win32.Swizzor.cb" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP265\A0298598.exe infected by "Trojan-Downloader.Win32.Swizzor.cc" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP267\A0301062.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP267\A0301063.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP270\A0307022.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP270\A0307023.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP270\A0307024.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP289\A0312273.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP293\snapshot\MFEX-13.DAT infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP293\snapshot\MFEX-16.DAT infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP293\snapshot\MFEX-17.DAT infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP293\snapshot\MFEX-18.DAT infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP294\snapshot\MFEX-13.DAT infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP294\snapshot\MFEX-16.DAT infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP294\snapshot\MFEX-17.DAT infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP294\snapshot\MFEX-18.DAT infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP296\A0316715.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP296\A0316724.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{1A18613B-1434-440A-9F2D-D7E2152318BC}\RP296\A0316725.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken. File C:\Temp\WebRebates_Auto_InstallSilent_Euro.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Value Radio-veo-10049.exe tagged as not-a-virus:RiskWare.Dialer.Hacker. No Action Taken. File C:\WINDOWS\Value Radio-veo-10049.exe tagged as not-a-virus:RiskWare.Dialer.Hacker. No Action Taken. |
|
|
||
18.12.2004, 23:02
Ehrenmitglied
Beiträge: 29434 |
#15
Hallo@Chill0r
#Windows Explorer -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK" 1.Schritt: Deaktivieren Wiederherstellung «XP http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924 2.Schritt: Lade: #LSPfix.exe http://www10.brinkster.com/expl0iter/freeatlast/L2M/ts.htm <"I know what I'm doing" bringe die "newdotnet6_30.dll" von der linken auf die rechte Seite und loesche sie. Lade die Killbox: http://www.bleepingcomputer.com/files/killbox.php <gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml 3.Schritt: Loesche manuell: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\insidesecondhelpclose\bendacid.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Knobpilewavevc\pop amok.exe C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\Ante Copy Play.exe C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\DebugDeleteNurb.exe C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\dupesetuppoplist.exe C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\jkolqicg.exe C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\jypsbjpq.exe C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\llqzqwoy.exe C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\Mfcd01Title\Dvd win.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\insidesecondhelpclose\Comp heck.exe die musst du noch mal im Log vom eScan nachsehenwegen dem korrekten Pfad C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\??iceqf.exe --->?? i c e q f .exe C:\Dokumente und Einstellungen\Office World\Anwendungsdaten\logoaxisdead\??jyouw.exe --> ??j y o u w .exe ----------------------------------------------------------------------------- C:\Temp\WebRebates_Auto_InstallSilent_Euro.exe C:\Dokumente und Einstellungen\Flurin\Lokale Einstellungen\Temp\istactivex.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\92a38bd1.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\97891337.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\aewrosas.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\bplgrwet.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\ecnivfcl.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\gcarjzsq.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\gplrrfxy.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\jglygpzr.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\khpcsswp.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\nrstduey.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\pfwqfnkh.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\rmiwawaq.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\siydoocg.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\slgkrpkf.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\tikbwdbe.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\tvbzzopf.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\tybemvfu.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\vomqnujd.exe C:\Dokumente und Einstellungen\Office World\Lokale Einstellungen\Temp\wyuevcom.exe ............................................................................................................. 4.Schritt: -->Löschen/mit der Killbox: geh auf Delete File on Reboot und klick auf das rote Kreuz, wenn gefragt wird, ob reboot-> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\Value Radio-veo-10049.exe C:\!Submit\Extra Third.exe C:\Dokumente und Einstellungen\Office World\Desktop\backups\backup-20041218-131122-597.dll C:\Programme\C2Media\Setup.exe Neustarten und gehe wieder in den abgesicherten Modus -------------------------------------------------------- Datenträgerbereinigung: und Löschen der Temporary-Dateien <Start<Ausfuehren--> reinschreiben : cleanmgr loesche nur: #Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k (nicht die Ordner selbst loeschen !...die index.ini darf nicht geloescht werden) 1) Start --> Ausfuehren --> typ ein: %systemroot%/temp 2) Start --> Ausfuehren --> typ ein: %temp% danach scannst du noch mal mit eScan und berichtest. und poste das neue Log vom HijackThis. #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 19.12.2004 um 16:00 Uhr von Sabina editiert.
|
|
|
||
Hier mein grosses Logfile:
Logfile
Logfile of HijackThis v1.98.2
Scan saved at 20:56:16, on 15.12.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Messenger Plus! 3\MsgPlus.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\Office World\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rvjlmnwsargdghkgwamq.info/psG...Xu_Nxa6aUT.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.llzbbjdjhpgvakcffnbwmip.us/ps...a379IjqNcwo.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about :blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_30.dll
O2 - BHO: (no name) - {4C105E7F-0034-C693-B62E-B41C978E3031} - C:\DOKUME~1\OFFICE~1\ANWEND~1\MFCD01~1\Dvd win.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: (no name) - {F385BC6E-0003-ACC7-9123-CEE4221F515B} - C:\DOKUME~1\OFFICE~1\ANWEND~1\MFCD01~1\Dvd win.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Wave Vc Plan 1] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Knobpilewavevc\Extra Third.exe
O4 - HKLM\..\Run: [HELPCLOSEELSEFOUR] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\insidesecondhelpclose\Comp heck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [bone junk] C:\DOKUME~1\OFFICE~1\ANWEND~1\LOGOAX~1\DebugDeleteNurb.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.bluewin.ch
O16 - DPF: ConferenceRoom Java Client - http://irc2.bluewin.ch/java/cr.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab30149.cab
O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/Ap...sharingctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...StatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: bw+0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B84199FD-52A6-4C1F-BA80-B19247B498B3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll