WORM/Alcra.B was kann man machen?

#0
04.10.2005, 20:36
...neu hier

Beiträge: 1
#1 Brauche dringend Hilfe mein Rechner ist nur noch Schrott kriege diesen Wurm nicht weg bitte um Hilfe! Mit Antivir klappts nicht, schmiert mir mittendrin jedesmal ab! Hier die logfile:

Logfile of HijackThis v1.99.1
Scan saved at 20:23:18, on 4.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
G:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\Programme\winupdates\winupdates.exe
G:\WINDOWS\System32\tcpsvcs.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\wdfmgr.exe
G:\WINDOWS\System32\alg.exe
G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
G:\Programme\Grisoft\AVG7\avgemc.exe
G:\Programme\AVPersonal\AVWUPSRV.EXE
G:\WINDOWS\explorer.exe
G:\Programme\Internet Explorer\iexplore.exe
G:\PROGRA~1\WINZIP\winzip32.exe
G:\Dokumente und Einstellungen\Discostation\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\programme\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [NVMixerTray] "G:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Zone Labs Client] G:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ATIPTA] G:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [MSConfig] G:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunServices: [Start Upping] taksmgr.exe
O4 - HKLM\..\RunServices: [blah service] evosys.exe
O4 - HKLM\..\RunServices: [Windows Driver] winxpdriver.exe
O4 - HKLM\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O4 - HKLM\..\RunServices: [start uploading] crsss.exe
O4 - HKLM\..\RunServices: [MSN Messengerd] cxe.exe
O4 - HKLM\..\RunServices: [M11cr00s0ft-S3rcUr1ty] syscifg.exe
O4 - HKCU\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O8 - Extra context menu item: &Google Search - res://G:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://G:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://G:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://G:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - G:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - G:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: G:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76C4B1EC-65A7-46CC-9D1F-95C5AB3F3DDD}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFE01E62-715B-4FDC-B72F-7E68A5E1A5CC}: NameServer = 195.95.218.18 85.255.112.11
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Unterbrechungsfreie Stromversorgung (UPS) - Unknown owner - G:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
Seitenanfang Seitenende
04.10.2005, 21:17
Moderator

Beiträge: 7805
#2 Antivir sollten den im Abgesicherten Modus loeschen koennen.

Kopiere Hijackthis bitte in einen extra Ordner, state es dort und fixe im abgesicherten Modus auch gleich das hier mit:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O4 - HKLM\..\RunServices: [NDIS Adapter]] ndis.exe
O4 - HKLM\..\RunServices: [Start Upping] taksmgr.exe
O4 - HKLM\..\RunServices: [blah service] evosys.exe
O4 - HKLM\..\RunServices: [Windows Driver] winxpdriver.exe
O4 - HKLM\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O4 - HKLM\..\RunServices: [start uploading] crsss.exe
O4 - HKLM\..\RunServices: [MSN Messengerd] cxe.exe
O4 - HKLM\..\RunServices: [M11cr00s0ft-S3rcUr1ty] syscifg.exe
O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76C4B1EC-65A7-46CC-9D1F-95C5AB3F3DDD}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFE01E62-715B-4FDC-B72F-7E68A5E1A5CC}: NameServer = 195.95.218.18 85.255.112.11
O23 - Service: Unterbrechungsfreie Stromversorgung (UPS) - Unknown owner - G:\WINDOWS\System32\ups.exe (file missing)

Nach dem ganzen starte neu, gehe ins Internet, erzeuge ein neues hijackthis log und poste es hier
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
04.10.2005, 21:29
...neu hier

Beiträge: 1
#3 hey
n freund von mir hat gesagt ihr koennt mir hier helfen :)
ich hab seit einigen tagen den worm alcra.b
und hab mir grad eben ein logfile erstellt





Logfile of HijackThis v1.99.1
Scan saved at 21:27:56, on 04.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp WinStyler\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\avmclient\bluefritz.exe
C:\Programme\avmclient\AvmObex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\FRITZ!DSL\Awatch.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\avmclient\AvmObex.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Programme\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\avmclient\avmbtservice.exe
C:\Programme\avmclient\panapp.exe
C:\Programme\avmclient\AvmObexService.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\alg.exe
C:\Programme\Miranda IM\miranda32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\andré\Desktop\zeug\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Programme\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe
O4 - HKLM\..\Run: [AVMBLUEOBEX] C:\Programme\avmclient\AvmObex.exe -pushclient -ftpclient
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WinUpdate] C:\cmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programme\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ares] "C:\Programme\Ares\Ares.exe" -h
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C374F05-BCC6-4FE6-855F-9F10F4EF4F62}: NameServer = 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C374F05-BCC6-4FE6-855F-9F10F4EF4F62}: NameServer = 10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C374F05-BCC6-4FE6-855F-9F10F4EF4F62}: NameServer = 10.0.0.1
O18 - Protocol: bw+0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9AD28F21-1D43-44E5-830B-ED758BCAB285} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM BT Connection Service - AVM Berlin - C:\Programme\avmclient\avmbtservice.exe
O23 - Service: AVM BT PAN Service - AVM Berlin - C:\Programme\avmclient\panapp.exe
O23 - Service: AVM BT OBEX Service (AvmObexService) - AVM Berlin - C:\Programme\avmclient\AvmObexService.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp WinStyler\WinStylerThemeSvc.exe

was muss ich damit nun machn ?
cYa
Seitenanfang Seitenende
04.10.2005, 21:40
Moderator

Beiträge: 7805
#4 Hi d0pe,

eroeffne bitte einen eigenen Thread, sonst wird das so extrem unuebersichtlich.

Du kannst ja schon mal mit Adaware und Spybot vorarbeit leisten!;)
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: