Wurm oder Virus oder Trojaner Worm/Alcra.BThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
09.10.2005, 01:34
Ehrenmitglied
Beiträge: 29434 |
||
|
||
09.10.2005, 13:50
...neu hier
Beiträge: 6 |
#17
---------------------------------------------------------
ewido security suite - Scan Report --------------------------------------------------------- + Erstellt am: 13:48:47, 09.10.2005 + Report-Checksumme: 37DBDE58 + Scanergebnis: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Gesäubert mit Backup HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Gesäubert mit Backup HKU\S-1-5-21-1004336348-1220945662-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Gesäubert mit Backup HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Fehler beim Säubern C:\Programme\themexp\Themexp.org File\HLsetup2.exe -> TrojanDownloader.Small.bke : Gesäubert mit Backup C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Gesäubert mit Backup ::Report Ende soweit hab ich das jetzt alles gemacht, ich hab bei dem virusscann auf löschen gedrückt, hoffe war nicht falsch. lg maverik |
|
|
||
09.10.2005, 14:53
Ehrenmitglied
Beiträge: 29434 |
#18
Maverik
dann muesste nun alles wieder in schoenster Ordnung sein Poste bitte das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.10.2005, 14:50
...neu hier
Beiträge: 6 |
#19
hi du :-)
hier das neue lod von hitschitatschi, hab heut noch mal den scanner durchlaufen lassen, da zeigt er mir nur normal cookis an die ich dann im scanner lösche, danach neuer durchlauf ist das weg. schreib mir mal ob rein vom logischen her nun wieder alles gut ist. bye Maverik PS: vielen lieben dank an dich !!! Logfile of HijackThis v1.99.0 Scan saved at 14:47:50, on 10.10.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\ewido\security suite\ewidoctrl.exe C:\Programme\ewido\security suite\ewidoguard.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\HP\HP Software Update\HPWuSchd.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe C:\Programme\Winamp\winampa.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Messenger\msmsgs.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.exe C:\Programme\FRITZ!\IWatch.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Maverik\Eigene Dateien\Installprogramme\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CorelCorelDRAW10 Reminder] "C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Programme\Corel\Graphics10\Register\NavLoad.ini" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128556447671 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{196077C0-C017-444F-8EFD-E36918F12678}: NameServer = 217.237.151.33 217.237.149.225 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe O23 - Service: StyleXPService - Unknown - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe |
|
|
||
10.10.2005, 16:09
Ehrenmitglied
Beiträge: 29434 |
#20
Maverik
du solltest unbedingt die WindowsUpdates machen, also SP2 laden, sonst wirst du hier mit dem hitschitatschi noch dauerkunde (und bitte auch keine Per2Per-Programme benutzen) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.10.2005, 15:06
...neu hier
Beiträge: 3 |
#21
Hallo Sabina
hier mein Scan Report --------------------------------------------------------- ewido security suite - Prozess Report --------------------------------------------------------- + Erstellt am: 14:49:08, 12.10.2005 + Report-Checksumme: D7556B66 0: System Process 8: System Process 144: \SystemRoot\System32\smss.exe 172: \??\C:\WINNT\system32\csrss.exe 192: \??\C:\WINNT\system32\winlogon.exe 220: C:\WINNT\system32\services.exe 232: C:\WINNT\system32\lsass.exe 416: C:\WINNT\system32\svchost.exe 448: C:\Programme\ewido\security suite\ewidoguard.exe 456: C:\WINNT\system32\spoolsv.exe 508: C:\Programme\AVPersonal\AVWUPSRV.EXE 528: C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe 540: C:\WINNT\System32\svchost.exe 576: C:\WINNT\system32\ircomm2k.exe 600: C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe 704: C:\Programme\ewido\security suite\ewidoctrl.exe 712: C:\WINNT\system32\regsvc.exe 736: C:\WINNT\system32\MSTask.exe 752: C:\WINNT\system32\stisvc.exe 808: C:\WINNT\System32\WBEM\WinMgmt.exe 824: C:\WINNT\System32\mspmspsv.exe 856: C:\WINNT\system32\svchost.exe 1060: C:\WINNT\Explorer.EXE 1076: D:\Office10\WINWORD.EXE 1160: C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE 1168: C:\WINNT\system32\atiptaxx.exe 1184: C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe 1192: D:\Uwe\Winamp\winampa.exe 1196: C:\Programme\Internet Explorer\IEXPLORE.EXE 1200: C:\Programme\FRITZ!DSL\StCenter.exe 1220: C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe 1240: C:\PROGRA~1\MediaKey\MediaKey.EXE 1252: C:\WINNT\system32\ctfmon.exe 1288: C:\Programme\WinZip\WZQKPICK.EXE 1300: C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe 1308: C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE 1348: C:\Programme\ewido\security suite\SecuritySuite.exe gruss ajnom |
