hclean - Virus? |
||
|---|---|---|
| #0
| ||
|
07.09.2005, 19:16
Member
Beiträge: 16 |
||
 
|
|
|
|
07.09.2005, 19:17
Member
 Beiträge: 4730 |
#2
Bitte poste uns ein HJT-Log (HJT = HijackThis)
http://virus-protect.org/hjtkurz.html __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
|
|
07.09.2005, 22:09
Member
Themenstarter Beiträge: 16 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 22:05:20, on 07.09.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\Medion\KeyStat\KeyStat.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE C:\Programme\Lexmark X6100 Series\lxbfbmon.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Logitech\ImageStudio\LogiTray.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe C:\Programme\T-Online\DSL-Manager\TODslMgr.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\T-Online\DSL-Manager\TODslSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spyware Doctor\swdoctor.exe C:\Programme\STK013\STK013M.exe C:\Programme\T-DSL SpeedManager\tsmsvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\EMAIL\MAIL.EXE C:\Programme\Messenger\msmsgs.exe C:\DOKUME~1\WOLFGA~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {A1FBD273-F20B-DB62-05D2-61DD92A0AF40} - newbreed.dll (file missing) R3 - URLSearchHook: (no name) - {8EFF6F59-C256-4B3B-0884-32353FB99CC5} - TorontoMail.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe" O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [dmtvp.exe] C:\WINDOWS\system32\dmtvp.exe O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: STK013 PNP Monitor.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Supreme Auction - {DFE4453A-65DF-47d5-BF37-3D0FD37FBDBB} - C:\Programme\Supreme Auction\SupremeAuction.exe (HKCU) O10 - Broken Internet access because of LSP provider 'spacklsp.dll' missing O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106843944468 O17 - HKLM\System\CCS\Services\Tcpip\..\{1EC6C75F-989F-4872-9983-DF85B799FBB4}: NameServer = 69.50.161.131,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{75A97163-E50C-45E0-B21D-B530BB2A3D29}: NameServer = 69.50.161.131,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{B8789A12-3370-49EA-BAF7-CAB946A947D3}: NameServer = 69.50.161.131,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{D76C5633-2BA5-4D1D-9802-C56DE437DEE0}: NameServer = 69.50.161.131,85.255.112.10 O18 - Protocol: bw+0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe So, habe ich alles richtig gemacht? Wer hilft? Danke Dieser Beitrag wurde am 08.09.2005 um 14:49 Uhr von Wolfgang2912 editiert.
|
|
|
|
|
|
|
08.09.2005, 15:17
Member
Beiträge: 4730 |
#4
Überprüfe bei http://www.virustotal.com folgende Dateien:
C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\dmtvp.exe Wenn die Dateien als "clean" aus dem Scan kommen, nochmals bei http://virusscan.jotti.org/de/ überprüfen (um sicher zu gehen). Teile das Ergebnis mit. HJT öffnen, den Scan ausführen und vor folgende Einträge ein Häkchen setzen. Danach auf "fix checked" klicken. R3 - URLSearchHook: (no name) - {A1FBD273-F20B-DB62-05D2-61DD92A0AF40} - newbreed.dll (file missing) R3 - URLSearchHook: (no name) - {8EFF6F59-C256-4B3B-0884-32353FB99CC5} - TorontoMail.dll (file missing) O9 - Extra button: Supreme Auction - {DFE4453A-65DF-47d5-BF37-3D0FD37FBDBB} - C:\Programme\Supreme Auction\SupremeAuction.exe (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{1EC6C75F-989F-4872-9983-DF85B799FBB4}: NameServer = 69.50.161.131,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{75A97163-E50C-45E0-B21D-B530BB2A3D29}: NameServer = 69.50.161.131,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{B8789A12-3370-49EA-BAF7-CAB946A947D3}: NameServer = 