Home » Spyware & Browser Hijacker Support Forum » SpyAxe (logfiles liegen bei) » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

SpyAxe (logfiles liegen bei)

Thema ist geschlossen!

08.12.2005, 13:39

bernd05

...neu hier

Beiträge: 10

#1 hi habe mir den SpyAxe eingefangen. anbei die 4 txtfiles.
was habe ich jetzt noch zu tun?
Vielen Dank für eure hilfe.
bernd

==========================================================
system32.txt
==========================================================
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 7447-AAAA

Verzeichnis von C:\WINDOWS\system32

08.12.2005 12:21 308 ncompat.tlb
08.12.2005 12:10 29.230 nvapps.xml
08.12.2005 12:10 24.064 ld2DBA.tmp
08.12.2005 12:10 20.480 hp2CC0.tmp
08.12.2005 11:16 36.864 intercept.dll
08.12.2005 10:52 20.480 hpF86B.tmp
08.12.2005 10:51 20.480 hpEEDA.tmp
08.12.2005 10:48 20.480 hpA2E7.tmp
08.12.2005 10:48 24.064 ldA279.tmp
07.12.2005 13:29 9.708 mssearchnet.exe
07.12.2005 13:29 13.884 nvctrl.exe
07.12.2005 13:26 14.400 mscornet.exe
06.12.2005 18:51 1.374 wpa.dbl
13.11.2005 12:45 176.167 rmoc3260.dll
13.11.2005 12:45 5.632 pndx5032.dll
13.11.2005 12:45 6.656 pndx5016.dll
13.11.2005 12:45 278.528 pncrt.dll
10.11.2005 16:17 210.488 FNTCACHE.DAT
09.11.2005 13:13 25.128 productregistry
07.11.2005 12:30 10.941 PQ_DEBUG.TXT
02.11.2005 06:34 2.377.568 MRT.exe
01.11.2005 17:15 393.524 perfh009.dat
01.11.2005 17:15 406.534 perfh007.dat
01.11.2005 17:15 59.156 perfc009.dat
01.11.2005 17:15 71.448 perfc007.dat
01.11.2005 17:15 937.188 PerfStringBackup.INI
20.10.2005 15:37 24.924 openports.dll
20.10.2005 15:37 40.960 SDelete.dll
06.10.2005 04:18 280.064 gdi32.dll
06.10.2005 04:08 1.839.616 win32k.sys
04.10.2005 16:26 3.013.120 mshtml.dll
23.09.2005 04:06 8.491.520 shell32.dll
10.09.2005 02:54 2.067.968 cdosys.dll
03.09.2005 00:53 664.064 wininet.dll
03.09.2005 00:53 474.112 shlwapi.dll
03.09.2005 00:53 55.808 extmgr.dll
03.09.2005 00:53 146.432 msrating.dll
03.09.2005 00:53 1.484.288 shdocvw.dll
03.09.2005 00:53 530.432 mstime.dll
03.09.2005 00:53 251.392 iepeers.dll
03.09.2005 00:53 96.768 inseng.dll
03.09.2005 00:53 39.424 pngfilt.dll
03.09.2005 00:53 205.312 dxtrans.dll
03.09.2005 00:53 448.512 mshtmled.dll
03.09.2005 00:53 605.696 urlmon.dll
03.09.2005 00:53 1.055.744 danim.dll
03.09.2005 00:53 1.019.904 browseui.dll
03.09.2005 00:53 152.064 cdfview.dll
01.09.2005 02:44 292.352 winsrv.dll
01.09.2005 02:44 19.968 linkinfo.dll
==========================================================
systemtemp.txt
==========================================================
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 7447-AAAA

Verzeichnis von C:\DOKUME~1\HOMEBE~1.000\LOKALE~1\Temp

15.11.2005 14:32 24.613 IadHide5.dll
1 Datei(en) 24.613 Bytes
0 Verzeichnis(se), 568.834.048 Bytes frei
==========================================================
system.txt
==========================================================
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 7447-AAAA

Verzeichnis von C:\WINDOWS

08.12.2005 12:14 165.291 setupact.log
08.12.2005 12:10 51 iTouch.ini
08.12.2005 11:16 36.864 intercept.dll -->>> ????????????
08.12.2005 10:51 1.772.564 WindowsUpdate.log
08.12.2005 10:48 0 0.log
08.12.2005 10:48 50 wiaservc.log
08.12.2005 10:48 159 wiadebug.log
08.12.2005 10:48 2.048 bootstat.dat
07.12.2005 19:00 32.618 SchedLgU.Txt
07.12.2005 12:59 891.684 setupapi.log
04.12.2005 11:23 512 ODBC.INI
28.11.2005 14:21 94.218 wmsetup.log
24.11.2005 19:08 26.959 DirectX.log
24.11.2005 18:42 116 NeroDigital.ini
15.11.2005 14:32 118.784 bwUnin-7.2.0.157-8876480SL.exe
10.11.2005 12:58 396.233 iis6.log
10.11.2005 12:58 72.170 ntdtcsetup.log
10.11.2005 12:58 117.784 comsetup.log
10.11.2005 12:58 16.441 tabletoc.log
10.11.2005 12:58 17.682 ocmsn.log
10.11.2005 12:58 148.106 tsoc.log
10.11.2005 12:58 1.393 imsins.log
10.11.2005 12:58 11.797 KB896424.log
10.11.2005 12:58 54.769 netfxocm.log
10.11.2005 12:58 22.820 medctroc.Log
10.11.2005 12:58 16.017 msgsocm.log
10.11.2005 12:58 163.979 ocgen.log
10.11.2005 12:58 306.976 FaxSetup.log
10.11.2005 12:58 106.656 msmqinst.log
10.11.2005 12:57 22.839 updspapi.log
05.11.2005 12:06 158 matlab.ini
01.11.2005 18:22 1.454 COM+.log
18.10.2005 13:24 1.393 imsins.BAK
18.10.2005 13:24 23.710 KB901017.log
18.10.2005 13:24 26.047 KB902400.log
18.10.2005 13:23 15.912 KB896688.log
18.10.2005 13:23 13.890 KB899589.log
18.10.2005 13:23 14.207 KB905414.log
18.10.2005 13:23 13.964 KB900725.log
18.10.2005 13:23 11.341 KB904706.log
18.10.2005 13:23 17.642 KB905749.log
==========================================================
sys.txt
==========================================================
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 7447-AAAA