|
|
||
12.10.2005, 15:13
Ehrenmitglied
Beiträge: 29434 |
#22
ajnom
das ist doch nicht dein Thread ????? Was soll das Durcheinander? http://board.protecus.de/t19358-3.htm dann ist es auch nicht der Scanreport vom ewido (der scanreport zeigt an, was alles entfernt wurde) Also poste bitte den korrekten Scanreport (und nicht den Prozess Report ), aber bitte in deinen Thread. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.10.2005, 22:07
...neu hier
Beiträge: 3 |
#23
ich hab mir glaube ich auch so einen tollen wurm eingefangen, jedenfalls hat mein anti vir garnicht mehr auf zu piepen vor WORM/Alcra.B Funden.
Jetzt muss ich ja glaube ich meinen logfile vom HijackThis posten, oder? Logfile of HijackThis v1.99.1 Scan saved at 21:52:20, on 24.10.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\TrayIcon.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Winamp\winampa.exe C:\Programme\Softwin\BitDefender Free Edition\bdnagent.exe C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Creative\Shared Files\Media Sniffer\MtdAcq.EXE C:\Programme\Antivirl\AVWUPSRV.EXE C:\WINDOWS\System32\CTSvcCDA.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\Programme\Softwin\BitDefender Free Edition\bdmcon.exe C:\Programme\Antivirl\AVGNT.EXE C:\WINDOWS\System32\notepad.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Sämy\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender Free Edition\bdnagent.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MtdAcq] C:\Programme\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O4 - Global Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105911745839 O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - file://c:\x.cab O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/14/en/SysWebTelecomInt.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.power-url.de/InstallationsAssistent.ocx O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Antivirl\AVWUPSRV.EXE O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe Ich hoffe hier kann jemand was damit anfangen und mir unwissendem User helfen. Vielen Dank schon mal karlchen |
|
|
||
25.10.2005, 00:12
Ehrenmitglied
Beiträge: 29434 |
#24
Hallo karlchen84
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O4 - HKCU\..\Run: [MtdAcq] C:\Programme\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - file://c:\x.cab O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/14/en/SysWebTelecomInt.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.power-url.de/InstallationsAssistent.ocx O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing) PC neustarten deinstalliere: MyWay SearchUpgrader KILLBOX http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\netstat.com C:\WINDOWS\system32\ping.com c:\x.cab C:\WINDOWS\system32\regedit.com C:\WINDOWS\system32\tasklist.com C:\WINDOWS\system32\taskkill.com C:\WINDOWS\system32\taskmgr.com C:\WINDOWS\system32\tracert.com C:\WINDOWS\system32\bszip.dll PC neustarten loesche: C:\Programme\Common files\SearchUpgrader C:\Programme\MyWay scanne mit ewido http://virus-protect.org/ewido.html counterspy http://virus-protect.org/counterspy.html Klicke: "Run a Spyware Scan Now" - nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.10.2005, 20:21
...neu hier
Beiträge: 3 |
#25
Spyware Scan Details
Start Date: 25.10.2005 21:36:28 End Date: 25.10.2005 22:10:48 Total Time: 34 mins 20 secs Detected spyware CommonName Search Hijacker more information... Details: CommonName is a 'keywords' service, allowing one to enter simple names insatead of URLs. After its original release, the software has become a complicated (and sometimes buggy) search-hijacker and adware, aggressively bundled with many third-party ap Status: Deleted Altnet Browser Plug-in more information... Details: Topsearch is a .dll file that acts as a search engine and runs inside Internet Explorer as a Browser helper Object (BHO). It can supply advertising content to KaZaA users. Status: Deleted Infected files detected c:\windows\temp\altnet\admdata.dll c:\windows\temp\altnet\dminfo3.cab c:\windows\temp\altnet\dminstall7.cab c:\windows\temp\altnet\mysearch.cab c:\windows\temp\altnet\pminstall.cab c:\windows\temp\altnet\setup.cab Bullguard Popup Adware more information... Details: The BullGuard pop-up delivers advertisements to your computer for BullGuard’s anti-virus program. Status: Deleted Infected files detected c:\windows\temp\bullguard\bulldownload.exe Claria.GAIN Adware more information... Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time. Status: Deleted Infected files detected c:\windows\gatorpdpsetup.log c:\windows\gatoruninstaller_cme.log c:\windows\gatoruninstaller_cme_u.log Twain Tech Adware more information... Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user’s browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads. Status: Deleted Infected files detected c:\windows\smdat32a.sys c:\windows\smdat32m.sys KaZaA P2P more information... Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer. Status: Deleted Infected files detected C:\WINDOWS\Temp\BullGuard\bulldownload.exe Infected registry entries detected HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}\TreatAs {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0 My Way Speedbar Browser Plug-in more information... Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC} myBar Installer2 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.NetscapeStartup.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.NetscapeStartup HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC} myBarNetscapeStartup Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.SettingsPlugin.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.SettingsPlugin HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC} My Way Settings HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac}\InprocServer32 C:\WINDOWS\System32\shdocvw.dll HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac}\Instance\InitPropertyBag Url res://C:\PROGRA~1\MyWay\myBar\1.bin\MYBAR.DLL/105 HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac}\Instance CLSID {4D5C8C2A-D075-11d0-B416-00C04FB90376} HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac} My Search Bar Quick View HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\0\win32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\HELPDIR C:\Programme\MyWay\myBar\1.bin\ HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0 Toolbar 1.0 Type Library HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeStartup HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeShutdown HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.NetscapeShutdown.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.NetscapeShutdown HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC} myBarNetscapeShutdown Class HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner bitmap C:\Programme\MyWay\myBar\1.bin\partner.bmp HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner name Altnet Points Manager HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Dir C:\Programme\MyWay\myBar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ShzmCurInstall 3 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar pid KG HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar strings |SuchLeiste|abgerufen...|Offline-Browsing aktivieren|Schaltflächen immer in Farbe|SuchLeiste Version|Suche|Meine Suche|Bearbeiten|Schaltflächen für Meine Suche werden abgerufen|Meine SuchLeiste - jetzt noch HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar sr 16 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Id 5631E2B7-EF16-4D41-B095-A13B6698399F HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Build 173.57736 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CacheDir C:\Programme\MyWay\myBar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HistoryDir C:\Programme\MyWay\myBar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Visible 0 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar SettingsDir C:\Programme\MyWay\myBar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevision 39 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevisionURL http://kg.barcfg.myway.com/speedbar/mySpeedbarCfg2.jsp?s=al2&p=KG HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigDateStamp 2004102515 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Maximized 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC} myBar IE Installer HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown\CLSID {0494D0D5-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown\CurVer MyWayToolBar.NetscapeShutdown.