Home » Viren, Trojaner & Malware Forum » 1600* infizierte Dateien mit Alcra.B » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

1600* infizierte Dateien mit Alcra.B

20.11.2005, 18:50

kabeljau434

...neu hier

Beiträge: 10

#1 Hallo liebe Leute,
hab ein arges Problem mit meinem sonst so liebem Computer,
und zwar finden ewido und antivir über 1600 infizierte Dateien,
als Ursache nennen sie den Worm AlcraB.
Hab HijackThis Log angefertigt see:

Logfile of HijackThis v1.99.1
Scan saved at 18:44:49, on 20.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nprotect.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Programme\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Microsoft Hardware\Mouse\point32.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\etb\pokapoka79.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rlvknlg.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\SecuritySuite.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\DOKUME~1\Basti\LOKALE~1\Temp\Rar$EX01.421\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=
400011&utm_content=l
eftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.preispiraten.de/cgi-bin/e/tracker_start_ie.pl?http://www.ebay.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_
id=400011&utm_content=left
nav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:3476/cgi-bin/ncgir.exe?menu/eth_index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [nTrayFw] C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Programme\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SystemService] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKLM\..\Run: [wrutuf] C:\WINDOWS\wrutuf.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Programme\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: A Note.lnk = C:\Programme\A Note\A Note.exe
O4 - Startup: Joint Operations Typhoon Rising Produktregistrierung.lnk = C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temp\{86F571DF-287A-455C-96E0-91F0C7C56660}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html
O8 - Extra context menu item: amazon Suche - C:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - C:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\Preispiraten\Preispiraten2\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Programme\Preispiraten\Preispiraten2\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: Google Suche - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe (file missing)
O9 - Extra button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105222152003
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CCB42CF-6C97-4C8D-B0B6-DF8AF78C3FD4}: NameServer = 192.168.1.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{802652B4-2658-4E5C-BF22-8CAC8809111F}: NameServer = 192.168.1.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{6CCB42CF-6C97-4C8D-B0B6-DF8AF78C3FD4}: NameServer = 192.168.1.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{6CCB42CF-6C97-4C8D-B0B6-DF8AF78C3FD4}: NameServer = 192.168.1.3
O18 - Protocol: bw+0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: app_filter - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\system32\nprotect.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

Also bitte bitte helft mir..
Vielen Dank im Vorraus schonmal,
Grüße Sebastian

21.11.2005, 12:57

Sabina

Ehrenmitglied

Beiträge: 29434

#2 kabeljau434

der PC ist voellig verseucht...du musst formatieren
Worm AlcraB ist hier nur das kleinere Uebel.....
__________
MfG Sabina

rund um die PC-Sicherheit

21.11.2005, 16:24

kabeljau434

...neu hier

Themenstarter

Beiträge: 10

#3 mhh Schei..., gibts da keine andere Möglichkeit?

21.11.2005, 18:18

Sabina

Ehrenmitglied

Beiträge: 29434

#4 schwierig....aber o.k....versuchen wir es mal

wende CleanUp an
http://www.virus-protect.org/cleanup.html

kopiere hier die 4 Textdateien
http://www.virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

22.11.2005, 17:21

kabeljau434

...neu hier

Themenstarter

Beiträge: 10

#5 Also hier jetzt der gewünschte Report, danke Sabina schonmal :-)