Verzeichnis von C:\

08.12.2005 12:22 0 sys.txt
08.12.2005 12:22 9.178 system.txt
08.12.2005 12:22 293 systemtemp.txt
08.12.2005 12:21 106.005 system32.txt
08.12.2005 12:11 1.452 smitfiles.txt
08.12.2005 10:48 805.306.368 pagefile.sys
01.09.2005 07:40 23.606.130 AVG7DB_F.DAT
27.08.2005 10:45 303 boot.ini
14.01.2005 19:33 47.564 NTDETECT.COM
14.01.2005 19:33 251.184 ntldr
13.01.2005 13:34 0 AUTOEXEC.BAT
24.11.2004 19:25 12.227.483 AVG7QT.DAT
24.11.2004 19:18 0 itouch_config_crash_info.txt
02.11.2004 08:49 1.071.700 AVG6DB_F.DAT
29.10.2004 18:25 0 itouch_crash_info.txt

09.12.2005, 01:02

Argus

Ehrenmitglied

Beiträge: 6028

#2 SmitRem2.8
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

öffne smitRem folder,Doppelklick: RunThis.bat
warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal)
suche smitfiles.txt und kopiere die Textdatei in den Thread

Dan nochmal die 4textfiles von datfindbat (neue bitte)

und ein log von Hijack This
http://virus-protect.org/hjtkurz.html
__________
MfG Argus

09.12.2005, 01:20

Sabina

Ehrenmitglied

Beiträge: 29434

#3 bernd05

mache bitte, was Arnold geschrieben hat...du bist nun ein "Versuchskaninchen"

Wir wollen sehen, ob das Entfernungstool ausreicht, oder ob du vielen vielen andere Schritte bis zur Reinigung ausfuehren musst.

kleiner Vorgeschmack:
http://virus-protect.org/artikel/spyware/spyaxe.html

wenn die Viren dann weg sein sollten, brauchen wir nur noch die Registry zu reinigen

__________
MfG Sabina

rund um die PC-Sicherheit

09.12.2005, 15:24

bernd05

...neu hier

Themenstarter

Beiträge: 10

#4 hi hier das smitfile

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [Version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

1024 dir
ld****.tmp
ncompat.tlb
hp***.tmp
logfiles

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1532 'explorer.exe'

Starting registry repairs

Deleting files

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

die 4 txtfiles:
=======================================================
system32.txt
=======================================================
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 7447-AAAA

Verzeichnis von C:\WINDOWS\system32

09.12.2005 15:12 1.374 wpa.dbl
08.12.2005 19:38 2.158 tmmute.ini
08.12.2005 18:58 0 asfiles.txt
08.12.2005 18:52 2.550 Uninstall.ico
08.12.2005 18:52 1.406 Help.ico
08.12.2005 18:52 1.718 Open.ico
08.12.2005 18:51 1.406 AddQuit.ico
08.12.2005 18:51 5.350 IE.ico
08.12.2005 18:51 9.470 Desktop.ico
08.12.2005 18:51 1.718 Quick.ico
08.12.2005 11:16 36.864 intercept.dll
13.11.2005 12:45 176.167 rmoc3260.dll
13.11.2005 12:45 5.632 pndx5032.dll
13.11.2005 12:45 6.656 pndx5016.dll
13.11.2005 12:45 278.528 pncrt.dll
10.11.2005 16:17 210.488 FNTCACHE.DAT
09.11.2005 13:13 25.128 productregistry
07.11.2005 12:30 10.941 PQ_DEBUG.TXT
02.11.2005 06:34 2.377.568 MRT.exe
01.11.2005 17:15 393.524 perfh009.dat
01.11.2005 17:15 406.534 perfh007.dat
01.11.2005 17:15 59.156 perfc009.dat
01.11.2005 17:15 71.448 perfc007.dat
01.11.2005 17:15 937.188 PerfStringBackup.INI
20.10.2005 15:37 24.924 openports.dll
20.10.2005 15:37 40.960 SDelete.dll
06.10.2005 04:18 280.064 gdi32.dll
06.10.2005 04:08 1.839.616 win32k.sys
04.10.2005 16:26 3.013.120 mshtml.dll
23.09.2005 04:06 8.491.520 shell32.dll
10.09.2005 02:54 2.067.968 cdosys.dll
03.09.2005 00:53 664.064 wininet.dll
03.09.2005 00:53 55.808 extmgr.dll
03.09.2005 00:53 146.432 msrating.dll
03.09.2005 00:53 530.432 mstime.dll
03.09.2005 00:53 96.768 inseng.dll
03.09.2005 00:53 605.696 urlmon.dll
03.09.2005 00:53 251.392 iepeers.dll
03.09.2005 00:53 1.484.288 shdocvw.dll
03.09.2005 00:53 39.424 pngfilt.dll
03.09.2005 00:53 474.112 shlwapi.dll
03.09.2005 00:53 205.312 dxtrans.dll
03.09.2005 00:53 448.512 mshtmled.dll
03.09.2005 00:53 1.055.744 danim.dll
03.09.2005 00:53 1.019.904 browseui.dll
03.09.2005 00:53 152.064 cdfview.dll
01.09.2005 02:44 292.352 winsrv.dll
01.09.2005 02:44 19.968 linkinfo.dll

=======================================================
systemtemp.txt
=======================================================
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 7447-AAAA

Verzeichnis von C:\DOKUME~1\HOMEBE~1.000\LOKALE~1\Temp

09.12.2005 15:13 32.768 ~DFA21D.tmp
09.12.2005 15:12 16.384 ~DFE655.tmp
09.12.2005 15:12 49.152 ~DFAADC.tmp
15.11.2005 14:32 24.613 IadHide5.dll
4 Datei(en) 122.917 Bytes
0 Verzeichnis(se), 278.332.928 Bytes frei

