Wurm oder Virus oder Trojaner Worm/Alcra.B

Thema ist geschlossen!
Thema ist geschlossen!
#0
09.10.2005, 01:34
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#16 Maverik

lade:
LSPfix.exe
http://www.spychecker.com/program/lspfix.html
http://virus-protect.org/lspfix.html

hake an: "I know what Im doing"
und loesche die newdotnet6_90.dll
(eventuell musst du die dll von links nach rechts bringen) --> Remove

öffne das HijackThis-- Button "scan" -- Häkchen setzen -- Button "Fix checked" -- PC neustarten

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_90.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

PC neustarten

Deinstallieren:
"Start -> Einstellungen -> Systemsteuerung -> Software" -->New.net

CCleaner -- loesche alle *temp-Datein
http://virus-protect.org/temp.html

Ewido (scannen)-->kopiere dann den Scanreport ab und poste ihn hier ;)
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.10.2005, 13:50
...neu hier

Beiträge: 6
#17 ---------------------------------------------------------
ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 13:48:47, 09.10.2005
+ Report-Checksumme: 37DBDE58

+ Scanergebnis:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Gesäubert mit Backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Gesäubert mit Backup
HKU\S-1-5-21-1004336348-1220945662-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Gesäubert mit Backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Fehler beim Säubern
C:\Programme\themexp\Themexp.org File\HLsetup2.exe -> TrojanDownloader.Small.bke : Gesäubert mit Backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Gesäubert mit Backup


::Report Ende

soweit hab ich das jetzt alles gemacht, ich hab bei dem virusscann auf löschen gedrückt, hoffe war nicht falsch.

lg maverik
Seitenanfang Seitenende
09.10.2005, 14:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#18 Maverik

dann muesste nun alles wieder in schoenster Ordnung sein ;)
Poste bitte das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.10.2005, 14:50
...neu hier

Beiträge: 6
#19 hi du :-)

hier das neue lod von hitschitatschi, hab heut noch mal den scanner durchlaufen lassen, da zeigt er mir nur normal cookis an die ich dann im scanner lösche, danach neuer durchlauf ist das weg.
schreib mir mal ob rein vom logischen her nun wieder alles gut ist. bye Maverik

PS: vielen lieben dank an dich !!!

Logfile of HijackThis v1.99.0
Scan saved at 14:47:50, on 10.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\FRITZ!\IWatch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Maverik\Eigene Dateien\Installprogramme\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CorelCorelDRAW10 Reminder] "C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Programme\Corel\Graphics10\Register\NavLoad.ini"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128556447671
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{196077C0-C017-444F-8EFD-E36918F12678}: NameServer = 217.237.151.33 217.237.149.225
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: StyleXPService - Unknown - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
Seitenanfang Seitenende
10.10.2005, 16:09
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#20 Maverik

du solltest unbedingt die WindowsUpdates machen, also SP2 laden, sonst wirst du hier mit dem hitschitatschi ;) noch dauerkunde (und bitte auch keine Per2Per-Programme benutzen)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
12.10.2005, 15:06
...neu hier

Beiträge: 3
#21 Hallo Sabina
hier mein Scan Report
---------------------------------------------------------
ewido security suite - Prozess Report
---------------------------------------------------------

+ Erstellt am: 14:49:08, 12.10.2005
+ Report-Checksumme: D7556B66

0: System Process
8: System Process
144: \SystemRoot\System32\smss.exe
172: \??\C:\WINNT\system32\csrss.exe
192: \??\C:\WINNT\system32\winlogon.exe
220: C:\WINNT\system32\services.exe
232: C:\WINNT\system32\lsass.exe
416: C:\WINNT\system32\svchost.exe
448: C:\Programme\ewido\security suite\ewidoguard.exe
456: C:\WINNT\system32\spoolsv.exe
508: C:\Programme\AVPersonal\AVWUPSRV.EXE
528: C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
540: C:\WINNT\System32\svchost.exe
576: C:\WINNT\system32\ircomm2k.exe
600: C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
704: C:\Programme\ewido\security suite\ewidoctrl.exe
712: C:\WINNT\system32\regsvc.exe
736: C:\WINNT\system32\MSTask.exe
752: C:\WINNT\system32\stisvc.exe
808: C:\WINNT\System32\WBEM\WinMgmt.exe
824: C:\WINNT\System32\mspmspsv.exe
856: C:\WINNT\system32\svchost.exe
1060: C:\WINNT\Explorer.EXE
1076: D:\Office10\WINWORD.EXE
1160: C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
1168: C:\WINNT\system32\atiptaxx.exe
1184: C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
1192: D:\Uwe\Winamp\winampa.exe
1196: C:\Programme\Internet Explorer\IEXPLORE.EXE
1200: C:\Programme\FRITZ!DSL\StCenter.exe
1220: C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
1240: C:\PROGRA~1\MediaKey\MediaKey.EXE
1252: C:\WINNT\system32\ctfmon.exe
1288: C:\Programme\WinZip\WZQKPICK.EXE
1300: C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
1308: C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
1348: C:\Programme\ewido\security suite\SecuritySuite.exe
gruss
ajnom
Seitenanfang Seitenende
12.10.2005, 15:13
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#22 ajnom