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E023-1AE7

Verzeichnis von C:\WINDOWS\system32

22.11.2005 17:11 40.875 nvapps.xml
22.11.2005 17:11 4 GVTunner.ref
22.11.2005 16:30 0 _nvidia_xxx_.log
18.11.2005 14:26 2.206 wpa.dbl
09.11.2005 20:16 926.241 model.dat
09.11.2005 20:16 53.248 silc_dll.dll
09.11.2005 20:16 729.088 LDPackage.dll
09.11.2005 20:12 0 nmp.log
04.11.2005 18:03 442.368 nvappbar.exe
04.11.2005 18:03 86.016 nvapi.dll
04.11.2005 18:03 35.328 nvcod.dll
04.11.2005 18:03 35.328 nvcodins.dll
04.11.2005 18:03 147.456 nvcolor.exe
04.11.2005 18:03 7.307.264 nvcpl.dll
04.11.2005 18:03 3.924.096 nv4_disp.dll
04.11.2005 18:03 16.356 nvdisp.nvu
04.11.2005 18:03 1.339.392 nvdspsch.exe
04.11.2005 18:03 573.440 nvhwvid.dll
04.11.2005 18:03 1.466.368 nview.dll
04.11.2005 18:03 229.376 nvmccs.dll
04.11.2005 18:03 45.056 nvmccsrs.dll
04.11.2005 18:03 86.016 nvmctray.dll
04.11.2005 18:03 425.984 keystone.exe
04.11.2005 18:03 5.394.432 nvoglnt.dll
04.11.2005 18:03 319.488 nvrsar.dll
04.11.2005 18:03 241.664 nvrscs.dll
04.11.2005 18:03 245.760 nvrsda.dll
04.11.2005 18:03 270.336 nvrsde.dll
04.11.2005 18:03 274.432 nvrsel.dll
04.11.2005 18:03 241.664 nvrseng.dll
04.11.2005 18:03 274.432 nvrses.dll
04.11.2005 18:03 266.240 nvrsesm.dll
04.11.2005 18:03 241.664 nvrsfi.dll
04.11.2005 18:03 278.528 nvrsfr.dll
04.11.2005 18:03 319.488 nvrshe.dll
04.11.2005 18:03 253.952 nvrshu.dll
04.11.2005 18:03 274.432 nvrsit.dll
04.11.2005 18:03 258.048 nvrsja.dll
04.11.2005 18:03 253.952 nvrsko.dll
04.11.2005 18:03 266.240 nvrsnl.dll
04.11.2005 18:03 249.856 nvrsno.dll
04.11.2005 18:03 249.856 nvrspl.dll
04.11.2005 18:03 266.240 nvrspt.dll
04.11.2005 18:03 286.720 nvnt4cpl.dll
04.11.2005 18:03 262.144 nvrsptb.dll
04.11.2005 18:03 262.144 nvrsru.dll
04.11.2005 18:03 249.856 nvrssk.dll
04.11.2005 18:03 249.856 nvrssl.dll
04.11.2005 18:03 245.760 nvrssv.dll
04.11.2005 18:03 249.856 nvrstr.dll
04.11.2005 18:03 217.088 nvrszhc.dll
04.11.2005 18:03 118.784 nvrszht.dll
04.11.2005 18:03 466.944 nvshell.dll
04.11.2005 18:03 131.139 nvsvc32.exe
04.11.2005 18:03 73.728 nvtuicpl.cpl
04.11.2005 18:03 81.920 nvwddi.dll
04.11.2005 18:03 1.662.976 nvwdmcpl.dll
04.11.2005 18:03 1.019.904 nvwimg.dll
04.11.2005 18:03 282.624 nvwrsar.dll
04.11.2005 18:03 286.720 nvwrscs.dll
04.11.2005 18:03 294.912 nvwrsda.dll
04.11.2005 18:03 311.296 nvwrsde.dll