=======================================================
system.txt
=======================================================
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 7447-AAAA

Verzeichnis von C:\WINDOWS

09.12.2005 15:19 165.531 setupact.log
09.12.2005 15:12 51 iTouch.ini
09.12.2005 15:12 0 0.log
09.12.2005 15:12 1.835.107 WindowsUpdate.log
09.12.2005 15:12 50 wiaservc.log
09.12.2005 15:12 159 wiadebug.log
09.12.2005 15:12 32.622 SchedLgU.Txt
09.12.2005 15:12 2.048 bootstat.dat
08.12.2005 18:56 642 win.ini
08.12.2005 18:53 913.554 setupapi.log
08.12.2005 17:36 0 Lic.xxx
08.12.2005 17:04 119.780 ntbtlog.txt
08.12.2005 11:16 36.864 intercept.dll
04.12.2005 11:23 512 ODBC.INI
28.11.2005 14:21 94.218 wmsetup.log
24.11.2005 19:08 26.959 DirectX.log
24.11.2005 18:42 116 NeroDigital.ini
15.11.2005 14:32 118.784 bwUnin-7.2.0.157-8876480SL.exe
10.11.2005 12:58 396.233 iis6.log
10.11.2005 12:58 72.170 ntdtcsetup.log
10.11.2005 12:58 117.784 comsetup.log
10.11.2005 12:58 16.441 tabletoc.log
10.11.2005 12:58 1.393 imsins.log
10.11.2005 12:58 148.106 tsoc.log
10.11.2005 12:58 17.682 ocmsn.log
10.11.2005 12:58 11.797 KB896424.log
10.11.2005 12:58 54.769 netfxocm.log
10.11.2005 12:58 16.017 msgsocm.log
10.11.2005 12:58 163.979 ocgen.log
10.11.2005 12:58 22.820 medctroc.Log
10.11.2005 12:58 306.976 FaxSetup.log
10.11.2005 12:58 106.656 msmqinst.log
10.11.2005 12:57 22.839 updspapi.log
05.11.2005 12:06 158 matlab.ini
01.11.2005 18:22 1.454 COM+.log
18.10.2005 13:24 1.393 imsins.BAK
18.10.2005 13:24 23.710 KB901017.log
18.10.2005 13:24 26.047 KB902400.log
18.10.2005 13:23 15.912 KB896688.log
18.10.2005 13:23 13.890 KB899589.log
18.10.2005 13:23 14.207 KB905414.log
18.10.2005 13:23 13.964 KB900725.log
18.10.2005 13:23 11.341 KB904706.log
18.10.2005 13:23 17.642 KB905749.log
=======================================================
sys.txt
=======================================================
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 7447-AAAA

Verzeichnis von C:\

09.12.2005 15:25 0 sys.txt
09.12.2005 15:25 9.303 system.txt
09.12.2005 15:25 440 systemtemp.txt
09.12.2005 15:25 105.790 system32.txt
09.12.2005 15:15 1.299 smitfiles.txt
09.12.2005 15:12 805.306.368 pagefile.sys
08.12.2005 17:36 2 AVPCallback.log
01.09.2005 07:40 23.606.130 AVG7DB_F.DAT
27.08.2005 10:45 303 boot.ini
14.01.2005 19:33 47.564 NTDETECT.COM
14.01.2005 19:33 251.184 ntldr
13.01.2005 13:34 0 AUTOEXEC.BAT
24.11.2004 19:25 12.227.483 AVG7QT.DAT
24.11.2004 19:18 0 itouch_config_crash_info.txt
02.11.2004 08:49 1.071.700 AVG6DB_F.DAT
29.10.2004 18:25 0 itouch_crash_info.txt

und das hijack file:

Logfile of HijackThis v1.99.1
Scan saved at 15:28:33, on 09.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Grisoft\AVGFRE~1\avgamsvr.exe
D:\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
D:\D-Link\Air USB Utility\AirCFG.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
D:\Grisoft\AVGFRE~1\avgcc.exe
D:\Logitech\iTouch\iTouch.exe
C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
D:\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\taskswitch.exe
D:\Grisoft\AVGFRE~1\avgemc.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
D:\CounterSpy\Consumer\sunserver.exe
D:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Messenger\msmsgs.exe
D:\Skype\Phone\Skype.exe
D:\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\System32\svchost.exe
D:\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\explorer.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\HiJackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [D-Link Air USB Utility] D:\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AudioDeck] C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Win32] C:\Win32\dll\Win32k.exe -starthide C:\Win32\dll\Win32.exe -local
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [AVG7_EMC] D:\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinPatrol] D:\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [stnospy] C:\Programme\SinEspias\no-spy.exe /autorun
O4 - HKLM\..\Run: [SunServer] D:\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [LDM] D:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] àý¥@øýDþÃìÑwÒìÑw¥@¥@ þ°ÿ”ÔwØìÑwÿÿÿÿÒìÑwÛmÒwxþˆþëmÒw ˆþÌþãê‘:xþ0}M¾ômÒwæUèè¥@¥@Ìþ”êÓw$¥@¥@è¤@¥@3Ósè¤@_µÓsè¤@è¤@
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = D:\TrendMicro\Tmas.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - D:\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} - https://www.cortronik.co.at/jinitiator/jinit.exe
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp05.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CAF8926-F2DE-42FF-A113-B7D2F787AE5C}: NameServer = 195.34.133.13,195.34.133.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{4407F636-8388-4666-9886-9F77DE8ABCB6}: NameServer = 195.34.133.13,195.34.133.20
O18 - Protocol: bw+0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: offline-8876480 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - D:\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - D:\Spyware Doctor\sdhelp.exe

habs glaub ich mittlerweile geschafft spyaxe durch diverse anleitungen zu entfernen (zumindest die offensichtlichen kennzeichen: systemtray-popup und startseite) kann aber nicht sagen ob das alles war oder ob ich sonst noch was drauf habe.
könnt ihr mir eine gute / freeware antispyware empfehlen und zwar eine die nicht nur neuangriffe verhindert sondern auch eventuelle infizierungen entfernt. der spydoctor findet leider noch so einiges auf meinem system allerdings kann der in der demoversion die gefundenen sachen nicht entfernen.

thanks a lot
bernd

Dieser Beitrag wurde am 09.12.2005 um 15:32 Uhr von bernd05 editiert.

