Home » Viren, Trojaner & Malware Forum » WORM/Eyeveg.m.5.A und WORM/Alcra.B » Themenansicht

WORM/Eyeveg.m.5.A und WORM/Alcra.B
#0
18.12.2005, 19:20
Eva87
...neu hier

Beiträge: 3
#1 Hallo.

Vor ein paar Tagen hat mein antivir mir diese beiden würmer angezeigt.
Da ich mich nicht wirklich mit dieser Seite des PC Wesens auskenne, wäre die schlechteste möglichkeit formatieren.
Gibt es noch eine möglichkeit diese würmer manuell zu löschen?
Ich habe mir dieses Hijackthis runtergeladen und folgendes ergebnis bekommen:

Logfile of HijackThis v1.99.1
Scan saved at 19:12:56, on 18.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\Sonique\sqstart.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programme\Sonique\Sonique.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Besitzer\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Programme\Sonique\sqstart.exe -nostick
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100352607390
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bonjour Dienst (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Seitenanfang Seitenende
19.12.2005, 12:48
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2

Zitat

Ich wollte nur wissen ob Sie mir generell helfen können und wie lange das ungefähr dauernd wird. Also ob ich eine Antwort bekomme.
Das Problem ist nämlich das ich meinen Internetanschluss, PC die nächste Zeit intensiv brauche, um eine Facharbeit zu schreiben.
Fuer jemanden, der den PC zum Arbeiten benoetigt, kann ich nicht verstehen, wie man P2P benutzt....und sich damit das System verseucht

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

PC neustarten

deinstalliere/loesche:
C:\Programme\Gemeinsame Dateien\GMT
C:\WINDOWS\System32\P2P Networking
C:\Programme\Common files\SearchUpgrader

scvhost.exe<---suche/loesche

Killbox
Anleitung: (bebildert)
http://virus-protect.org/killbox.html
Delete File on Reboot -- anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll
C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe
C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil
C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe
C:\Windows\System32\cmd.com
C:\Windows\System32\bszip.dll
C:\Windows\System32\netstat.com
C:\Windows\System32\ping.com
C:\Windows\System32\regedit.com
C:\Windows\System32\taskkill.com
C:\Windows\System32\tasklist.com
C:\Windows\System32\tracert.com
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe

PC neustarten

scanne mit Ewido - Virenscanner http://virus-protect.org/ewido.html

scanne mit escan und kopiere den scanreport
http://virus-protect.org/escan.html
--------------------------------------------------------------------------

Zitat

BDS/Agent AY - AdWare.GAIN
http://virus-protect.org/artikel/spyware/gain.html

Win32.Rbot.DPL
Win32.Rbot.DPL is an IRC controlled backdoor (or "bot") that can be used to gain unauthorized access to a victim's machine. It can also exhibit worm-like functionality by exploiting weak passwords on administrative shares and by exploiting many different software vulnerabilities, as well as backdoors created by other malware. There are many variants of Rbot, and more are discovered regularly. Rbot is highly configurable, and is being very actively developed, however the core functionality is quite consistent between variants.
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=47229

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.12.2005, 16:03
Eva87
...neu hier

Themenstarter

Beiträge: 3
#3 deinstalliere/loesche:
C:\Programme\Gemeinsame Dateien\GMT
C:\WINDOWS\System32\P2P Networking
C:\Programme\Common files\SearchUpgrader

Hierbei konnte ich alles löschen, bis auf GMT. unter dem vorgegebenen Pfad habe ich nichts gefunden, bin dann unter SUCHE gegangen und habe da eininge dateien gefunden mit der bezeichnung GMT, aber da es so viele waren, ca 20 wusste ich nciht welche davon ich nun löschen sollte und welche nicht. da waren welche mit nur der Bezeichnung GMT und welche wo dann noch zahlen hinter standen.