69.50.161.131,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{D76C5633-2BA5-4D1D-9802-C56DE437DEE0}: NameServer = 69.50.161.131,85.255.112.10 Außerdem alle Einträge mi O18 (Desktop-Messenger-Protokoll. Das ist nämlich unnötig) Verwende nur einen Virenscanner (denn wie ich sehe, sind Norton AntiVirus und AntiVir aktiv). Deinstalliere AntiVir. Zwei Virenscanner behindern sich gegenseitig und können das System extrem verlangsamen. Mehr kann ich momentan nicht sagen. Zuerst brauche ich das Ergebnis von den Scans, weil sonst alle weiteren Reinigungsanweisungen womöglich fehlschlagen. Du kannst aber schon mal das Programm Killbox von http://virus-protect.org/killbox.html herunterladen und entpacken. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
|
|
08.09.2005, 16:02
Ehrenmitglied
 Beiträge: 29434 |
#5
Hallo@Wolfgang2912
um deiner Bitte per PM nachzukommen  •Download Registry Search Tool : http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip Doppelklick:regsrch.vbs reinkopieren: hclean.exe Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) Find T.zip http://forums.net-integration.net/index.php?act=Attach&type=post&id=156424 in C:\ entpacken -- öffne "FindT" folder -- klicke (runthis.bat) -- poste die txt (Textdatei) in den Thread Datfindbat(bitte die Pfade mit abkopieren) http://virus-protect.org/datfindbat.html rkfiles.zip - entpacken http://skads.org/special/rkfiles.zip gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml - Doppelklick(Ausfuehren)--rkfiles.bat -- warten bis sich das DOS-Fenster schliesst--- poste C:\log.txt Find_Qoologic.zip: http://forums.net-integration.net/index.php?act=Attach&type=post&id=134981 *Speichere dir Datei auf dem Desktop und doppelklick *entpacken extract) in C:\FindQoologic. *FindQoologic -- klicke Find-Qoologic.bat. *wenn eine Warnung erscheint -- "script/batch file trying to run",schliesse sie. *warte, bis eine Textdatei erstellt wird (auch wenn es lange dauert)-- kopiere sie in deinen Thread (readme.txt) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
08.09.2005, 21:21
Member
Themenstarter Beiträge: 16 |
#6
@Managor
In den beiden Virussuchprogrammen kein Virus gefunden. Den Rest habe ich wie angegeben gemacht. Und jetzt? @Sabrina •Download Registry Search Tool : http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip Doppelklick:regsrch.vbs gemacht, dann erscheint ein Fenster von Norton Ut. - bölsartiger Script in... !!!??? Soll ich den Rest ausführen??? |
|
|
|
|
|
|
08.09.2005, 22:43
Ehrenmitglied
Beiträge: 29434 |
#7
Zitat gemacht, dann erscheint ein Fenster von Norton Ut. - bölsartiger Script in... !!!???ignorieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
08.09.2005, 23:00
Member
Themenstarter Beiträge: 16 |
#8
@Sabrina
oK. habe es ignoriert und das ist das Ergebnis: REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "hclean" 08.09.2005 22:58:45 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_USERS\S-1-5-21-49570118-3567465296-3110187448-1008\Software\Microsoft\Search Assistant\ACMru\5603] "000"="hclean" [HKEY_USERS\S-1-5-21-49570118-3567465296-3110187448-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*] "g"="C:\\WINDOWS\\system32\\hclean32.exe" [HKEY_USERS\S-1-5-21-49570118-3567465296-3110187448-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe] "h"="C:\\WINDOWS\\system32\\hclean32.exe" Und jetzt? |
|
|
|
|
|
|
08.09.2005, 23:12
Ehrenmitglied
Beiträge: 29434 |
#9
bevor du die anderen Sachen abarbeitest:
Start-->Ausfuehren--> regedit HKEY_USERS\S-1-5-21-49570118-3567465296-3110187448-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\ poste mir alle Dateien, die dort aufgefuehrt werden C:\\WINDOWS\\system32\\hclean32.exe und ???? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