09.12.2005, 16:04

Sabina

Ehrenmitglied

Beiträge: 29434

#5 bernd05

http://www.malwareupload.com/
Log Dich mit Deiner E-Mail Adresse bei Malwareupload ein und lade die suspekte Datei hoch. Du wirst so schnell wie möglich per E-Mail darüber informiert, ob die Datei wirklich schädlich ist und um welchen Schädling es sich handelt.

C:\Win32\dll\Win32k.exe

Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html

C:\Win32\dll\Win32k.exe

..................................................................

Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

PowerBar

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

----------------------------------------------------------------------------
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

falls es ein wichtiger Eintrag ist...fixe noch nicht..ich weiss nicht, was es ist...
O4 - HKLM\..\Run: [Win32] C:\Win32\dll\Win32k.exe -starthide C:\Win32\dll\Win32.exe -local

O4 - HKLM\..\Run: [stnospy] C:\Programme\SinEspias\no-spy.exe /autorun
O4 - HKCU\..\Run: [LDM] D:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [PowerBar] àý¥@øýDþÃìÑwÒìÑw¥@¥@ þ°ÿ”ÔwØìÑwÿÿÿÿÒìÑwÛmÒwxþˆþëmÒw ˆþÌþãê‘:xþ0}M¾ômÒwæUèè¥@¥@Ìþ”êÓw$¥@¥@è¤@¥@3Ósè¤@_µÓsè¤@è¤@

O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O18 - Protocol: bw+0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

PC neustarten

loesche.
C:\Programme\SinEspias

scanne mit Kaspersky und poste den scanbericht
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

09.12.2005, 17:01

bernd05

...neu hier

Themenstarter

Beiträge: 10

#6 win32k.exe hochgeladen

Antwort:
Hallo,
Wir haben Ihre Datei Win32k.exe überprüft und kamen zu folgendem Ergebnis:
Riskware.HideIt

hier das research file:
REGEDIT4

; Registry Search by Bobbi Flekman
; Version: 1.0.2.1

; Results at 09.12.2005 16:54:05 for strings:
; 'powerbar'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_LOCAL_MACHINE\SOFTWARE\CyberLink\PowerBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PowerBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PowerBar]
@="D:\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe"

[HKEY_USERS\S-1-5-21-515967899-583907252-839522115-1003\Software\Cyberlink\PowerBar]

[HKEY_USERS\S-1-5-21-515967899-583907252-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="àý¥@øýDþÃìÑwÒìÑw¥@¥@ þ°ÿ”ÔwØìÑwÿÿÿÿÒìÑwÛmÒwxþˆþëmÒw ˆþÌþãê‘:xþ0}M¾ômÒwæUèè¥@¥@Ìþ”êÓw$¥@¥@è¤@¥@3Ósè¤@_µÓsè¤@è¤@"

; End Of The Log...

welche einträge soll ich nun genau mit dem hijack fixen?

vielen dank,
bernd

Dieser Beitrag wurde am 09.12.2005 um 17:10 Uhr von bernd05 editiert.

09.12.2005, 18:15

Sabina

Ehrenmitglied

Beiträge: 29434

Zitat

wo hast du das geladen ???????D:\\CyberLink DVD Solution

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

REGEDIT4

[HKEY_USERS\S-1-5-21-515967899-583907252-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"=-

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O4 - HKLM\..\Run: [Win32] C:\Win32\dll\Win32k.exe -starthide C:\Win32\dll\Win32.exe -local

O4 - HKLM\..\Run: [stnospy] C:\Programme\SinEspias\no-spy.exe /autorun
O4 - HKCU\..\Run: [LDM] D:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [PowerBar] àý¥@øýDþÃìÑwÒìÑw¥@¥@ þ°ÿ”ÔwØìÑwÿÿÿÿÒìÑwÛmÒwxþˆþëmÒw ˆþÌþãê‘:xþ0}M¾ômÒwæUèè¥@¥@Ìþ”êÓw$¥@¥@è¤@¥@3Ósè¤@_µÓsè¤@è¤@

O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O18 - Protocol: bw+0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D6639831-212C-4C9C-A8FF-BD21B5F5B7FF} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

PC neustarten
Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken

Counterspy
Klicke: "Run a Spyware Scan Now"
- nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)
__________
MfG Sabina

rund um die PC-Sicherheit

09.12.2005, 20:07

bernd05

...neu hier

Themenstarter

Beiträge: 10

#8 Zitat:
wo hast du das geladen ???????D:\\CyberLink DVD Solution

keine ahnung was du damit meinst.

hier der counterspy rep:

Spyware Scan Details
Start Date: 09.12.2005 19:12:51
End Date: 09.12.2005 19:57:34
Total Time: 44 mins 43 secs

Detected spyware

eDonkey2000 P2P more information...
Details: eDonkey2000 is a P2P file sharing program that bundles adware/spyware such as Webhancer, Web Search Toolbar and New.Net.
Status: Ignored

Infected files detected
c:\dokumente und einstellungen\home.bernd.000\anwendungsdaten\microsoft\internet explorer\quick launch\edonkey2000.lnk

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 D:\eDonkey2000\plugins\ed2kie.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 ThreadingModel Both
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\TypeLib {379919F2-1612-45B7-B9F4-773F6D5214F5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 DisplayName eDonkey2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 UninstallString "D:\eDonkey2000\uninstall_eDonkey2000.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 DisplayIcon "D:\eDonkey2000\eDonkey2000.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 NoModify 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 NoRepair 1

CGI-Bin Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\home.bernd.000\cookies\home@cgi-bin[2].txt

DoubleClick Cookie more information...
Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising.
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\home.bernd.000\cookies\home@doubleclick[1].txt

SageAnalyst Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\home.bernd.000\cookies\home@sageanalyst[1].txt

habe noch einen zusätzlichen Scan mit dem spywaredoctor gemacht und der lieferte folgendes:

Spyware Doctor Activitätsreport
Erstellt am 10.12.2005 17:09:38 Spyware Doctor-Homepage PC Tools Homepage Technische Unterstützung

Suchen (grundsätzliche Information):

Suchergebnisse:
Suche starten: 10.12.2005 17:13:33
suche anhalten: 10.12.2005 17:44:59
durchsuchte Objekte: 206999
gefundene Objekte: 154
gefunden und ignoriert: 0
verwendete Werkzeuge: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Cookie Scanner, Laufwerk Scanner

Name der Infizierung Standort Risiko
IST Unknown Variant HKCU\software\microsoft\windows\currentversion\run##start wingman profiler Mittel
SpyAxe HKCR\Interface\{0F68A8AA-A9A8-4711-BE36-AE363EFA6443} Erhöht
SpyAxe HKCR\Interface\{0F68A8AA-A9A8-4711-BE36-AE363EFA6443}## Erhöht
SpyAxe HKCR\Interface\{0F68A8AA-A9A8-4711-BE36-AE363EFA6443}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{0F68A8AA-A9A8-4711-BE36-AE363EFA6443}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{0F68A8AA-A9A8-4711-BE36-AE363EFA6443}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{0F68A8AA-A9A8-4711-BE36-AE363EFA6443}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{0F68A8AA-A9A8-4711-BE36-AE363EFA6443}\TypeLib Erhöht
SpyAxe HKCR\Interface\{0F68A8AA-A9A8-4711-BE36-AE363EFA6443}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{0F68A8AA-A9A8-4711-BE36-AE363EFA6443}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{28420952-C82B-47D9-A042-FA2217D8A082} Erhöht
SpyAxe HKCR\Interface\{28420952-C82B-47D9-A042-FA2217D8A082}## Erhöht
SpyAxe HKCR\Interface\{28420952-C82B-47D9-A042-FA2217D8A082}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{28420952-C82B-47D9-A042-FA2217D8A082}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{28420952-C82B-47D9-A042-FA2217D8A082}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{28420952-C82B-47D9-A042-FA2217D8A082}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{28420952-C82B-47D9-A042-FA2217D8A082}\TypeLib Erhöht
SpyAxe HKCR\Interface\{28420952-C82B-47D9-A042-FA2217D8A082}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{28420952-C82B-47D9-A042-FA2217D8A082}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{3C099C83-8587-4B35-8AF0-FC3A169CE14F} Erhöht
SpyAxe HKCR\Interface\{3C099C83-8587-4B35-8AF0-FC3A169CE14F}## Erhöht
SpyAxe HKCR\Interface\{3C099C83-8587-4B35-8AF0-FC3A169CE14F}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{3C099C83-8587-4B35-8AF0-FC3A169CE14F}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{3C099C83-8587-4B35-8AF0-FC3A169CE14F}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{3C099C83-8587-4B35-8AF0-FC3A169CE14F}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{3C099C83-8587-4B35-8AF0-FC3A169CE14F}\TypeLib Erhöht
SpyAxe HKCR\Interface\{3C099C83-8587-4B35-8AF0-FC3A169CE14F}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{3C099C83-8587-4B35-8AF0-FC3A169CE14F}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{3FE13F31-E890-4C37-8213-4B5F9A511C26} Erhöht
SpyAxe HKCR\Interface\{3FE13F31-E890-4C37-8213-4B5F9A511C26}## Erhöht
SpyAxe HKCR\Interface\{3FE13F31-E890-4C37-8213-4B5F9A511C26}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{3FE13F31-E890-4C37-8213-4B5F9A511C26}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{3FE13F31-E890-4C37-8213-4B5F9A511C26}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{3FE13F31-E890-4C37-8213-4B5F9A511C26}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{3FE13F31-E890-4C37-8213-4B5F9A511C26}\TypeLib Erhöht
SpyAxe HKCR\Interface\{3FE13F31-E890-4C37-8213-4B5F9A511C26}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{3FE13F31-E890-4C37-8213-4B5F9A511C26}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{4CAD27DC-1B60-42F4-820E-316FE0A13512} Erhöht
SpyAxe HKCR\Interface\{4CAD27DC-1B60-42F4-820E-316FE0A13512}## Erhöht
SpyAxe HKCR\Interface\{4CAD27DC-1B60-42F4-820E-316FE0A13512}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{4CAD27DC-1B60-42F4-820E-316FE0A13512}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{4CAD27DC-1B60-42F4-820E-316FE0A13512}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{4CAD27DC-1B60-42F4-820E-316FE0A13512}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{4CAD27DC-1B60-42F4-820E-316FE0A13512}\TypeLib Erhöht
SpyAxe HKCR\Interface\{4CAD27DC-1B60-42F4-820E-316FE0A13512}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{4CAD27DC-1B60-42F4-820E-316FE0A13512}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{54874D12-C0C6-44CC-83FB-2C35202F881B} Erhöht
SpyAxe HKCR\Interface\{54874D12-C0C6-44CC-83FB-2C35202F881B}## Erhöht
SpyAxe HKCR\Interface\{54874D12-C0C6-44CC-83FB-2C35202F881B}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{54874D12-C0C6-44CC-83FB-2C35202F881B}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{54874D12-C0C6-44CC-83FB-2C35202F881B}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{54874D12-C0C6-44CC-83FB-2C35202F881B}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{54874D12-C0C6-44CC-83FB-2C35202F881B}\TypeLib Erhöht
SpyAxe HKCR\Interface\{54874D12-C0C6-44CC-83FB-2C35202F881B}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{54874D12-C0C6-44CC-83FB-2C35202F881B}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{54A3200B-D76E-48D1-B35C-D87EAF6D90BD} Erhöht
SpyAxe HKCR\Interface\{54A3200B-D76E-48D1-B35C-D87EAF6D90BD}## Erhöht
SpyAxe HKCR\Interface\{54A3200B-D76E-48D1-B35C-D87EAF6D90BD}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{54A3200B-D76E-48D1-B35C-D87EAF6D90BD}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{54A3200B-D76E-48D1-B35C-D87EAF6D90BD}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{54A3200B-D76E-48D1-B35C-D87EAF6D90BD}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{54A3200B-D76E-48D1-B35C-D87EAF6D90BD}\TypeLib Erhöht
SpyAxe HKCR\Interface\{54A3200B-D76E-48D1-B35C-D87EAF6D90BD}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{54A3200B-D76E-48D1-B35C-D87EAF6D90BD}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{663DFE59-032C-46FB-A09A-FFC2DC074F54} Erhöht
SpyAxe HKCR\Interface\{663DFE59-032C-46FB-A09A-FFC2DC074F54}## Erhöht
SpyAxe HKCR\Interface\{663DFE59-032C-46FB-A09A-FFC2DC074F54}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{663DFE59-032C-46FB-A09A-FFC2DC074F54}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{663DFE59-032C-46FB-A09A-FFC2DC074F54}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{663DFE59-032C-46FB-A09A-FFC2DC074F54}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{663DFE59-032C-46FB-A09A-FFC2DC074F54}\TypeLib Erhöht
SpyAxe HKCR\Interface\{663DFE59-032C-46FB-A09A-FFC2DC074F54}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{663DFE59-032C-46FB-A09A-FFC2DC074F54}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{69CE4FBC-4861-4206-8211-DD5A9EE79AD3} Erhöht
SpyAxe HKCR\Interface\{69CE4FBC-4861-4206-8211-DD5A9EE79AD3}## Erhöht