das ist doch nicht dein Thread ????? Was soll das Durcheinander?
http://board.protecus.de/t19358-3.htm

dann ist es auch nicht der Scanreport vom ewido (der scanreport zeigt an, was alles entfernt wurde)
Also poste bitte den korrekten Scanreport (und nicht den Prozess Report ), aber bitte in deinen Thread.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.10.2005, 22:07
...neu hier

Beiträge: 3
#23 ich hab mir glaube ich auch so einen tollen wurm eingefangen, jedenfalls hat mein anti vir garnicht mehr auf zu piepen vor WORM/Alcra.B Funden.
Jetzt muss ich ja glaube ich meinen logfile vom HijackThis posten, oder?

Logfile of HijackThis v1.99.1
Scan saved at 21:52:20, on 24.10.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\TrayIcon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Softwin\BitDefender Free Edition\bdnagent.exe
C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Programme\Antivirl\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender Free Edition\bdmcon.exe
C:\Programme\Antivirl\AVGNT.EXE
C:\WINDOWS\System32\notepad.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Sämy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender Free Edition\bdnagent.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MtdAcq] C:\Programme\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105911745839
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - file://c:\x.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/14/en/SysWebTelecomInt.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.power-url.de/InstallationsAssistent.ocx
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Antivirl\AVWUPSRV.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

Ich hoffe hier kann jemand was damit anfangen und mir unwissendem User helfen.

Vielen Dank schon mal
karlchen
Seitenanfang Seitenende
25.10.2005, 00:12
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#24 Hallo karlchen84

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKCU\..\Run: [MtdAcq] C:\Programme\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - file://c:\x.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/14/en/SysWebTelecomInt.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.power-url.de/InstallationsAssistent.ocx
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)

PC neustarten

deinstalliere:
MyWay
SearchUpgrader

KILLBOX
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
c:\x.cab
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\bszip.dll

PC neustarten


loesche:
C:\Programme\Common files\SearchUpgrader
C:\Programme\MyWay

scanne mit ewido
http://virus-protect.org/ewido.html

counterspy
http://virus-protect.org/counterspy.html
Klicke: "Run a Spyware Scan Now"
- nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.10.2005, 20:21
...neu hier

Beiträge: 3
#25 Spyware Scan Details
Start Date: 25.10.2005 21:36:28
End Date: 25.10.2005 22:10:48
Total Time: 34 mins 20 secs

Detected spyware

CommonName Search Hijacker more information...
Details: CommonName is a 'keywords' service, allowing one to enter simple names insatead of URLs. After its original release, the software has become a complicated (and sometimes buggy) search-hijacker and adware, aggressively bundled with many third-party ap
Status: Deleted


Altnet Browser Plug-in more information...
Details: Topsearch is a .dll file that acts as a search engine and runs inside Internet Explorer as a Browser helper Object (BHO). It can supply advertising content to KaZaA users.
Status: Deleted

Infected files detected
c:\windows\temp\altnet\admdata.dll
c:\windows\temp\altnet\dminfo3.cab
c:\windows\temp\altnet\dminstall7.cab
c:\windows\temp\altnet\mysearch.cab
c:\windows\temp\altnet\pminstall.cab
c:\windows\temp\altnet\setup.cab


Bullguard Popup Adware more information...
Details: The BullGuard pop-up delivers advertisements to your computer for BullGuard’s anti-virus program.
Status: Deleted

Infected files detected
c:\windows\temp\bullguard\bulldownload.exe


Claria.GAIN Adware more information...
Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time.
Status: Deleted

Infected files detected
c:\windows\gatorpdpsetup.log
c:\windows\gatoruninstaller_cme.log
c:\windows\gatoruninstaller_cme_u.log


Twain Tech Adware more information...
Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user’s browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads.
Status: Deleted