So und bei dem letzten, das hab ich dann trotzdem alles mal gemacht, bei dem escan check das habe ich alles so befolgt und dann kommt, "update fehlgeschlagen KAVUpd.exe nicht vorhanden.
Dieser Beitrag wurde am 19.12.2005 um 16:52 Uhr von Eva87 editiert.
Seitenanfang Seitenende
20.12.2005, 02:14
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 loesche den kompletten Ordner:
C:\Programme\Gemeinsame Dateien\GMT<---nur die GMT unter diesem spezifischen Pfad loeschen

scanne mit kaspersky und kopiere hier den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.12.2005, 15:06
Eva87
...neu hier

Themenstarter

Beiträge: 3
#5

Zitat

Sabina postete
loesche den kompletten Ordner:
C:\Programme\Gemeinsame Dateien\GMT<---nur die GMT unter diesem spezifischen Pfad loeschen

tut mir echt leid, aber diesen ordner hab ich immer noch nicht. wenn ich unter c, programme, gemeinsame dateien gehe, ist da nichts mit GMT
Seitenanfang Seitenende
21.12.2005, 15:57
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 scanne mit kaspersky und kopiere hier den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.12.2005, 18:31
mieze33
...neu hier

Beiträge: 1
#7 hallo,
leider habe auch ich mir den wurm alcra auf meinem notebook geholt... mein antivir hat es entdeckt. kenne mich leider wenig mit würmern/ viren etc. aus. kann mir jemand helfen? habe schon versucht mehrere scanner anzuwenden, aber leider kein ergebnis.

vielen dank für die hilfe im voraus!!!

hijack ergibt:

Logfile of HijackThis v1.99.1
Scan saved at 18:16:21, on 21.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\WINDOWS\ATKKBService.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\ASUS\ASUS Live Update\ALU.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
C:\Programme\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Programme\ASUS\WLAN Card Utilities\Center.exe
C:\Programme\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe
C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
c:\programme\softwin\bitdefender8\bdmcon.exe
C:\Programme\Opera\Opera.exe
C:\DOKUME~1\Silke\LOKALE~1\Temp\Temporäres Verzeichnis 4 für hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Control Center] C:\Programme\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programme\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: spmgr - Unknown owner - C:\Programme\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


______________________________________________
ANTIVIR hat folgendes ergeben:


[FUND!] Enthält Signatur des Wurmes WORM/Alcra.B
Windows XP Generic Activator and Tweaker, For.zip
ArchiveType: ZIP
Seitenanfang Seitenende
21.12.2005, 20:58
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 mieze33

Loesche: mit der Killbox http://virus-protect.org/killbox.html

C:\Windows\System32\cmd.com
C:\Windows\System32\bszip.dll
C:\Windows\System32\netstat.com
C:\Windows\System32\ping.com
C:\Windows\System32\regedit.com
C:\Windows\System32\taskkill.com
C:\Windows\System32\tasklist.com
C:\Windows\System32\tracert.com

scanne mit Ewido - Virenscanner http://virus-protect.org/ewido.html
----------------------------------------------------------------------
http://virus-protect.org/artikel/spyware/alcrab.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.12.2005, 17:51
DaKilla
...neu hier

Beiträge: 5
#9 Hallo!!
Ich habe auch ein großes viren problem programme öffnen sich von selbst was muss ich hier entfernen??


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\ICQLite\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\winupdates\winupdates.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\programme\steam\steam.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWIN.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\PC Keller\Desktop\hijackthis\HijackThis.exe

O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll (file missing)
O2 - BHO: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08394F7D-F7F8-E9AF-3923-FB5445774158} - C:\DOKUME~1\PCKELL~1\ANWEND~1\TOOLID~1\flap grid.exe
O2 - BHO: SuperBar - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Programme\SUPERBAR\SUPERBAR.dll (file missing)
O2 - BHO: (no name) - {2B599CB7-BB14-45B2-8CCA-0D8D1893DE82} - C:\WINDOWS\System32\nkbdhu1.dll (file missing)
O2 - BHO: Advertiser Class - {53D3C442-8FEE-4784-9A21-6297D39613F0} - C:\WINDOWS\System32\Winad2.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem218.dll (file missing)
O2 - BHO: BHObj Class - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem218.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Programme\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Programme\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Dokumente und Einstellungen\PC Keller\Desktop\Winamp\winampa.exe
O4 - HKLM\..\Run: [film slow creative plus] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Clock Spam Film Slow\Mpeg love.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [insideonce] C:\DOKUME~1\PCKELL~1\ANWEND~1\TRANSP~1\activeheartmail.exe
O4 - HKCU\..\Run: [ares] "C:\Programme\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Ebates - file://C:\Programme\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Web Savings - file://C:\Programme\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Programme\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.oem.de
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {52290B25-D07A-43B5-84D8-493116D50FA0} - http://webinstall.tscash.com/webinstall.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: bw+0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
Seitenanfang Seitenende
23.12.2005, 18:58
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 Hallo@DaKilla

Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll (file missing)
O2 - BHO: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: (no name) - {08394F7D-F7F8-E9AF-3923-FB5445774158} - C:\DOKUME~1\PCKELL~1\ANWEND~1\TOOLID~1\flap grid.exe
O2 - BHO: SuperBar - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Programme\SUPERBAR\SUPERBAR.dll (file missing)
O2 - BHO: (no name) - {2B599CB7-BB14-45B2-8CCA-0D8D1893DE82} - C:\WINDOWS\System32\nkbdhu1.dll (file missing)
O2 - BHO: Advertiser Class - {53D3C442-8FEE-4784-9A21-6297D39613F0} - C:\WINDOWS\System32\Winad2.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem218.dll (file missing)
O2 - BHO: BHObj Class - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem218.dll (file missing)

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp "C:\Programme\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Programme\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [film slow creative plus] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Clock Spam Film Slow\Mpeg love.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [insideonce] C:\DOKUME~1\PCKELL~1\ANWEND~1\TRANSP~1\activeheartmail.exe
O4 - HKCU\..\Run: [ares] "C:\Programme\Ares\Ares.exe" -h
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Ebates - file://C:\Programme\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O8 - Extra context menu item: Web Savings - file://C:\Programme\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Programme\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {52290B25-D07A-43B5-84D8-493116D50FA0} - http://webinstall.tscash.com/webinstall.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab

O18 - Protocol: bw+0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E70194C1-E201-4ED2-B19C-B1A63F86171B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

PC neustarten--> in den abgesicherten Modus (F8 druecken, wenn der pC hochfaehrt)

loesche:
C:\Programme\winupdates\winupdates.exe
C:\Programme\EbatesMoeMoneyMaker
C:\Programme\WebSavingsfromEbates
C:\Programme\SUPERBAR

Program Files\Srng\Srng.exe

C:\WINDOWS\satmat.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Clock Spam Film Slow
C:\Dokumente und Einstellungen\PCKELL~1\Anwendungsdaten\TOOLID...
C:\Dokumente und Einstellungen\PCKELL~1\Anwendungsdaten\TRANSP...

Loesche: mit der Killbox
http://virus-protect.org/killbox.html

C:\Windows\System32\cmd.com
C:\Windows\System32\bszip.dll
C:\Windows\System32\netstat.com
C:\Windows\System32\ping.com
C:\Windows\System32\regedit.com
C:\Windows\System32\taskkill.com
C:\Windows\System32\tasklist.com
C:\Windows\System32\tracert.com

stelle den Cleaner genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

scanne mit ewido
http://virus-protect.org/ewido.html

Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:


Zitat

dir %Windir%\tasks /a h > files.txt
notepad files.txt
- Speichern als: findjobs.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.12.2005, 15:00
DaKilla
...neu hier

Beiträge: 5
#11 Soo das isst dabei raus gekommen:
Datentr„ger in Laufwerk C: ist C
Volumeseriennummer: A43E-F799

Verzeichnis von C:\WINDOWS\tasks

28.11.2005 17:15 <DIR> .
28.11.2005 17:15 <DIR> ..
23.12.2005 17:15 404 1-Klick-Wartung.job
29.08.2002 13:00 65 desktop.ini
25.12.2005 13:00 278 EEC69C8B9E7908AF.job
27.03.2004 19:42 342 FRU Task #Hewlett-Packard#hp psc 2100 series#1070994843.job
25.12.2005 14:54 6 SA.DAT
25.03.2005 00:03 356 Symantec NetDetect.job
6 Datei(en) 1.451 Bytes

Verzeichnis von C:\Dokumente und Einstellungen\PC Keller\Desktop
Seitenanfang Seitenende
25.12.2005, 15:46
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 DaKilla

Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:

Zitat

%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h EEC69C8B9E7908AF.job
del EEC69C8B9E7908AF.job
- Speichern als: remjob.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate remjob.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich kurz ist normal

scanne mit Panda und kopiere hier den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.12.2005, 18:54
DaKilla
...neu hier

Beiträge: 5
#13 So hat ca. 2 stunden gedauert aber hier sind die Ergebnisse!!




Adware:adware/webhancer Not desinfected C:\WINDOWS\LASTGOOD\webhdll.dll
Adware:adware/clickalchemy Not desinfected C:\WINDOWS\INF\alchem.inf
Spyware:spyware/betterinet Not desinfected C:\WINDOWS\INF\satmat.inf
Adware:adware/twain-tech Not desinfected C:\WINDOWS\INF\twaintec.inf
Adware:adware/gator Not desinfected C:\WINDOWS\GatorPatch.log
Spyware:application/bestoffer Not desinfected C:\WINDOWS\smdat32a.sys
Adware:adware/powerscan Not desinfected C:\Dokumente und Einstellungen\PC Keller\Startmen\Programme\Power Scan
Adware:adware/whenusearch Not desinfected C:\PROGRAMME\GEMEINSAME DATEIEN\WhenU
Adware:adware/wintools Not desinfected C:\PROGRAMME\GEMEINSAME DATEIEN\WinTools
Adware:adware/superbar Not desinfected C:\SuperBar Files
Adware:adware/exact.bullseye Not desinfected C:\PROGRAMME\BullsEye Network
Adware:adware/ist.istbar Not desinfected C:\PROGRAMME\ISTbar
Adware:adware/ncase Not desinfected C:\PROGRAMME\n-CASE
Adware:adware/exact.navisearchNot desinfected C:\PROGRAMME\NaviSearch
Spyware:spyware/shopnav Not desinfected C:\PROGRAMME\Srng
Adware:adware/toprebates Not desinfected C:\PROGRAMME\WebRebates
Adware:adware/dyfuca Not desinfected Windows Registry
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\# BitDefender Professional Plus 9.09.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\14 Autodesk AutoCAD 2006 Products.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\240 Nature desktops.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\30 Flash Templates.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\71 Premium XP Wallpapers (Brand new Se.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Absolute Video to Audio Converter 2.6.5.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Adware Away 2.2.86.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Age of Empires III.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\All Sound Recorder XP 2.18.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Amigo Easy Video Converter 4.2.12.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Audio Edit Magic 7.5.9.675.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\BalloNrain 1.0d.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Black and White 2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Britney Spears - Someday I Will Unders.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Broken Sword 3 - Sleeping Dragonbroke.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Championship Manager 2005.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Codecs pack AIO 4 In 1.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Conflict Global Terror.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Crime Life Gang Wars.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Database Convert 3.3.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\DivX 6.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Download Accelerator Plus 7.4.0.2 + WO.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Duke Nukem Manhattan Project.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Elektra(2005).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Eudora 7.0.1.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Eurotrip (2004).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\FirmTools AlbumCreator 3.4.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Flash Web Design The Art Of Motion G.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Games and more.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Harry Potter and the Goblet of Fire.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Heroes of the Pacific.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\How to Make Anyone Fall in Love with Y.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Invision Power Board 2.1.3.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Jarhead (2005).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Java Programming with Oracle JDBC.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\jv16 PowerTools 2005 1.5.0.278.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Kasparov Chessmate 3D.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\King Kong (2005).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Macromedia Studio 8.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Madonna - Confessions On A Dance Floor.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Mathematically Beautiful Screen Savers.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Matrix Path of Neo.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\MixMeister Pro 6.1.3.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Modern Desktop 1.1.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\MP3 Karaoke Collection - Part 2 (2Gb).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\MSN Messenger 8.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Native Instruments Traktor DJ Studio 3.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\No1 Video Converter 3.9.6.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Norton Ghost 10.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Norton SystemWorks 2006.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Norton Utilities 2006 + Ghost 10 Tool Pack.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Outpost Firewall Pro 3.0.557.5918.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\PC Magazine - December 27 2005.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\PHP Ades Guestbook 2.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Pragma 4.00.0043.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Project IGI.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Quake 4 CLONECD.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Quake 4.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Registry Help Pro 1.15.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Search and Replace 5.3.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Sony Sound Forge Audio Studio 8.0a.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Steganos Security Suite.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Steinberg Cubase SX 3.1.1.944.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Street Fighter Alpha Zero 2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Style XP 3.14.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Super Norton System Works 2006 AIO.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Symbian S60 Games - King Kong.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Symbian S60 Prince of Persia The Two Thrones.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\System Software Collection.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\The Chronicles Of Narnia.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Theme Hospital (Game).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Top 8 Games.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Train Driver.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Trendy Flash Site Builder.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Ulead VideoStudio 9.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Voice Over MPLS Planning and Design Ne.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Watermill 3D Screensaver 2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Winamp 5.1.1 Pro.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Windows Geniune Advantage Validation T.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Complete\Your Uninstaller! 2006 Pro 5.0.0.203.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Dokumente und Einstellungen\PC Keller\Shared\Ahead Nero 7 Ultra.zip[Setup.exe]