SpyAxe HKCR\Interface\{69CE4FBC-4861-4206-8211-DD5A9EE79AD3}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{69CE4FBC-4861-4206-8211-DD5A9EE79AD3}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{69CE4FBC-4861-4206-8211-DD5A9EE79AD3}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{69CE4FBC-4861-4206-8211-DD5A9EE79AD3}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{69CE4FBC-4861-4206-8211-DD5A9EE79AD3}\TypeLib Erhöht
SpyAxe HKCR\Interface\{69CE4FBC-4861-4206-8211-DD5A9EE79AD3}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{69CE4FBC-4861-4206-8211-DD5A9EE79AD3}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{AFA9056F-AA11-4771-AE01-04ECFDE18206} Erhöht
SpyAxe HKCR\Interface\{AFA9056F-AA11-4771-AE01-04ECFDE18206}## Erhöht
SpyAxe HKCR\Interface\{AFA9056F-AA11-4771-AE01-04ECFDE18206}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{AFA9056F-AA11-4771-AE01-04ECFDE18206}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{AFA9056F-AA11-4771-AE01-04ECFDE18206}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{AFA9056F-AA11-4771-AE01-04ECFDE18206}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{AFA9056F-AA11-4771-AE01-04ECFDE18206}\TypeLib Erhöht
SpyAxe HKCR\Interface\{AFA9056F-AA11-4771-AE01-04ECFDE18206}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{AFA9056F-AA11-4771-AE01-04ECFDE18206}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{B8F2487F-AA6A-4914-9A3F-DB84E6868D66} Erhöht
SpyAxe HKCR\Interface\{B8F2487F-AA6A-4914-9A3F-DB84E6868D66}## Erhöht
SpyAxe HKCR\Interface\{B8F2487F-AA6A-4914-9A3F-DB84E6868D66}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{B8F2487F-AA6A-4914-9A3F-DB84E6868D66}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{B8F2487F-AA6A-4914-9A3F-DB84E6868D66}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{B8F2487F-AA6A-4914-9A3F-DB84E6868D66}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{B8F2487F-AA6A-4914-9A3F-DB84E6868D66}\TypeLib Erhöht
SpyAxe HKCR\Interface\{B8F2487F-AA6A-4914-9A3F-DB84E6868D66}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{B8F2487F-AA6A-4914-9A3F-DB84E6868D66}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{E4645720-E02F-4BB2-8E6D-BE7653DD1BF2} Erhöht
SpyAxe HKCR\Interface\{E4645720-E02F-4BB2-8E6D-BE7653DD1BF2}## Erhöht
SpyAxe HKCR\Interface\{E4645720-E02F-4BB2-8E6D-BE7653DD1BF2}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{E4645720-E02F-4BB2-8E6D-BE7653DD1BF2}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{E4645720-E02F-4BB2-8E6D-BE7653DD1BF2}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{E4645720-E02F-4BB2-8E6D-BE7653DD1BF2}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{E4645720-E02F-4BB2-8E6D-BE7653DD1BF2}\TypeLib Erhöht
SpyAxe HKCR\Interface\{E4645720-E02F-4BB2-8E6D-BE7653DD1BF2}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{E4645720-E02F-4BB2-8E6D-BE7653DD1BF2}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{FA46B160-C9DD-4040-B9D9-CCF5D3DB5438} Erhöht
SpyAxe HKCR\Interface\{FA46B160-C9DD-4040-B9D9-CCF5D3DB5438}## Erhöht
SpyAxe HKCR\Interface\{FA46B160-C9DD-4040-B9D9-CCF5D3DB5438}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{FA46B160-C9DD-4040-B9D9-CCF5D3DB5438}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{FA46B160-C9DD-4040-B9D9-CCF5D3DB5438}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{FA46B160-C9DD-4040-B9D9-CCF5D3DB5438}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{FA46B160-C9DD-4040-B9D9-CCF5D3DB5438}\TypeLib Erhöht
SpyAxe HKCR\Interface\{FA46B160-C9DD-4040-B9D9-CCF5D3DB5438}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{FA46B160-C9DD-4040-B9D9-CCF5D3DB5438}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{FC1F0C2C-8117-427D-816C-215B68524F74} Erhöht
SpyAxe HKCR\Interface\{FC1F0C2C-8117-427D-816C-215B68524F74}## Erhöht
SpyAxe HKCR\Interface\{FC1F0C2C-8117-427D-816C-215B68524F74}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{FC1F0C2C-8117-427D-816C-215B68524F74}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{FC1F0C2C-8117-427D-816C-215B68524F74}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{FC1F0C2C-8117-427D-816C-215B68524F74}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{FC1F0C2C-8117-427D-816C-215B68524F74}\TypeLib Erhöht
SpyAxe HKCR\Interface\{FC1F0C2C-8117-427D-816C-215B68524F74}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{FC1F0C2C-8117-427D-816C-215B68524F74}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{FD1EEE96-8DC7-478D-BE3B-7D06AC67FB66} Erhöht
SpyAxe HKCR\Interface\{FD1EEE96-8DC7-478D-BE3B-7D06AC67FB66}## Erhöht
SpyAxe HKCR\Interface\{FD1EEE96-8DC7-478D-BE3B-7D06AC67FB66}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{FD1EEE96-8DC7-478D-BE3B-7D06AC67FB66}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{FD1EEE96-8DC7-478D-BE3B-7D06AC67FB66}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{FD1EEE96-8DC7-478D-BE3B-7D06AC67FB66}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{FD1EEE96-8DC7-478D-BE3B-7D06AC67FB66}\TypeLib Erhöht
SpyAxe HKCR\Interface\{FD1EEE96-8DC7-478D-BE3B-7D06AC67FB66}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{FD1EEE96-8DC7-478D-BE3B-7D06AC67FB66}\TypeLib##Version Erhöht
SpyAxe HKCR\Interface\{FD8E5ED7-0091-416F-A55B-1D072D58A24F} Erhöht
SpyAxe HKCR\Interface\{FD8E5ED7-0091-416F-A55B-1D072D58A24F}## Erhöht
SpyAxe HKCR\Interface\{FD8E5ED7-0091-416F-A55B-1D072D58A24F}\ProxyStubClsid Erhöht
SpyAxe HKCR\Interface\{FD8E5ED7-0091-416F-A55B-1D072D58A24F}\ProxyStubClsid## Erhöht
SpyAxe HKCR\Interface\{FD8E5ED7-0091-416F-A55B-1D072D58A24F}\ProxyStubClsid32 Erhöht
SpyAxe HKCR\Interface\{FD8E5ED7-0091-416F-A55B-1D072D58A24F}\ProxyStubClsid32## Erhöht
SpyAxe HKCR\Interface\{FD8E5ED7-0091-416F-A55B-1D072D58A24F}\TypeLib Erhöht
SpyAxe HKCR\Interface\{FD8E5ED7-0091-416F-A55B-1D072D58A24F}\TypeLib## Erhöht
SpyAxe HKCR\Interface\{FD8E5ED7-0091-416F-A55B-1D072D58A24F}\TypeLib##Version Erhöht
Trojan.Agent.DJ HKCR\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} Hoch
Trojan.Agent.DJ HKCR\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}\InProcServer32 Hoch
Trojan.Agent.DJ HKCU\Software\Classes\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} Hoch
Trojan.Agent.DJ HKCU\Software\Classes\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}\InProcServer32 Hoch
Known Bad Sites C:\Dokumente und Einstellungen\home.BERND.000\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AN2B63UV\snovickbb[1].gif Hoch
Advertising C:\Dokumente und Einstellungen\home.BERND.000\Cookies\home@adtech[2].txt Niedrig
Advertising C:\Dokumente und Einstellungen\home.BERND.000\Cookies\home@doubleclick[1].txt Niedrig
Advertising C:\Dokumente und Einstellungen\home.BERND.000\Cookies\home@mediaplex[1].txt Niedrig
Tracking Cookie(s) C:\Dokumente und Einstellungen\home.BERND.000\Cookies\home@microsoftwga.112.2o7[1].txt Mittel