04.11.2005 18:03 335.872 nvwrsel.dll
04.11.2005 18:03 286.720 nvwrseng.dll
04.11.2005 18:03 335.872 nvwrses.dll
04.11.2005 18:03 327.680 nvwrsesm.dll
04.11.2005 18:03 303.104 nvwrsfi.dll
04.11.2005 18:03 327.680 nvwrsfr.dll
04.11.2005 18:03 278.528 nvwrshe.dll
04.11.2005 18:03 315.392 nvwrshu.dll
04.11.2005 18:03 323.584 nvwrsit.dll
04.11.2005 18:03 212.992 nvwrsja.dll
04.11.2005 18:03 196.608 nvwrsko.dll
04.11.2005 18:03 319.488 nvwrsnl.dll
04.11.2005 18:03 299.008 nvwrsno.dll
04.11.2005 18:03 294.912 nvwrspl.dll
04.11.2005 18:03 1.519.616 nwiz.exe
04.11.2005 18:03 323.584 nvwrspt.dll
04.11.2005 18:03 167.936 nvwrszht.dll
04.11.2005 18:03 163.840 nvwrszhc.dll
04.11.2005 18:03 303.104 nvwrstr.dll
04.11.2005 18:03 294.912 nvwrssv.dll
04.11.2005 18:03 303.104 nvwrssl.dll
04.11.2005 18:03 299.008 nvwrssk.dll
04.11.2005 18:03 315.392 nvwrsru.dll
04.11.2005 18:03 319.488 nvwrsptb.dll
03.11.2005 15:10 140.440 FNTCACHE.DAT
03.11.2005 14:32 398.316 perfh009.dat
03.11.2005 14:32 60.516 perfc009.dat
03.11.2005 14:32 409.160 perfh007.dat
03.11.2005 14:32 71.394 perfc007.dat
03.11.2005 14:32 899.884 PerfStringBackup.INI
03.11.2005 14:20 49.152 CompiledAdapter
10.10.2005 22:51 180.224 NVUNINST.EXE
10.10.2005 22:51 180.224 nvudisp.exe
10.10.2005 22:51 180.224 nvuide.exe
10.10.2005 22:51 180.224 nvusmb.exe
10.10.2005 22:51 180.224 nvunrm.exe
05.10.2005 03:09 2.301.792 MRT.exe
05.10.2005 01:26 3.013.120 mshtml.dll
02.10.2005 11:54 9.634 tgp1unin.isu
01.10.2005 13:28 8.464 sporder.dll
01.10.2005 13:28 303.104 rlls.dll
23.09.2005 04:06 8.491.520 shell32.dll
15.09.2005 13:24 3.712 jupdate-1.5.0_04-b05.log
12.09.2005 20:42 98.304 CmdLineExt.dll
12.09.2005 20:06 43.520 CmdLineExt03.dll
10.09.2005 02:54 2.067.968 cdosys.dll
03.09.2005 00:53 664.064 wininet.dll
03.09.2005 00:53 39.424 pngfilt.dll
03.09.2005 00:53 96.768 inseng.dll
03.09.2005 00:53 448.512 mshtmled.dll
03.09.2005 00:53 474.112 shlwapi.dll
03.09.2005 00:53 1.484.288 shdocvw.dll
03.09.2005 00:53 55.808 extmgr.dll
03.09.2005 00:53 530.432 mstime.dll
03.09.2005 00:53 146.432 msrating.dll
03.09.2005 00:53 205.312 dxtrans.dll
03.09.2005 00:53 605.696 urlmon.dll
03.09.2005 00:53 251.392 iepeers.dll
03.09.2005 00:53 152.064 cdfview.dll
03.09.2005 00:53 1.019.904 browseui.dll
03.09.2005 00:53 1.055.744 danim.dll
01.09.2005 02:44 292.352 winsrv.dll