08.09.2005, 23:28
Member
Themenstarter Beiträge: 16 |
#10
[HKEY_USERS\S-1-5-21-49570118-3567465296-3110187448-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"a"="C:\\Dokumente und Einstellungen\\Wolfgang Diehl\\Eigene Dateien\\Eigene Dokumente\\gkati_radwxp.exe" @Sabina Ich gehe davon aus, dass ich die *.exe - Dateien posten sollte. Hier das Ergebnis: "MRUList"="hijgfedcba" "b"="C:\\Dokumente und Einstellungen\\Wolfgang Diehl\\Eigene Dateien\\Eigene Dokumente\\sdsetup.exe" "c"="C:\\Dokumente und Einstellungen\\Wolfgang Diehl\\Eigene Dateien\\Eigene Dokumente\\rminstall.exe" "d"="C:\\Dokumente und Einstellungen\\Wolfgang Diehl\\Eigene Dateien\\Eigene Dokumente\\kav5.0.383trial_personalen.exe" "e"="C:\\Dokumente und Einstellungen\\Wolfgang Diehl\\Eigene Dateien\\Eigene Dokumente\\aawsepersonal.exe" "f"="C:\\WINDOWS\\explorer.exe" "g"="C:\\Programme\\Windows NT\\dialer.exe" "h"="C:\\WINDOWS\\system32\\hclean32.exe" "i"="C:\\WINDOWS\\system32\\snmp.exe" "j"="C:\\WINDOWS\\system32\\dmremote.exe" |
|
|
|
|
|
|
08.09.2005, 23:41
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
09.09.2005, 00:27
Member
Themenstarter Beiträge: 16 |
#12
Find T.zip
http://forums.net-integration.net/index.php?act=Attach&type=post&id=156424 in C:\ entpacken -- öffne "FindT" folder -- klicke (runthis.bat) -- poste die txt (Textdatei) in den Thread Antwort: PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Search by size and names... Datfindbat(bitte die Pfade mit abkopieren) http://virus-protect.org/datfindbat.html Ergebnis: Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F0ED-29D3 Verzeichnis von C:\WINDOWS\system32 07.09.2005 23:56 643.471 woinst32.exe 07.09.2005 23:55 45.568 hlmicro.exe 07.09.2005 23:55 5.632 hwiper.exe 07.09.2005 23:55 51.200 csawq.exe 06.09.2005 22:13 2.206 wpa.dbl 05.09.2005 00:10 654.111 filesafer.exe 04.09.2005 18:22 483 oeminfo.ini 04.09.2005 18:22 18.386 OEMLOGO.BMP 04.09.2005 17:36 45.568 ntfsnlpa.exe 04.09.2005 17:36 4.096 hclean32.exe 03.09.2005 23:56 282.928 FNTCACHE.DAT 03.09.2005 23:33 20.970 FFASTLOG.TXT 03.09.2005 22:26 383.262 perfh009.dat 03.09.2005 22:26 54.412 perfc009.dat 03.09.2005 22:26 394.678 perfh007.dat 03.09.2005 22:26 65.538 perfc007.dat 03.09.2005 22:26 907.762 PerfStringBackup.INI 03.09.2005 22:02 32.265 $winnt$.inf 03.09.2005 21:58 16.832 amcompat.tlb 03.09.2005 21:58 23.392 nscompat.tlb 03.09.2005 21:57 488 WindowsLogon.manifest 03.09.2005 21:57 488 logonui.exe.manifest 03.09.2005 21:57 749 sapi.cpl.manifest 03.09.2005 21:57 749 ncpa.cpl.manifest 03.09.2005 21:57 749 cdplayer.exe.manifest 03.09.2005 21:57 749 wuaucpl.cpl.manifest 03.09.2005 21:57 749 nwc.cpl.manifest 03.09.2005 21:56 23.588 emptyregdb.dat 03.09.2005 21:56 6.749 mapisvc.inf 02.09.2005 22:27 140.033 NULL 01.09.2005 23:42 705 dgprpsetup.exe 01.09.2005 00:31 643.471 loadctr32.exe 01.09.2005 00:30 54.792 csxbr.exe 28.08.2005 14:06 53.248 hklspl.dll 28.08.2005 14:06 245.760 diddl_kino.scr Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F0ED-29D3 Verzeichnis von C:\DOKUME~1\WOLFGA~1\LOKALE~1\Temp 08.09.2005 22:59 868 sOutTmp225819.tmp 08.09.2005 22:55 16.384 Perflib_Perfdata_900.dat 08.09.2005 22:47 16.384 Perflib_Perfdata_2c0.dat 08.09.2005 22:30 11.384 $$$11.html 05.09.2005 04:06 71 DFC5A2B2.TMP 22.03.2005 21:22 24.613 IadHide5.dll 6 Datei(en) 69.704 Bytes 0 Verzeichnis(se), 62.721.519.616 Bytes frei rkfiles.zip - entpacken http://skads.org/special/rkfiles.zip gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml - Doppelklick(Ausfuehren)--rkfiles.bat -- warten bis sich das DOS-Fenster schliesst--- poste C:\log.txt Das muss ich dann wohl nachliefern, da ich neu starten muss.. Oder? Find_Qoologic.zip: http://forums.net-integration.net/index.php?act=Attach&type=post&id=134981 *Speichere dir Datei auf dem Desktop und doppelklick *entpacken extract) in C:\FindQoologic. *FindQoologic -- klicke Find-Qoologic.bat. *wenn eine Warnung erscheint -- "script/batch file trying to run",schliesse sie. *warte, bis eine Textdatei erstellt wird (auch wenn es lange dauert)-- kopiere sie in deinen Thread (readme.txt) Antwort: Find Qoologic last edited 9/02/2005 PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. some examples are MRT.EXE NTDLL.DLL. »»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»» »»»»» Search by size and name... »»»»» Files found by this method are not necessarily bad... »»»»» Example PNGFILT.DLL ctl3d32.dll are windows files... |
|
|
|
|
|
|
09.09.2005, 00:39
Ehrenmitglied
Beiträge: 29434 |
#13
es fehlen die C:\WINDOWS\ und C:\ bei datfindbat.--> es sind im Ganzen 4 Logs, die in der bat-Datei sind....
rechtsklick auf die Datei--->Eigenschaften (wozu gehoert diese exe ??? Erstellungsdatum ? ) C:\\Dokumente und Einstellungen\\Wolfgang Diehl\\Eigene Dateien\\Eigene Dokumente\\gkati_radwxp.exe" silentrunners http://virus-protect.org/silentrunner.html http://www.silentrunners.org/sr_download.html gehe auf: Zitat: Click here to download a zip file. hier die Erklaerung: http://www.silentrunners.org/sr_scriptuse.html klicke: output file is in text format. --> Doppelklick und es oeffnet sich der Editor--> und poste alles, was angezeigt wird. ------------------------------------------------------- ist fuer mich: /Sammlung h"="C:\\WINDOWS\\system32\\hclean32.exe" "i"="C:\\WINDOWS\\system32\\snmp.exe" 07.09.2005 23:56 643.471 woinst32.exe 07.09.2005 23:55 45.568 hlmicro.exe 07.09.2005 23:55 5.632 hwiper.exe 07.09.2005 23:55 51.200 csawq.exe 05.09.2005 00:10 654.111 filesafer.exe 04.09.2005 17:36 45.568 ntfsnlpa.exe 04.09.2005 17:36 4.096 hclean32.exe 01.09.2005 23:42 705 dgprpsetup.exe 01.09.2005 00:31 643.471 loadctr32.exe 01.09.2005 00:30 54.792 csxbr.exe 28.08.2005 14:06 53.248 hklspl.dll 08.09.2005 22:30 11.384 $$$11.html C:\WINDOWS\system32\hwiper.exe newbreed.dll TorontoMail.dll csqjc.exe C:\WINDOWS\system32\dmtvp.exe O10 - Broken Internet access because of LSP provider 'spacklsp.dll' missing O17 - HKLM\System\CCS\Services\Tcpip\..\{1EC6C75F-989F-4872-9983-DF85B799FBB4}: NameServer = 69.50.161.131,85.255.112.10 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.09.2005, 01:05
Member
Themenstarter Beiträge: 16 |
#14
silentrunners
http://virus-protect.org/silentrunner.html http://www.silentrunners.org/sr_download.html gehe auf: Zitat: Click here to download a zip file. hier die Erklaerung: http://www.silentrunners.org/sr_scriptuse.html klicke: output file is in text format. --> Doppelklick und es oeffnet sich der Editor--> und poste alles, was angezeigt wird. Ergebnis: "Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "LDM" = "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Spyware Doctor" = ""C:\Programme\Spyware Doctor\swdoctor.exe" /Q" ["PCTools"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "Dit" = "Dit.exe" ["ICSI Technology Ltd."] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"] "Keyboard Status" = "C:\PROGRA~1\Medion\KeyStat\KeyStat.exe" [null data] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "PCMService" = ""C:\Programme\Home Cinema\PowerCinema\PCMService.exe"" ["CyberLink Corp."] "Lexmark X6100 Series" = ""C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe"" ["Lexmark International, Inc."] "DXM6Patch_981116" = "C:\WINDOWS\p_981116.exe /Q:A" [MS] "LVCOMS" = "C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE" ["Logitech