wie werd ich das alles noch los???

bitte um eure hilfe,
danke bernd

Dieser Beitrag wurde am 10.12.2005 um 17:48 Uhr von bernd05 editiert.

10.12.2005, 18:13

Sabina

Ehrenmitglied

Beiträge: 29434

#9 bernd05

Gehe in die Registry
Start-->Ausfuehren--> regedit

HKCU\software\microsoft\windows\currentversion\run\ ##start wingman<--loeschen

HKCR\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}<--loeschen
------------------------------------------------------------------------------

1. Schritt
wende CleanUp an
http://virus-protect.org/cleanup.html

so sollte geleoscht werden:
C:\Dokumente und Einstellungen\home.BERND.000\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AN2B63UV\snovickbb[1].gif

2. Schritt
mit der rechten Maustaste auf den Link klicken und aus dem Auswahlmenü, Ziel speichern unter -> Desktop wählen -> dann erscheint eine mcor.reg auf dem Bildschirm

http://virus-protect.org/reg/mcor.reg

rechtsklick auf den Link --> Ziel speichern unter... --> wähle Desktop - dann erscheint eine spyaxe.reg auf dem Bildschirm.

http://virus-protect.org/reg/spyaxe.reg

starten den PC neu --> in den abgesicherten Modus (F8 druecken, wenn der PC hochfaehrt , waehle abgesicherter Modus, melde dich als Administrator an
und klicke die

mcor.reg
spyaxe.reg

doppelt --> fuege sie mit " ja" oder "yes" der Registry bei

dann scanne mit kaspersky und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

11.12.2005, 15:41

bernd05

...neu hier

Themenstarter

Beiträge: 10

#10 -------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, December 11, 2005 15:27:39
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 11/12/2005
Kaspersky Anti-Virus database records: 154484
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 194310
Number of viruses found: 5
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 10437 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015940.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015948.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015954.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015963.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015966.exe:dtggrq:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015967.INI:nuylla:$DATA Infected: Trojan-Downloader.Win32.Agent.ap
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015969.dll Infected: Trojan-Downloader.Win32.Agent.jb
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP73\A0015978.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP73\A0015992.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP73\A0016014.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{7952E05C-08CD-46CE-A758-528CF3FD9F64}\RP180\A0033143.tlb Infected: Trojan-Downloader.Win32.Zlob.cf
C:\System Volume Information\_restore{7952E05C-08CD-46CE-A758-528CF3FD9F64}\RP180\A0033160.tlb Infected: Trojan-Downloader.Win32.Zlob.cf
C:\System Volume Information\_restore{7952E05C-08CD-46CE-A758-528CF3FD9F64}\RP180\A0033173.tlb Infected: Trojan-Downloader.Win32.Zlob.cf
C:\System Volume Information\_restore{7952E05C-08CD-46CE-A758-528CF3FD9F64}\RP182\A0033272.tlb Infected: Trojan-Downloader.Win32.Zlob.cf
C:\System Volume Information\_restore{7952E05C-08CD-46CE-A758-528CF3FD9F64}\RP183\A0033335.tlb Infected: Trojan-Downloader.Win32.Zlob.cf
C:\System Volume Information\_restore{7952E05C-08CD-46CE-A758-528CF3FD9F64}\RP183\A0033488.tlb Infected: Trojan-Downloader.Win32.Zlob.cf
C:\System Volume Information\_restore{7952E05C-08CD-46CE-A758-528CF3FD9F64}\RP183\A0033492.tlb Infected: Trojan-Downloader.Win32.Zlob.br

Scan process completed.

11.12.2005, 19:45

Sabina

Ehrenmitglied

Beiträge: 29434

#11 bernd05

deaktiviere die Systemwiederherstellung (dann aktiviere sie wieder)
http://virus-protect.org/systemwiederherstellung.html

lade den Firefox und surfe nur noch mit ihm

http://virus-protect.org/firefox.html

ADSSpy.exe --> kopiere hier den scanreport
http://virus-protect.org/artikel/tools/ADSSpy.exe
__________
MfG Sabina

rund um die PC-Sicherheit

12.12.2005, 14:17

bernd05

...neu hier

Themenstarter

Beiträge: 10

#12 ADS:
C:\Dokumente und Einstellungen\home.BERND.000\Desktop\AntiSpyAxe\Cleanup\CleanUp40.exe:Zone.Identifier (26 bytes)
C:\Dokumente und Einstellungen\home.BERND.000\Desktop\AntiSpyAxe\datFind.bat:Zone.Identifier (26 bytes)
C:\Dokumente und Einstellungen\home.BERND.000\Desktop\AntiSpyAxe\mcor.reg:Zone.Identifier (26 bytes)
C:\Dokumente und Einstellungen\home.BERND.000\Desktop\AntiSpyAxe\regsearch.zip:Zone.Identifier (26 bytes)
C:\Dokumente und Einstellungen\home.BERND.000\Desktop\AntiSpyAxe\smitRem.exe:Zone.Identifier (26 bytes)
C:\Dokumente und Einstellungen\home.BERND.000\Desktop\AntiSpyAxe\spyaxe.reg:Zone.Identifier (26 bytes)
C:\Dokumente und Einstellungen\home.BERND.000\Desktop\AntiSpyAxe\TrendMicroAntiSpyware\TMASInstall_DR_UK.exe:Zone.Identifier (26 bytes)
C:\Dokumente und Einstellungen\home.BERND.000\Desktop\moritz\DSC01575[1].jpgm,Moritz_am_11.11.05,2.jpg:Zone.Identifier (26 bytes)
C:\Dokumente und Einstellungen\home.BERND.000\Desktop\moritz\PA290010[1].jpg,Sigrid_m.Moritz.jpg:Zone.Identifier (26 bytes)
C:\Dokumente und Einstellungen\home.BERND.000\Desktop\moritz\PB030023[1].jpg,Moritz_v.d.Nachhausegehen.jpg:Zone.Identifier (26 bytes)
C:\Dokumente und Einstellungen\home.BERND.000\Desktop\temp\iview397.exe:Zone.Identifier (26 bytes)
C:\Dokumente und Einstellungen\home.BERND.000\Eigene Dateinen\Lebenslauf.doc:Zone.Identifier (26 bytes)

Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, December 12, 2005 13:32:10
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 12/12/2005
Kaspersky Anti-Virus database records: 154637
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 182507
Number of viruses found: 3
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 10445 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015940.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015948.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015954.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015963.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015966.exe:dtggrq:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015967.INI:nuylla:$DATA Infected: Trojan-Downloader.Win32.Agent.ap
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015969.dll Infected: Trojan-Downloader.Win32.Agent.jb
C:\System Volume Informatbion\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP73\A0015978.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP73\A0015992.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP73\A0016014.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc

Scan process completed.

12.12.2005, 14:21

Sabina

Ehrenmitglied

Beiträge: 29434

#13 tzzzz, die Systemwiederherstellung sollte doch deaktiviert sein.......

Zitat

deaktiviere die Systemwiederherstellung
http://virus-protect.org/systemwiederherstellung.html

scanne und kopiere aus dem Scanreport nur ab, was mit dem SpyAxe und anderen Viren zu tun hat
http://virus-protect.org/microtrend.html
__________
MfG Sabina

rund um die PC-Sicherheit

12.12.2005, 20:03

bernd05

...neu hier

Themenstarter

Beiträge: 10

#14 -------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, December 12, 2005 19:57:54
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 12/12/2005
Kaspersky Anti-Virus database records: 154813
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 38929
Number of viruses found: 3
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 3127 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015940.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015948.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015954.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015963.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015966.exe:dtggrq:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015967.INI:nuylla:$DATA Infected: Trojan-Downloader.Win32.Agent.ap
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP72\A0015969.dll Infected: Trojan-Downloader.Win32.Agent.jb
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP73\A0015978.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP73\A0015992.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{17B37A95-B81F-43C7-86B3-67ACF57D75D7}\RP73\A0016014.ico:wtxwj:$DATA Infected: Backdoor.Win32.Small.dc

Scan process completed.

Systemwiederherstellung ist DEAKTIVIERT für alle Laufwerke!!

Trend-Micro findet nur mehr 10 sachen im zusammenhang mit edonkey. ;-) (kann da was böses dabei sein?)

bernd

13.12.2005, 00:14

Sabina

Ehrenmitglied

Beiträge: 29434

#15 ich verstehe das nicht...wieso ist die Systemwiederherstellung deaktiviert und Kaspersky zeigt genau diese als noch aktiv an.....

edonkey ist nicht sooooo boese.... nun ja

__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2