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E023-1AE7

Verzeichnis von C:\DOKUME~1\Basti\LOKALE~1\Temp

22.11.2005 17:11 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}3964.html
22.11.2005 17:11 16.384 ~DFCCE3.tmp
22.11.2005 17:11 16.384 ~DFB7D4.tmp
22.11.2005 17:11 512 ~DFB7E1.tmp
22.11.2005 17:11 377 LVCOMSX.LOG
22.11.2005 17:11 204 jusched.log
6 Datei(en) 34.844 Bytes
0 Verzeichnis(se), 18.999.709.696 Bytes frei

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E023-1AE7

Verzeichnis von C:\WINDOWS

22.11.2005 17:09 1.157 winamp.ini
22.11.2005 16:30 2.048 bootstat.dat
21.11.2005 17:11 216 wiadebug.log
21.11.2005 17:11 1.988.515 WindowsUpdate.log
21.11.2005 16:56 50 wiaservc.log
21.11.2005 16:29 1.708 f8a6e46a985252f954b1ad79dfad7df1.ini
21.11.2005 16:07 2.620 ssconf2.bin
20.11.2005 19:34 1.409 QTFont.for
20.11.2005 19:34 54.156 QTFont.qfn
20.11.2005 16:37 583.245 setupapi.log
19.11.2005 12:03 60.416 ALCFDRTM.VER
18.11.2005 15:21 44.291 DirectX.log
10.11.2005 15:29 3.686.454 Firefox Wallpaper.bmp
06.11.2005 14:02 4.760 mozver.dat
05.11.2005 16:46 144 videodeLuxe.INI
03.11.2005 15:07 150.294 wmsetup.log
03.11.2005 14:18 32.418 SchedLgU.Txt
03.11.2005 14:11 0 0.log
15.10.2005 18:27 114 NVProfileManager.INI
13.10.2005 19:25 15.395 tabletoc.log
13.10.2005 19:25 156.273 tsoc.log
13.10.2005 19:25 22.459 KB901017.log
13.10.2005 19:25 118.827 comsetup.log
13.10.2005 19:25 18.437 ocmsn.log
13.10.2005 19:25 435.879 iis6.log
13.10.2005 19:25 1.393 imsins.log
13.10.2005 19:25 72.242 ntdtcsetup.log
13.10.2005 19:25 22.828 medctroc.Log
13.10.2005 19:25 16.738 msgsocm.log
13.10.2005 19:25 54.453 netfxocm.log
13.10.2005 19:25 176.596 ocgen.log
13.10.2005 19:25 317.991 FaxSetup.log
13.10.2005 19:25 115.410 msmqinst.log
13.10.2005 19:25 24.443 KB902400.log
13.10.2005 19:25 19.208 updspapi.log
13.10.2005 19:25 16.258 KB899589.log
13.10.2005 19:25 16.584 KB905414.log
13.10.2005 19:25 18.979 KB896688.log
13.10.2005 19:25 14.378 KB900725.log
13.10.2005 19:25 12.119 KB904706.log
13.10.2005 19:25 12.823 KB905749.log
02.10.2005 12:15 40 nero.INI
01.10.2005 15:28 99.970 UninstallFirefox.exe
27.09.2005 17:08 34 mswsyst.doc
25.09.2005 15:59 119 NVPerformance.INI
12.09.2005 17:00 653 win.ini
03.09.2005 13:56 1.452 COM+.log
03.09.2005 13:52 3.721 dahotfix.log
03.09.2005 13:52 19.538 dasetup.log
03.09.2005 13:15 170.821 setupact.log
02.09.2005 15:26 316.640 WMSysPr9.prx
29.08.2005 15:37 118.784 bwUnin-7.2.0.137-8876480SL.exe
27.08.2005 10:37 852 ODBC.INI
26.08.2005 13:39 101 msxmlcab.log
26.08.2005 13:38 81.920 bwUnin-6.1.4.68-8876480L.exe
19.08.2005 15:12 61 Prof.ini
19.08.2005 15:11 264 Clony2.ini

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E023-1AE7

Verzeichnis von C:\

22.11.2005 17:19 0 sys.txt
22.11.2005 17:19 10.761 system.txt
22.11.2005 17:18 585 systemtemp.txt
22.11.2005 17:16 113.281 system32.txt
22.11.2005 16:30 1.610.612.736 pagefile.sys
04.09.2005 14:12 348 checkrun.txt
26.08.2005 13:38 183 LogiSetup.log
24.08.2005 18:09 11 error.txt
22.08.2005 13:45 323 log.txt
19.08.2005 14:50 0 BHO.log
21.07.2005 18:37 11.332 ResponseXML.log
21.07.2005 18:37 10.828 ResponseText.log
21.07.2005 18:37 852 Request.log
21.07.2005 18:29 354 boot.ini
13.07.2005 12:49 34.308 BASSMOD.DLL
18.02.2005 18:29 2.423.619 candy shop.3gp
12.02.2005 12:03 2.960.516 PIMP.3gp
11.02.2005 16:15 31.829.504 temp.mpg
08.01.2005 22:28 211 BOOT.BKK
08.01.2005 22:25 47.564 NTDETECT.COM
08.01.2005 22:25 251.184 ntldr
08.01.2005 21:27 1.024 .rnd
08.01.2005 20:59 0 IO.SYS
08.01.2005 20:59 0 CONFIG.SYS
08.01.2005 20:59 0 MSDOS.SYS
08.01.2005 20:59 0 AUTOEXEC.BAT
23.12.2004 12:39 2.743.270 my boo video.3gp
01.09.2000 09:39 4.952 bootfont.bin
28 Datei(en) 1.651.057.746 Bytes
0 Verzeichnis(se), 18.999.693.312 Bytes frei