Adware:Adware/WebHancer Not desinfected C:\Program Files\webHancer\Programs\whSurvey.exe
Adware:Adware/Transponder Not desinfected C:\Programme\AVPersonal\INFECTED\clfxqytc.VIR
Virus:W32/Alcan.A.worm Disinfected C:\Programme\AVPersonal\INFECTED\winupdates.VIR
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\# BitDefender Professional Plus 9.09.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\14 Autodesk AutoCAD 2006 Products.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\240 Nature desktops.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\30 Flash Templates.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\71 Premium XP Wallpapers (Brand new Se.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Absolute Video to Audio Converter 2.6.5.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Adware Away 2.2.86.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Age of Empires III.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\All Sound Recorder XP 2.18.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Amigo Easy Video Converter 4.2.12.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Audio Edit Magic 7.5.9.675.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\BalloNrain 1.0d.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Black and White 2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Britney Spears - Someday I Will Unders.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Broken Sword 3 - Sleeping Dragonbroke.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Championship Manager 2005.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Codecs pack AIO 4 In 1.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Conflict Global Terror.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Crime Life Gang Wars.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Database Convert 3.3.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\DivX 6.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Download Accelerator Plus 7.4.0.2 + WO.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Duke Nukem Manhattan Project.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Elektra(2005).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Eudora 7.0.1.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Eurotrip (2004).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\FirmTools AlbumCreator 3.4.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Flash Web Design The Art Of Motion G.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Games and more.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Harry Potter and the Goblet of Fire.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Heroes of the Pacific.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\How to Make Anyone Fall in Love with Y.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Invision Power Board 2.1.3.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Jarhead (2005).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Java Programming with Oracle JDBC.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\jv16 PowerTools 2005 1.5.0.278.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Kasparov Chessmate 3D.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\King Kong (2005).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Macromedia Studio 8.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Madonna - Confessions On A Dance Floor.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Mathematically Beautiful Screen Savers.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Matrix Path of Neo.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\MixMeister Pro 6.1.3.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Modern Desktop 1.1.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\MP3 Karaoke Collection - Part 2 (2Gb).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\MSN Messenger 8.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Native Instruments Traktor DJ Studio 3.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\No1 Video Converter 3.9.6.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Norton Ghost 10.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Norton SystemWorks 2006.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Norton Utilities 2006 + Ghost 10 Tool Pack.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Outpost Firewall Pro 3.0.557.5918.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\PC Magazine - December 27 2005.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\PHP Ades Guestbook 2.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Pragma 4.00.0043.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Project IGI.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Quake 4 CLONECD.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Quake 4.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Registry Help Pro 1.15.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Search and Replace 5.3.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Sony Sound Forge Audio Studio 8.0a.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Steganos Security Suite.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Steinberg Cubase SX 3.1.1.944.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Street Fighter Alpha Zero 2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Style XP 3.14.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Super Norton System Works 2006 AIO.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Symbian S60 Games - King Kong.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Symbian S60 Prince of Persia The Two Thrones.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\System Software Collection.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\The Chronicles Of Narnia.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Theme Hospital (Game).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Top 8 Games.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Train Driver.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Trendy Flash Site Builder.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Ulead VideoStudio 9.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Voice Over MPLS Planning and Design Ne.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Watermill 3D Screensaver 2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Winamp 5.1.1 Pro.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Windows Geniune Advantage Validation T.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Programme\eMule\Incoming\Your Uninstaller! 2006 Pro 5.0.0.203.zip[Setup.exe]
Adware:Adware/WinTools Not desinfected C:\Programme\Gemeinsame Dateien\WinTools\WToolsD.cfg
Adware:Adware/IST.ISTBar Not desinfected C:\Programme\ISTbar\xml_adultbar.php
Adware:Adware/nCase Not desinfected C:\Programme\n-CASE\ncmyb.dll
Adware:Adware/Lop Not desinfected C:\Programme\NetPumper\ZM\minime.exe
Spyware:Spyware/ShopNav Not desinfected C:\Programme\Srng\Srng.exe
Spyware:Spyware/ShopNav Not desinfected C:\Programme\Srng\SrngHelper.exe
Adware:Adware/IPInsight Not desinfected C:\WINDOWS\inf\alchem.inf
Spyware:Spyware/BetterInet Not desinfected C:\WINDOWS\inf\satmat.inf
Adware:Adware/Twain-Tech Not desinfected C:\WINDOWS\inf\twaintec.inf
Adware:Adware/WebHancer Not desinfected C:\WINDOWS\LastGood\webhdll.dll
Adware:Adware/WebHancer Not desinfected C:\WINDOWS\LastGood\whAgent.inf
Adware:Adware/AdsInContext Not desinfected C:\WINDOWS\system32\catsrjv.dll
Adware:Adware/WebHancer Not desinfected C:\WINDOWS\whAgent.inf
Seitenanfang Seitenende
25.12.2005, 19:15
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 DaKilla

wie kann man sich nur den PC so vollmuellen !!!!

deinstalliere/loesche:
C:\Programme\Gemeinsame Dateien\WinTools
C:\Programme\ISTbar
C:\Programme\n-CASE
C:\Programme\NetPumper
C:\Programme\Srng
C:\PROGRAMME\BullsEye Network
C:\PROGRAMME\NaviSearch

Loesche:
C:\Program Files\webHancer
C:\WINDOWS\inf
C:\WINDOWS\LastGood\whAgent.inf
C:\WINDOWS\system32\catsrjv.dll
C:\WINDOWS\whAgent.inf
C:\SuperBar Files
C:\WINDOWS\GatorPatch.log
C:\WINDOWS\smdat32a.sys
C:\Dokumente und Einstellungen\PC Keller\Startmen\Programme\Power Scan
C:\PROGRAMME\GEMEINSAME DATEIEN\WhenU

scanne mit AdAware
http://virus-protect.org/adaware.html

dann scanne noch mal mit panda
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.12.2005, 23:35
DaKilla
...neu hier

Beiträge: 5
#15 Ich weiß ich nerve aber ich hab immer noch ein bisschen spyware wenn du mir jetzt nochn bisschen hilfst nerv ich dich nicht mehr!!^^ bis jetzt schon mal danke du kennst dich ganz schön aus!!


Adware:adware/webhancer Not desinfected C:\WINDOWS\LASTGOOD\whInstaller.exe
Adware:adware/clickalchemy Not desinfected C:\WINDOWS\INF\alchem.inf
Spyware:spyware/betterinet Not desinfected C:\WINDOWS\INF\satmat.inf
Adware:adware/gator Not desinfected C:\WINDOWS\GatorPdpSetup.log
Adware:adware/powerscan Not desinfected C:\PROGRAMME\Power Scan
Adware:adware/superbar Not desinfected Windows Registry
Adware:Adware/WebHancer Not desinfected C:\RECYCLER\S-1-5-21-3680937479-1333793253-2975219331-1005\Dc14.inf
Adware:Adware/WebHancer Not desinfected C:\RECYCLER\S-1-5-21-3680937479-1333793253-2975219331-1005\Dc16.inf
Adware:Adware/IST.ISTBar Not desinfected C:\RECYCLER\S-1-5-21-3680937479-1333793253-2975219331-1005\Dc5\xml_adultbar.php
Adware:Adware/Lop Not desinfected C:\RECYCLER\S-1-5-21-3680937479-1333793253-2975219331-1005\Dc7\ZM\minime.exe
Adware:Adware/IPInsight Not desinfected C:\WINDOWS\inf\alchem.inf
Spyware:Spyware/BetterInet Not desinfected C:\WINDOWS\inf\satmat.inf
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12