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown myBarNetscapeShutdown Class HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup\CLSID {0494D0D7-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup\CurVer MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup myBarNetscapeStartup Class HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1\CLSID {0494D0D5-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1 myBarNetscapeShutdown Class HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1\CLSID {0494D0D7-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1 myBarNetscapeStartup Class HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0 HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC} myBar Installer2 HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.NetscapeShutdown.1 HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.NetscapeShutdown HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC} myBarNetscapeShutdown Class HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.NetscapeStartup HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC} myBarNetscapeStartup Class HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0 HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.SettingsPlugin HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC} My Way Settings HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0 HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC} myBar IE Installer HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1\CLSID {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1 My Way Settings Plugin HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin\CLSID {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin\CurVer MyWayToolBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin My Way Settings Plugin DownloadWare Adware more information... Details: DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. It may be installed through an ActiveX control. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} IMyWaySettings HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac} HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac} _IMyWaySettingsEvents MediaTickets CDT Spyware more information... Details: Mediatickets is a spyware program that displays advertisements, reduces the security settings for the Trusted Sites zone in Internet Explorer, and attempts to fraudulently install trusted publishers. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx Cok.PriceBandit Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@apmebf[2].txt CGI-Bin Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@cgi-bin[1].txt c:\dokumente und einstellungen\sämy\cookies\sämy@cgi-bin[2].txt c:\dokumente und einstellungen\sämy\cookies\sämy@cgi-bin[3].txt c:\dokumente und einstellungen\sämy\cookies\sämy@cgi-bin[4].txt c:\dokumente und einstellungen\sämy\cookies\sämy@cgi-bin[5].txt c:\dokumente und einstellungen\sämy\cookies\sämy@cgi-bin[7].txt cookie.monster Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@cookie.monster[1].txt Desktop.kazaa.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@desktop.kazaa[1].txt FortuneCity.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@fortunecity[2].txt GeoCities Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@geocities[2].txt goClick.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@goclick[1].txt IndexTools.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@indextools[2].txt Desktop Spy Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@list[1].txt Cok.AssasinTrojan2.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@main[1].txt maxserving Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@maxserving[2].txt RealMedia.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@realmedia[2].txt ClickTracks Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@stats1.clicktracks[2].txt Tracking.ThunderDownloads.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@tracking.thunderdownloads[1].txt Tracking.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@tracking[2].txt Tripod Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@tripod[1].txt WindowsMedia Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@windowsmedia[1].txt Cok.Webstat Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@www.web-stat[1].txt Ajan 1.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@xiti[1].txt Zedo Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sämy\cookies\sämy@zedo[2].txt war das so richtig??? hab ich jetzt nichts mehr drauf? fragt sich karlchen Dieser Beitrag wurde am 25.10.2005 um 22:59 Uhr von karlchen84 editiert.
|
|
|
||
26.10.2005, 00:13
Ehrenmitglied
Beiträge: 29434 |
#26
es sieht gut aus.....
Tuneup 2006 http://virus-protect.org/reinigungstoolsregistry.html Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.10.2005, 15:12
...neu hier
Beiträge: 3 |
#27
hallo...ich hab ein ganz dickes problem...ich kenne mich absolut nicht mit computern aus und jetzt macht der einfach so faxen und mein antivirenprogramm sagt ich hab so nen komischen worm/alcra.b. ich hab hier ein wenig rum gelesen und bin auch schon so weit das ich hier meine hijackThis daten geben kann..helft mir bitte!!!schritt für schritt wenns irgendwie geht...DANKE!!
