Wurm oder Virus oder Trojaner Worm/Alcra.BThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
29.10.2005, 12:22
Member
Beiträge: 14 |
||
|
||
29.10.2005, 15:44
Ehrenmitglied
Beiträge: 29434 |
#32
Hallo@Lette
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O4 - HKLM\..\Run: [winupdates] C:\Programme\winupdates\winupdates.exe /auto O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.serviceurl.de/InstallationsAssistent.ocx O18 - Protocol: bw+0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {E258C51E-B40D-4C5C-BBB7-101513F20214} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll PC neustarten Loesche: mit der Killbox http://virus-protect.org/killbox.html C\Windows\System32\cmd.com C:\Programme\winupdates\winupdates.exe C\Windows\System32\netstat.com C\Windows\System32\ping.com C\Windows\System32\regedit.com C\Windows\System32\taskkill.com C\Windows\System32\tasklist.com C\Windows\System32\tracert.com C\Windows\System32\bszip.dll PC neustarten scanne mit Ewido - Virenscanner http://virus-protect.org/ewido.html dann solltest du unbedingt die WindowsUpdates machen...dein PC ist voellig ungeschuetzt __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.10.2005, 15:47
Ehrenmitglied
Beiträge: 29434 |
#33
Zitat dadomi posteteich finde unter deinem Namen (dadomi) keinen Thread, kannst du das Log vom HijackThis hier noch mal kopieren????? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.10.2005, 19:32
Member
Beiträge: 14 |
#34
Hier meine Logfile. Ich das Programm Ewido schon durchlaufen lassen.
Logfile of HijackThis v1.99.1 Scan saved at 19:32:55, on 29.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programme\ewido\security suite\ewidoctrl.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\ICQLite\ICQLite.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\Dokumente und Einstellungen\Dominik Mayer\Eigene Dateien\Unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mohrenbraeu.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll O2 - BHO: (no name) - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\programme\steganos internet anonym 2006\sia2006iep.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SIA2006] "C:\Programme\Steganos Internet Anonym 2006\SIA2006.exe" -boot O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Programme\Desktop Sidebar\sbhelp.dll/menuhandler.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: eZshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O9 - Extra 'Tools' menuitem: e-zshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097418447593 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
||
30.10.2005, 01:01
Ehrenmitglied
Beiträge: 29434 |
#35
Hallo@dadomi
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll O2 - BHO: (no name) - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Programme\Desktop Sidebar\sbhelp.dll/menuhandler.html O9 - Extra button: eZshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O9 - Extra 'Tools' menuitem: e-zshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) PC neustarten deinstallieren: Sidebar Zitat Loesche: mit der KillboxCCleaner (loesche alle temporaeren Dateien) http://virus-protect.org/temp.html TuneUp2006 http://virus-protect.org/reinigungstoolsregistry.html wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner scanne mit panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.10.2005, 09:57
Member
Beiträge: 14 |
#36
Was genau soll ich mit Panda scannen? My Computer, Festplatte, Dateien,...?
Ich scanne gerade den ganzen PC. Sidebar war schon deinstalliert. mfg dominik |
|
|
||
30.10.2005, 12:08
Ehrenmitglied
Beiträge: 29434 |
||
|
||
30.10.2005, 14:13
Member
Beiträge: 14 |
#38
Hier der Report:
Incident Status Location Adware:adware/savenow No disinfected Windows Registry Spyware:Spyware/LinkReplacer No disinfected C:\WINDOWS\system32\PreUninstallHL.exe mfg dominik |
|
|
||
30.10.2005, 14:45
Ehrenmitglied
Beiträge: 29434 |
#39
loesche also :
C:\WINDOWS\system32\PreUninstallHL.exe falls du es findest: miniclipGameLoader.dll dann muesste wieder alles in Ordnung sein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.10.2005, 15:20
Member
Beiträge: 14 |
||
|
||
30.10.2005, 17:57
Ehrenmitglied
Beiträge: 29434 |
#41
wie du willst, mit der Killbox oder manuell...aber geloescht muss es werden
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.10.2005, 18:00
...neu hier
Beiträge: 2 |
#42
hallo sabina
hat alles klasse geklappt, nur das mit der killbox nicht, weil der die datein nie gefunden hatte die ich ihm angegeben hatte. na ja und das mit dem updaten, ist leider so ne sache. er läuft aber wieder soweit und den blöden ungewünschten besucher hab ich auch nimmer drauf. danke mfg lette |
|
|
||
30.10.2005, 18:09
Member
Beiträge: 14 |
#43
Ich danke dir sehr Sabina. Kennst dich echt super mit der Materie aus.
Was hältst du von AntiVir? Sollte ich lieber wieder auf Norton Antivirus 2005 umsteigen? Das hätte ich auch zuhause. mfg Dominik |
|
|
||
30.10.2005, 18:30
Ehrenmitglied
Beiträge: 29434 |
#44
Hallo@dadomi
Antivirus ist o.k. , aber du solltest nur noch mit dem Firefox surfen http://virus-protect.org/ auf meiner Seite unten links , der button...dort kannst du den Browser laden. Stelle ihn als Standard ein, konfiguriere und pass auf, was du in Zukunft im Internet so laedst + Microsoft Windows Antispy http://virus-protect.org/ms.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.10.2005, 18:49
Member
Beiträge: 14 |
#45
Hallo Sabina.
Ich surfe seit einigen Monaten nur noch mit Firefox. Momentan habe ich die Mozilla Firefox 1.5 Beta 2 Version. Ich finde ihn viel besser als den IE. mfg Dominik |
|
|
||
Ich wäre sehr dankbar. Der Threadtitel ist: Bitte analysiert meine Logfile.
mfg
domi