Ich weiß zwar net ob das die richtige Reihenfolge ist,
aber ich hoffe du kannst was mit anfangen,
VIELEN DANK

22.11.2005, 23:59

Sabina

Ehrenmitglied

Beiträge: 29434

#6 Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html
http://sandbox.norman.no/live_4.html

C:\WINDOWS\system32\nprotect.exe
C:\WINDOWS\wrutuf.exe
c:\windows\system32\rlls.dll
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\etb\pokapoka79.exe

LSPfix
http://www.spychecker.com/program/lspfix.html
hake an: "I know what Im doing"--Remove
und loesche die rlls.dll
(eventuell musst du die dll von links nach rechts bringen)

ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip
- entzippen
- scannen
- POST_THIS.TXT abkopieren
__________
MfG Sabina

rund um die PC-Sicherheit

23.11.2005, 16:00

kabeljau434

...neu hier

Themenstarter

Beiträge: 10

#7 Also, erstma nochma vielen Dank für deine Hilfe,
hier jetzt das Ergebnis:
C:\WINDOWS\system32\nprotect.exe existiert nicht oder zu groß

C:\WINDOWS\wrutuf.exe existiert nicht oder zu groß

c:\windows\system32\rlls.dll ->
This is a report processed by VirusTotal on 11/23/2005 at 15:51:01 (CET) after scanning the file "rlls.dll" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.23.2005 no virus found
Avast 4.6.695.0 11.22.2005 no virus found
AVG 718 11.23.2005 no virus found
Avira 6.32.0.6 11.23.2005 no virus found
BitDefender 7.2 11.23.2005 no virus found
CAT-QuickHeal 8.00 11.23.2005 no virus found
ClamAV devel-20051108 11.23.2005 no virus found
DrWeb 4.33 11.23.2005 no virus found
eTrust-Iris 7.1.194.0 11.23.2005 no virus found
eTrust-Vet 11.9.1.0 11.23.2005 no virus found
Fortinet 2.48.0.0 11.23.2005 suspicious
F-Prot 3.16c 11.23.2005 no virus found
Ikarus 0.2.59.0 11.23.2005 no virus found
Kaspersky 4.0.2.24 11.23.2005 no virus found
McAfee 4634 11.22.2005 no virus found
NOD32v2 1.1298 11.23.2005 no virus found
Norman 5.70.10 11.23.2005 no virus found
Panda 8.02.00 11.22.2005 no virus found
Sophos 3.99.0 11.23.2005 no virus found
Symantec 8.0 11.22.2005 no virus found
TheHacker 5.9.1.042 11.22.2005 no virus found
VBA32 3.10.5 11.23.2005 no virus found

C:\WINDOWS\system32\rlvknlg.exe ->
File size can't be more than 10 Megabytes.
You can't try compressing it.

Thanks you.

C:\WINDOWS\etb\pokapoka79.exe

File size can't be more than 10 Megabytes.
You can't try compressing it.

Thanks you.

Hier ServiceFilter Report:

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Professional
Version: 5.1.2600 Service Pack 2
Nov 23, 2005 16:00:13

---> Begin Service Listing <---

Unknown Service # 1
Service Name: AntiVirService
Display Name: AntiVir Service
Start Mode: Auto
Start Name: LocalSystem
Description: Permanenter Virenschutz mit der H+BEDV AntiVir ...
Service Type: Own Process
Path: "c:\programme\avpersonal\avguard.exe"
State: Running
Process ID: 1868
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 2
Service Name: app_filter
Display Name: app_filter
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\programme\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe
State: Running
Process ID: 2212
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 3
Service Name: AVWUpSrv
Display Name: AntiVir Update
Start Mode: Auto
Start Name: LocalSystem
Description: Hilfsdienst fuer AntiVir Personal ...
Service Type: Own Process
Path: "c:\programme\avpersonal\avwupsrv.exe"
State: Running
Process ID: 1880
Started: Wahr
Exit Code: 0
Accept Pause: Wahr
Accept Stop: Wahr

Unknown Service # 4
Service Name: ewido security suite control
Display Name: ewido security suite control
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\programme\ewido\security suite\ewidoctrl.exe
State: Running
Process ID: 1920
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 5
Service Name: ForcewareWebInterface
Display Name: Forceware Web Interface
Start Mode: Auto
Start Name: LocalSystem
Description: Apache...
Service Type: Own Process
Path: "c:\programme\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice
State: Running
Process ID: 1952
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 6
Service Name: IDriverT
Display Name: InstallDriver Table Manager
Start Mode: Manual
Start Name: LocalSystem
Description: Provides support for the Running Object Table for InstallShield ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\installshield\driver\11\intel 32\idrivert.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 7
Service Name: MainService
Display Name: Protected Exchange
Start Mode: Auto
Start Name: LocalSystem
Description: Provides encrypted communication for sensitive data, such as private keys, to prevent access by ...
Service Type: Own Process
Path: c:\windows\system32\nprotect.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 8
Service Name: nSvcIp
Display Name: ForceWare IP service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\programme\nvidia corporation\networkaccessmanager\bin\nsvcip.exe
State: Running
Process ID: 2000
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 9
Service Name: nSvcLog
Display Name: ForceWare user log service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\programme\nvidia corporation\networkaccessmanager\bin\nsvclog.exe
State: Running
Process ID: 236
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #10
Service Name: StyleXPService
Display Name: StyleXPService
Start Mode: Disabled
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\tgtsoft\stylexp\stylexpservice.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service #11
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Disabled
Start Name: LocalSystem
Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{e5c4f6c5-f80d-4d3e-b02e-e6828ccf4072}
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

---> End Service Listing <---

There are 93 Win32 services on this machine.
11 were unrecognized.

Script Execution Time: 0,75 seconds.

23.11.2005, 17:15

Sabina

Ehrenmitglied

Beiträge: 29434

#8
Start -> Ausfuehren --> schreib rein: notepad -- klicke OK.
oder , falls das kommando nicht stimmt, oeffne den Editor....

Dann kopiere folgenden Text rein:

sc stop MainService
sc delete MainService
del delete.bat

Auf dem Desktop abspeichern als "delete.bat". --> Doppeltklicken

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken
reinkopieren:

C:\WINDOWS\etb\pokapoka79.exe
C:\WINDOWS\system32\rlvknlg.exe
c:\windows\system32\nprotect.exe
C:\WINDOWS\wrutuf.exe

und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

PC neustarten

Killbox
DelTree (include SubDirectories)
Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories).
Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht.

C:\Program Files\Media Gateway
c:\programme\accoona
C:\WINDOWS\etb

PC neustarten

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400011&utm_
content=l
eftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400011&utm_
content=l
eftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [SystemService] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKLM\..\Run: [wrutuf] C:\WINDOWS\wrutuf.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe

O4 - Startup: Joint Operations Typhoon Rising Produktregistrierung.lnk = C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temp\{86F571DF-287A-455C-96E0-91F0C7C56660}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE

O18 - Protocol: bw+0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {988DA891-8C0D-4824-97BC-9BBE1EC7F539} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\system32\nprotect.exe

PC neustarten

Registry Search Tool
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
eventuelle Meldung vom Virenscanner --- > warnmeldung:bösartiges skript entdeckt --> ignorieren

Doppelklick:regsrch.vbs
reinkopieren:

MainService

Press 'OK'

warten, bis die Suche beendet ist. (Ergebnis bitte posten)

scanne und poste die scanreports
http://virus-protect.org/multiavtool.html

-------------------------------------------------------------------------------

Zitat

Info:Accoona\Toolbar
http://virus-protect.org/artikel/spyware/accoona.html

Zitat

Troj/Urbin-C is a Trojan for the Windows platform.
When Troj/Urbin-C is run it installs the following files:

<System>\Protected Exchange\hooklib.dll which is detected as Troj/Urbin-C.
<System>\Protected Exchange\loadsvc.exe which is detected as Troj/Urbin-C.

The file loadsvc.exe is registered as a new system driver service named "MainService", with a display name of "Protected Exchange" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\MainService\

The Trojan may redirect internet searches, display popups or modify contents of web pages
http://www.sophos.com/virusinfo/analyses/trojurbinc.html

__________
MfG Sabina

rund um die PC-Sicherheit

23.11.2005, 18:14

kabeljau434

...neu hier

Themenstarter

Beiträge: 10

#9 Hi also hier die Results...

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "MainService" 23.11.2005 18:09:17

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MAINSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MAINSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MAINSERVICE\0000]
"Service"="MainService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MainService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MainService\Security]

Virus-Search Result kommt sofort nach

23.11.2005, 18:17

Sabina

Ehrenmitglied

Beiträge: 29434

#10 Start -- Ausführen -- regedit

bearbeiten--> suchen--> MAINSERVICE

Klicke auf Bearbeiten -- Berechtigung und klicke dann auf Vollzugriff -- [Übernehmen] und auf [OK]. Erneuter [Rechtsklick] auf den Schlüssel und versuche diesen zu löschen.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MAINSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MainService

PC neustarten

scanne und poste die scanreports
http://virus-protect.org/multiavtool.html

---------------

Zitat

???????????????
21.11.2005 16:29 1.708 f8a6e46a985252f954b1ad79dfad7df1.ini
21.11.2005 16:07 2.620 ssconf2.bin

__________
MfG Sabina

rund um die PC-Sicherheit

23.11.2005, 21:20

kabeljau434

...neu hier

Themenstarter

Beiträge: 10

#11 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MainService
Bei dem Pfad bekomm ich irgendwie 8 Dateien angezeigt,
welche muss ich da genau löschen?
Bei dem ersten Pfad hat er zwei Dats gefunden und eine davon war löschbar.
Danke mfG
S.Merkhoffer

23.11.2005, 21:23

Sabina

Ehrenmitglied

Beiträge: 29434

#12 Klicke auf Bearbeiten -- Berechtigung und klicke dann auf Vollzugriff -- [Übernehmen] und auf [OK]. Erneuter [Rechtsklick] auf den Schlüssel und versuche diesen zu löschen.

alle loeschen

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MAINSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MainService

Zitat

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MAINSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MAINSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MAINSERVICE\0000]
"Service"="MainService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MainService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MainService\Security]

__________
MfG Sabina

rund um die PC-Sicherheit

23.11.2005, 21:27

kabeljau434

...neu hier

Themenstarter

Beiträge: 10

#13 Ok hab alle geloescht, nur dieses (Standard) war nicht löschbar.
Hier schonmal der Report von Trend Anti Virus:

3 files have been read.
3 files have been checked.
2 files have been scanned.
2 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/23/2005 21:05:14 0.00 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-11-23, 21:05:14, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.

MfG
Sebastian

23.11.2005, 21:48

Sabina

Ehrenmitglied

Beiträge: 29434

#14

Zitat

nur dieses (Standard) war nicht löschbar.

boote in den abgesicherten Modus ...F8 druecken, wenn der PC hochfaehrt...melde dich als Admin an und dort versuche den Schluessel zu loeschen.

wenn das fertig ist, scanne auch im abgesicherten Modus mit ewido und poste mir dann den scanbericht
http://virus-protect.org/ewido.html

(natuerlich den ewido laden, bevor du in den abgesicherten Modus gehst

)
__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1