Logfile of HijackThis v1.99.1 Scan saved at 15:01:20, on 26.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Programme\TOSHIBA\E-KEY\CeEKey.exe C:\Programme\QuickTime\qttask.exe C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe C:\WINDOWS\vsnpstd.exe C:\Programme\SurfAccuracy\SAcc.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe C:\Programme\T-DSL SpeedManager\tsmsvc.exe C:\Programme\eMule++\eMule.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE C:\Programme\WinRAR\WinRAR.exe C:\Dokumente und Einstellungen\Pimp\Desktop\hijackthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = t-online.de R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: T1 - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\PROGRA~1\LANGEN~1.0\Engine\mte\StdAlone\T1IE.dll O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WeatherCast] "C:\Programme\WeatherCast\Weather.exe" /q O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Sitecom USB Wireless LAN Utility.lnk = C:\Programme\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: eBay - {8EE5046C-394B-4CB7-A3F8-253BE8BB60BD} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU) O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/WebsiteAccess/ie/bridge-c9.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Marmiko ZeroConfig Controller (MZCCntrl) - Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
||
26.10.2005, 18:11
Ehrenmitglied
Beiträge: 29434 |
#28
Hallo@jeanny
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no fi O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/WebsiteAccess/ie/bridge-c9.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab PC neustarten KILLBOX http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: C\Windows\System32\cmd.com C\Windows\System32\bszip.dll C\Windows\System32\netstat.com C\Windows\System32\ping.com C\Windows\System32\regedit.com C\Windows\System32\taskkill.com C\Windows\System32\tasklist.com C\Windows\System32\tracert.com und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" PC neustarten KILLBOX DelTree (include SubDirectories) Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories). Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht. C:\Programme\SurfAccuracy PC neustarten ewido (scanne und kopiere dann hier den scanbericht) http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.10.2005, 18:51
...neu hier
Beiträge: 3 |
#29
Mille, mille grazie Sabina,
ich bin dir sehr dankbar, dass du aus dem Dateidschungel anscheinend die richtigen rausgesucht hast und ich so diesen Wurm wieder runterbekommen habe. sonnigst karlchen |
|
|
||
29.10.2005, 10:48
...neu hier
Beiträge: 2 |
#30
hallo sabina
ich hab das alles schön verfolg aber bin dann beim eigenversuch gescheitert :-/ na ja zumindestens kann ich mal meinen hijackthis präsentieren, da ich leider diesen tollen wurm drauf habe,..... hoffe um hilfe!!!! danke danke Logfile of HijackThis v1.99.1 Scan saved at 09:29:18, on 30.10.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\Logitech\iTouch\iTouch.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\BearShare\BearShare.exe C:\Programme\Winamp\winampa.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\Dienstprogramm ZyAIR USB\ZyAIR.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\System32\LVComS.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Quasimodo\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [winupdates] C:\Programme\winupdates\winupdates.exe /auto O4 - HKLM\..\Run: [Outpost Firewall] "C:\Programme\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LDM] \Program\ O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Programme\Spyware Cleaner\SpywareCleaner.Exe" /boot O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: ZyAIR USB.lnk = C:\Programme\Dienstprogramm ZyAIR USB\ZyAIR.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0 O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.serviceurl.de/InstallationsAssistent.ocx O18 - Protocol: bw+0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SpywareCleanerService - Unknown owner - C:\Programme\Spyware Cleaner\SCService.exe (file missing) |
|
|
||
lade:
LSPfix.exe
http://www.spychecker.com/program/lspfix.html
http://virus-protect.org/lspfix.html
hake an: "I know what Im doing"
und loesche die newdotnet6_90.dll
(eventuell musst du die dll von links nach rechts bringen) --> Remove
öffne das HijackThis-- Button "scan" -- Häkchen setzen -- Button "Fix checked" -- PC neustarten
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_90.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
PC neustarten
Deinstallieren:
"Start -> Einstellungen -> Systemsteuerung -> Software" -->New.net
CCleaner -- loesche alle *temp-Datein
http://virus-protect.org/temp.html
Ewido (scannen)-->kopiere dann den Scanreport ab und poste ihn hier
http://virus-protect.org/ewido.html
__________
MfG Sabina
rund um die PC-Sicherheit