Infected files detected
c:\windows\smdat32a.sys
c:\windows\smdat32m.sys


KaZaA P2P more information...
Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer.
Status: Deleted

Infected files detected
C:\WINDOWS\Temp\BullGuard\bulldownload.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}\TreatAs {0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0


My Way Speedbar Browser Plug-in more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC} myBar Installer2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.NetscapeStartup.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.NetscapeStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC} myBarNetscapeStartup Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.SettingsPlugin.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.SettingsPlugin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC} My Way Settings
HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac}
HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac}\InprocServer32 C:\WINDOWS\System32\shdocvw.dll
HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac}\Instance\InitPropertyBag Url res://C:\PROGRA~1\MyWay\myBar\1.bin\MYBAR.DLL/105
HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac}\Instance CLSID {4D5C8C2A-D075-11d0-B416-00C04FB90376}
HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac} My Search Bar Quick View
HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}
HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\0\win32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\HELPDIR C:\Programme\MyWay\myBar\1.bin\
HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0 Toolbar 1.0 Type Library
HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}
HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeStartup
HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}
HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeShutdown
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.NetscapeShutdown.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.NetscapeShutdown
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC} myBarNetscapeShutdown Class
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner bitmap C:\Programme\MyWay\myBar\1.bin\partner.bmp
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner name Altnet Points Manager
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Dir C:\Programme\MyWay\myBar\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ShzmCurInstall 3
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar pid KG
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar strings |SuchLeiste|abgerufen...|Offline-Browsing aktivieren|Schaltflächen immer in Farbe|SuchLeiste Version|Suche|Meine Suche|Bearbeiten|Schaltflächen für Meine Suche werden abgerufen|Meine SuchLeiste - jetzt noch
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar sr 16
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Id 5631E2B7-EF16-4D41-B095-A13B6698399F
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Build 173.57736
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CacheDir C:\Programme\MyWay\myBar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HistoryDir C:\Programme\MyWay\myBar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Visible 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar SettingsDir C:\Programme\MyWay\myBar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevision 39
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevisionURL http://kg.barcfg.myway.com/speedbar/mySpeedbarCfg2.jsp?s=al2&p=KG
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigDateStamp 2004102515
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Maximized 1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC} myBar IE Installer
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown\CLSID {0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown\CurVer MyWayToolBar.NetscapeShutdown.1
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown myBarNetscapeShutdown Class
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup\CLSID {0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup\CurVer MyWayToolBar.NetscapeStartup.1
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup myBarNetscapeStartup Class
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1\CLSID {0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1 myBarNetscapeShutdown Class
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1\CLSID {0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1 myBarNetscapeStartup Class
HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC} myBar Installer2
HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.NetscapeShutdown.1
HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.NetscapeShutdown
HKEY_CLASSES_ROOT\clsid\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC} myBarNetscapeShutdown Class
HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.NetscapeStartup.1
HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.NetscapeStartup
HKEY_CLASSES_ROOT\clsid\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC} myBarNetscapeStartup Class
HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.SettingsPlugin
HKEY_CLASSES_ROOT\clsid\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC} My Way Settings
HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC} myBar IE Installer
HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1\CLSID {0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1 My Way Settings Plugin
HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin
HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin\CLSID {0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin\CurVer MyWayToolBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin My Way Settings Plugin


DownloadWare Adware more information...
Details: DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. It may be installed through an ActiveX control.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}
HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} IMyWaySettings
HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}
HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac} _IMyWaySettingsEvents


MediaTickets CDT Spyware more information...
Details: Mediatickets is a spyware program that displays advertisements, reduces the security settings for the Trusted Sites zone in Internet Explorer, and attempts to fraudulently install trusted publishers.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx


Cok.PriceBandit Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@apmebf[2].txt


CGI-Bin Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@cgi-bin[1].txt
c:\dokumente und einstellungen\sämy\cookies\sämy@cgi-bin[2].txt
c:\dokumente und einstellungen\sämy\cookies\sämy@cgi-bin[3].txt
c:\dokumente und einstellungen\sämy\cookies\sämy@cgi-bin[4].txt
c:\dokumente und einstellungen\sämy\cookies\sämy@cgi-bin[5].txt
c:\dokumente und einstellungen\sämy\cookies\sämy@cgi-bin[7].txt


cookie.monster Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@cookie.monster[1].txt


Desktop.kazaa.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@desktop.kazaa[1].txt


FortuneCity.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@fortunecity[2].txt


GeoCities Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@geocities[2].txt


goClick.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@goclick[1].txt


IndexTools.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@indextools[2].txt


