malware, virus...??? |
||
---|---|---|
#0
| ||
27.01.2006, 14:15
Member
Beiträge: 25 |
#1
ich denke ich habe viren oder sowas mein pc is etwas langsamer als sonst un ständig öfnen sich solche fenster mit werbung...
|
|
|
||
27.01.2006, 15:35
Ehrenmitglied
Beiträge: 29434 |
#2
und ...was soll ich mit diesem Hilferuf anfangen???
Glaskugel an: Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" Glaskugel aus __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.01.2006, 17:02
Member
Themenstarter Beiträge: 25 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 17:01:13, on 27.01.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\programme\steam\steam.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Xfire\Xfire.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\Programme\Winamp\winamp.exe C:\Programme\Teamspeak2_RC2\TeamSpeak.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Manuel\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Programme\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Programme\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe" O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFixer2005ScannerInstallDE.cab O18 - Protocol: bw+0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe hier is es |
|
|
||
27.01.2006, 18:34
Ehrenmitglied
Beiträge: 29434 |
#4
Meverick
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum http://www.virustotal.com/flash/index_en.html C:\WINDOWS\System32\sw20.exe C:\WINDOWS\System32\sw24.exe ------------------------------------------------------------------------ Registry Search Tool http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip eventuelle Meldung vom Virenscanner --- > warnmeldung:bösartiges skript entdeckt --> ignorieren Doppelklick:regsrch.vbs reinkopieren: {F919FBD3-A96B-4679-AF26-F551439BB5FD} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) Doppelklick:regsrch.vbs reinkopieren: WhenUSave Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) Doppelklick:regsrch.vbs reinkopieren: WinFixer2005 Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.01.2006, 20:44
Member
Themenstarter Beiträge: 25 |
#5
REGEDIT4
; RegSrch.vbs © Bill James ; Registry search results for string "{F919FBD3-A96B-4679-AF26-F551439BB5FD}" 27.01.2006 20:42:25 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F919FBD3-A96B-4679-AF26-F551439BB5FD}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F919FBD3-A96B-4679-AF26-F551439BB5FD}\AvailableVersion] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F919FBD3-A96B-4679-AF26-F551439BB5FD}\DownloadInformation] ___________________________________________________________________ REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "WhenUSave" 27.01.2006 20:43:25 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg] [HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave] [HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners] [HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\EEPE] [HKEY_USERS\S-1-5-21-1708537768-1482476501-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run] "WhenUSave"="\"C:\\Programme\\Save\\Save.exe\"" ___________________________________________________________________ REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "WinFixer2005" 27.01.2006 20:44:13 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F919FBD3-A96B-4679-AF26-F551439BB5FD}\DownloadInformation] "CODEBASE"="http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFixer2005ScannerInstallDE.cab" hier ist alles hoffe ich habe alles richtig |
|
|
||
28.01.2006, 00:30
Ehrenmitglied
Beiträge: 29434 |
#6
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html C:\WINDOWS\System32\sw20.exe C:\WINDOWS\System32\sw24.exe __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.01.2006, 16:45
Member
Themenstarter Beiträge: 25 |
#7
This is a report processed by VirusTotal on 01/28/2006 at 16:43:00 (CET) after scanning the file "sw20.exe" file.
Antivirus Version Update Result AntiVir 6.33.0.81 01.28.2006 no virus found Avast 4.6.695.0 01.27.2006 no virus found AVG 718 01.27.2006 no virus found Avira 6.33.0.81 01.27.2006 no virus found BitDefender 7.2 01.28.2006 no virus found CAT-QuickHeal 8.00 01.27.2006 no virus found ClamAV devel-20051123 01.28.2006 no virus found DrWeb 4.33 01.28.2006 no virus found eTrust-InoculateIT 23.71.62 01.28.2006 no virus found eTrust-Vet 12.4.2058 01.27.2006 no virus found Ewido 3.5 01.28.2006 no virus found Fortinet 2.54.0.0 01.28.2006 no virus found F-Prot 3.16c 01.28.2006 no virus found Ikarus 0.2.59.0 01.27.2006 no virus found Kaspersky 4.0.2.24 01.28.2006 no virus found McAfee 4684 01.27.2006 no virus found NOD32v2 1.1385 01.28.2006 no virus found Norman 5.70.10 01.27.2006 no virus found Panda 9.0.0.4 01.28.2006 no virus found Sophos 4.02.0 01.28.2006 no virus found Symantec 8.0 01.28.2006 no virus found TheHacker 5.9.3.082 01.27.2006 no virus found UNA 1.83 01.27.2006 no virus found VBA32 3.10.5 01.28.2006 no virus found ____________________________________________________________ his is a report processed by VirusTotal on 01/28/2006 at 16:46:25 (CET) after scanning the file "sw24.exe" file. Antivirus Version Update Result AntiVir 6.33.0.81 01.28.2006 no virus found Avast 4.6.695.0 01.27.2006 no virus found AVG 718 01.27.2006 no virus found Avira 6.33.0.81 01.27.2006 no virus found BitDefender 7.2 01.28.2006 no virus found CAT-QuickHeal 8.00 01.27.2006 no virus found ClamAV devel-20051123 01.28.2006 no virus found DrWeb 4.33 01.28.2006 no virus found eTrust-InoculateIT 23.71.62 01.28.2006 no virus found eTrust-Vet 12.4.2058 01.27.2006 no virus found Ewido 3.5 01.28.2006 no virus found Fortinet 2.54.0.0 01.28.2006 no virus found F-Prot 3.16c 01.28.2006 no virus found Ikarus 0.2.59.0 01.27.2006 no virus found Kaspersky 4.0.2.24 01.28.2006 no virus found McAfee 4684 01.27.2006 no virus found NOD32v2 1.1385 01.28.2006 no virus found Norman 5.70.10 01.27.2006 no virus found Panda 9.0.0.4 01.28.2006 no virus found Sophos 4.02.0 01.28.2006 no virus found Symantec 8.0 01.28.2006 no virus found TheHacker 5.9.3.082 01.27.2006 no virus found UNA 1.83 01.27.2006 no virus found VBA32 3.10.5 01.28.2006 no virus found |
|
|
||
28.01.2006, 17:31
Ehrenmitglied
Beiträge: 29434 |
#8
Meverick
Gehe in die Registry Start-->Ausfuehren--> regedit bearbeiten--> suchen--> WhenUSave [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg]<--loeschen [HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave]<--loeschen bearbeiten--> suchen--> {F919FBD3-A96B-4679-AF26-F551439BB5FD} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F919FBD3-A96B-4679-AF26-F551439BB5FD}---> loeschen --------------------------------------------------------------------------------------- öffne das HijackThis -- Button "scan" -- vor die Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Programme\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Programme\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe" O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFixer2005ScannerInstallDE.cab O18 - Protocol: bw+0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {F75DFC6D-DA93-4800-BD2D-17984CC01846} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll pc neustarten deinstallieren: WhenUSave BitComet Toolbar loeschen: C:\Programme\Save stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.01.2006, 20:02
Member
Themenstarter Beiträge: 25 |
#9
Spyware Scan Details
Start Date: 29.01.2006 05:14:06 End Date: 29.01.2006 05:40:00 Total Time: 25 mins 54 secs Detected spyware BearShare P2P more information... Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs. Status: Deleted Infected files detected c:\programme\bearshare\bearshare.dat c:\programme\bearshare\bearshare.exe c:\programme\bearshare\bsidle.dll c:\programme\bearshare\freepeers.ini c:\programme\bearshare\history.txt c:\programme\bearshare\install.log c:\programme\bearshare\runmsc.dll c:\programme\bearshare\unwise.exe c:\programme\bearshare\unwise.ini c:\programme\bearshare\webstats.bat c:\programme\bearshare\webstats.exe c:\programme\bearshare\webstats.ini c:\programme\bearshare\db\config.bin c:\programme\bearshare\db\connect.txt c:\programme\bearshare\db\gwebcache.dat c:\programme\bearshare\db\hostiles-chat.txt c:\programme\bearshare\db\hostiles.txt c:\programme\bearshare\db\library.2.db c:\programme\bearshare\db\library.db c:\programme\bearshare\db\searches.ini c:\programme\bearshare\installer\bsinstallde.exe c:\programme\bearshare\logs\hosts-state.txt c:\programme\bearshare\logs\memory.txt c:\programme\bearshare\logs\ordinal.txt c:\programme\bearshare\logs\streams.txt c:\programme\bearshare\sounds\notify.wav Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class HKEY_CLASSES_ROOT\gnufile HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1" HKEY_CLASSES_ROOT\gnufile gnutella HKEY_CLASSES_ROOT\gnufile BrowserFlags 8 HKEY_CLASSES_ROOT\gnufile EditFlags 65536 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_CURRENT_USER\appevents\schemes\apps\bearshare HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare HKEY_LOCAL_MACHINE\software\bearshare HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare HKEY_LOCAL_MACHINE\software\classes\gnufile HKEY_LOCAL_MACHINE\software\classes\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1" HKEY_LOCAL_MACHINE\software\classes\gnufile gnutella HKEY_LOCAL_MACHINE\software\classes\gnufile BrowserFlags 8 HKEY_LOCAL_MACHINE\software\classes\gnufile EditFlags 65536 HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.2.0.4DE HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.de/Help/index.htm HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc. HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128 HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_USERS\.default\appevents\schemes\apps\bearshare HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare BearShare WhenU.SaveNow Adware more information... Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior. Status: Deleted Infected files detected C:\Programme\BearShare\RunMSC.dll C:\Programme\BearShare\Webstats.exe C:\Programme\BearShare\Webstats.ini Infected registry entries detected HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver RunMSC.Loader.1 HKEY_LOCAL_MACHINE\software\classes\wusn.1 HKEY_LOCAL_MACHINE\software\classes\wusn.1 WUSN_Id HKEY_LOCAL_MACHINE\software\whenusave HKEY_LOCAL_MACHINE\software\whenusave TotalPopup ;;;;;;;;1;1;1 HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader HKEY_CLASSES_ROOT\wusn.1 HKEY_CLASSES_ROOT\wusn.1 WUSN_Id HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class HKEY_CLASSES_ROOT\ACM.ACMFactory HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class HKEY_CLASSES_ROOT\ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1 HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\ HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM HKEY_CLASSES_ROOT\AppID\ACM.DLL HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} WhenU.WhenUSearch Low Risk Adware more information... Details: a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\WUSN.1 HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id SearchNugget Browser Plug-in more information... Details: SearchNugget is a Browser Helper Object that displays a toolbar in Internet Explorer as well as a button and changes the Internet Explorer home page. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1 ACMFactory Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library Zedo Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\manuel\cookies\manuel@zedo[1].txt |
|
|
||
29.01.2006, 20:14
Ehrenmitglied
Beiträge: 29434 |
#10
nun kopiere noch den Rest...oder war das alles ? + das neue Log vom HijackThis
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||