Inc."] "LogitechGalleryRepair" = "C:\Programme\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."] "LogitechImageStudioTray" = "C:\Programme\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."] "ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "ccRegVfy" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"] "T-DSL SpeedMgr" = ""C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"" ["T-Systems Nova, Berkom"] "T-Online DSL-Manager" = ""C:\Programme\T-Online\DSL-Manager\TODslMgr.exe"" ["T-Systems International GmbH"] "UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u" [MS] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS] "hwiper.exe" = "C:\WINDOWS\system32\hwiper.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll" ["PC Tools"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] {B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office\soa800.dll" [MS] "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Sammelmappen-Teiler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office\UNBIND.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office\olkfstub.dll" [MS] "{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS] "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension" -> {CLSID}\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ INFECTION WARNING! "System" = "csqjc.exe" [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {CLSID}\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {CLSID}\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Wolfgang Diehl\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\DIDDL_~1.SCR" (diddl_kino.scr) ["I-D Media AG"] Startup items in "Wolfgang Diehl" & "All Users" startup folders: ---------------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "STK013 PNP Monitor" -> shortcut to: "C:\Programme\STK013\STK013M.exe" [empty string] Enabled Scheduled Tasks: ------------------------ "1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"] "Norton AntiVirus - Meinen Computer prüfen" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOKUME~1\ALLUSE~1\ANWEND~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"] "Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: spacklsp.dll [null data], 01 - 05, 45 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 44 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll" ["Sun Microsystems, Inc."] {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ "ButtonText" = "Spyware Doctor" "CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."] {B205A35E-1FC4-4CE3-818B-899DBBB3388C}\ Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): "{8EFF6F59-C256-4B3B-0884-32353FB99CC5}" = "TorontoMail" -> {CLSID}\InProcServer32\(Default) = "TorontoMail.dll" [file not found] HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! "MGINavigationCanceled" = (empty string) HIJACK WARNING! "MGIWelcome" = (empty string) HIJACK WARNING! "MGIOfflineInformation" = (empty string) HIJACK WARNING! "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 1 domain name to an IP address, 1 of the IP addresses is *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe" ["America Online, Inc."] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe" [null data] CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"" [empty string] CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"" ["Cyberlink"] CyberLink Task Scheduler (CTS), CLSched, ""C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"" [empty string] HTTP-SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} IPv6-Hilfsdienst, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]} LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Programme\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] SAP-Agent, NwSapAgent, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]} Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Licensing Detect Internet Connection, DJSNETCN, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe"" ["Symantec Corporation"] SymWMI Service, SymWSC, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"] T-Online DSL-Manager, TODslService, ""C:\Programme\T-Online\DSL-Manager\TODslSvc.exe"" ["T-Systems International GmbH"] TSMService, TSMService, ""C:\Programme\T-DSL SpeedManager\tsmsvc.exe"" ["T-Systems Nova, Berkom"] WMI-Leistungsadapter, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS] X10 Device Network Service, x10nets, "C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe" ["X10"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 58 seconds, including 7 seconds for message boxes) |
|
|
|
|
|
|
09.09.2005, 01:15
Ehrenmitglied
Beiträge: 29434 |
#15
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
R3 - URLSearchHook: (no name) - {A1FBD273-F20B-DB62-05D2-61DD92A0AF40} - newbreed.dll (file missing) R3 - URLSearchHook: (no name) - {8EFF6F59-C256-4B3B-0884-32353FB99CC5} - TorontoMail.dll (file missing) O9 - Extra button: Supreme Auction - {DFE4453A-65DF-47d5-BF37-3D0FD37FBDBB} - C:\Programme\Supreme Auction\SupremeAuction.exe (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{1EC6C75F-989F-4872-9983-DF85B799FBB4}: NameServer = 69.50.161.131,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{75A97163-E50C-45E0-B21D-B530BB2A3D29}: NameServer = 69.50.161.131,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{B8789A12-3370-49EA-BAF7-CAB946A947D3}: NameServer = 69.50.161.131,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{D76C5633-2BA5-4D1D-9802-C56DE437DEE0}: NameServer = 69.50.161.131,85.255.112.10 O4 - HKLM\..\Run: [dmtvp.exe] C:\WINDOWS\system32\dmtvp.exe O18 - Protocol: bw+0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {5D7D16F7-A666-4330-BD08-E3C32F057A40} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll PC neustarten •LSPfix.exe http://www.spychecker.com/program/lspfix.html hake an: "I know what Im doing"-->Remove und loesche die spacklsp.dll (eventuell musst du die dll von links nach rechts bringen) oben im Browser: Datei -- Seite speichern unter.. -- wähle "Desktop" -- speichern (dann erscheint eine wareout.reg auf dem Desktop) http://virus-protect.org/reg/wareout.reg •KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\hwiper.exe C:\WINDOWS\system32\newbreed.dll C:\WINDOWS\system32\TorontoMail.dll C:\WINDOWS\system32\csqjc.exe C:\WINDOWS\system32\dmtvp.exe C:\WINDOWS\system32\woinst32.exe C:\WINDOWS\system32\hlmicro.exe C:\WINDOWS\system32\csawq.exe C:\WINDOWS\system32\filesafer.exe C:\WINDOWS\system32\ntfsnlpa.exe C:\WINDOWS\RDT.INI C:\WINDOWS\BALLOON.WAV C:\WINDOWS\system32\hclean32.exe C:\WINDOWS\system32\dgprpsetup.exe C:\WINDOWS\system32\loadctr32.exe C:\WINDOWS\system32\csxbr.exe C:\DOKUME~1\WOLFGA~1\LOKALE~1\Temp\$$$11.html C:\WINDOWS\system32\hwiper.exe PC neustarten Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "wareout.reg" auf dem Desktop doppelklicken und bestaetigen, dass sie der Registry beigefuegt wird. WareOut<---deinstallieren loeschen C:\Programme\WareOut Press 'Restore Original Hosts' and press 'OK' Exit Program. http://www.funkytoad.com/download/hoster.zip poste noch einmal die datfindbat, aber bitte alle 4 Logs __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich bin neu hier.
Ich habe mir wohl einen Trojaner oder Virus eingefangen namens hclean.
Virenprogramm (Antivir) erkennt zwar ein nicht zu öffnende Datei, aber kann sie nicht löschen.
Ich vermute, er verursacht, dass ich ständig auf Internet-Seiten verwiesen werde, die ich gar nicht angewählt habe.
Wer kann mir bitte helfen.
Danke im voraus.
Wolfgang2912