Desktop Spy Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@list[1].txt


Cok.AssasinTrojan2.0 Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@main[1].txt


maxserving Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@maxserving[2].txt


RealMedia.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@realmedia[2].txt


ClickTracks Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@stats1.clicktracks[2].txt


Tracking.ThunderDownloads.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@tracking.thunderdownloads[1].txt


Tracking.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@tracking[2].txt


Tripod Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@tripod[1].txt


WindowsMedia Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@windowsmedia[1].txt


Cok.Webstat Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@www.web-stat[1].txt


Ajan 1.0 Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@xiti[1].txt


Zedo Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\sämy\cookies\sämy@zedo[2].txt



war das so richtig??? hab ich jetzt nichts mehr drauf?
fragt sich karlchen
Dieser Beitrag wurde am 25.10.2005 um 22:59 Uhr von karlchen84 editiert.
Seitenanfang Seitenende
26.10.2005, 00:13
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#26 es sieht gut aus.....;)

Tuneup 2006
http://virus-protect.org/reinigungstoolsregistry.html
Cleanup repair -- TuneUp Diskcleaner
Cleanup repair -- Registry Cleaner
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
26.10.2005, 15:12
...neu hier

Beiträge: 3
#27 hallo...ich hab ein ganz dickes problem...ich kenne mich absolut nicht mit computern aus und jetzt macht der einfach so faxen und mein antivirenprogramm sagt ich hab so nen komischen worm/alcra.b. ich hab hier ein wenig rum gelesen und bin auch schon so weit das ich hier meine hijackThis daten geben kann..helft mir bitte!!!schritt für schritt wenns irgendwie geht...DANKE!!



Logfile of HijackThis v1.99.1
Scan saved at 15:01:20, on 26.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
C:\Programme\QuickTime\qttask.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\WINDOWS\vsnpstd.exe
C:\Programme\SurfAccuracy\SAcc.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\eMule++\eMule.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\Dokumente und Einstellungen\Pimp\Desktop\hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = t-online.de
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: T1 - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\PROGRA~1\LANGEN~1.0\Engine\mte\StdAlone\T1IE.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherCast] "C:\Programme\WeatherCast\Weather.exe" /q
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Sitecom USB Wireless LAN Utility.lnk = C:\Programme\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - {8EE5046C-394B-4CB7-A3F8-253BE8BB60BD} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/WebsiteAccess/ie/bridge-c9.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Marmiko ZeroConfig Controller (MZCCntrl) - Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Seitenanfang Seitenende
26.10.2005, 18:11
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#28 Hallo@jeanny

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no fi
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/WebsiteAccess/ie/bridge-c9.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

PC neustarten

KILLBOX
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken
reinkopieren:

C\Windows\System32\cmd.com
C\Windows\System32\bszip.dll
C\Windows\System32\netstat.com
C\Windows\System32\ping.com
C\Windows\System32\regedit.com
C\Windows\System32\taskkill.com
C\Windows\System32\tasklist.com
C\Windows\System32\tracert.com

und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

PC neustarten

KILLBOX
DelTree (include SubDirectories)
Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories).
Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht.

C:\Programme\SurfAccuracy

PC neustarten

ewido (scanne und kopiere dann hier den scanbericht)
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
26.10.2005, 18:51
...neu hier

Beiträge: 3
#29 Mille, mille grazie Sabina,

ich bin dir sehr dankbar, dass du aus dem Dateidschungel anscheinend die richtigen rausgesucht hast und ich so diesen Wurm wieder runterbekommen habe.

sonnigst
karlchen
Seitenanfang Seitenende
29.10.2005, 10:48
...neu hier

Beiträge: 2
#30 hallo sabina

ich hab das alles schön verfolg aber bin dann beim eigenversuch gescheitert :-/

na ja zumindestens kann ich mal meinen hijackthis präsentieren, da ich leider diesen tollen wurm drauf habe,.....

hoffe um hilfe!!!! danke danke

Logfile of HijackThis v1.99.1
Scan saved at 09:29:18, on 30.10.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\BearShare\BearShare.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Dienstprogramm ZyAIR USB\ZyAIR.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Quasimodo\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [winupdates] C:\Programme\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Programme\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Programme\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: ZyAIR USB.lnk = C:\Programme\Dienstprogramm ZyAIR USB\ZyAIR.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.serviceurl.de/InstallationsAssistent.ocx
O18 - Protocol: bw+0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Programme\Spyware Cleaner\SCService.exe (file missing)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: