smss.exe /w + nvsvcd.exe und mein System spielt verrueckt!

Thema ist geschlossen!
Thema ist geschlossen!
#0
22.02.2006, 07:48
...neu hier

Beiträge: 8
#1 Und da dachte ich immer mit Norton Antivirus bin ich sicher! Pah! Konnte mir natuerlich auch nich helfen, wenn ich einfach eine unbekannte .exe-Datei ausfuehre die ich wo runtergeladen habe. Ich weiss, so ziemlich das duemmste was man machen kann.
Der Prozess hat Norton Antivirus deaktiviert (Auto-Protect laesst sich nich mehr reaktivieren), dann gabs ein paar hundert lustige Pop-Up Fenster bis ich meinen PC runterfuhr und jetzt sitzt smss.exe im System fest. Hab ein bissel gegooglet und allerlei unangenehmes gehoert, auch darueber wie schwieirg es ist diesen Trojaner wieder loszuwerden (was mir jetzt schon die Nackenhaare straueben laesst). Also bevor ich irgendwas auf eigene Faust unternehme, koennte ich doch ein wenig prof. Hilfe gebrauchen.

Vielen Dank fuer alles kommende. Ich lass den Computer an, und fasse nix an bevor ein Antwort kommt. :-)

Alex
Seitenanfang Seitenende
22.02.2006, 10:53
Member

Beiträge: 239
#2 Hallo, lade dir das Tool AdAware und Spybot und scan damit
deinen PC. Vor dem Start aber unbedingt das update von AdAware und Spybot laden.
Danach lade dir HijackThis, stelle es in einen seperaten Ordner und starte
das Programm. Die dabei erzeugte Logfile bitte speichern und hier posten.

Gruß
Rolfs
Seitenanfang Seitenende
22.02.2006, 11:49
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#3 AlexW

ich schaue es mir mal an:


stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html


Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html


http://virus-protect.org/hjtkurz.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.02.2006, 23:27
...neu hier

Themenstarter

Beiträge: 8
#4 Volume in drive C has no label.
Volume Seri*hier nicht!* Number is C4FC-77D4

Directory of C:\WINDOWS\system32

02/22/2006 04:16 PM 11,264 netf.dll
02/21/2006 11:53 PM 2,328 OODBS.lor
02/21/2006 11:50 PM 45,056 nvsvcd.exe
02/20/2006 01:20 AM 1,158 wpa.dbl
02/19/2006 08:44 PM 402,974 perfh009.dat
02/19/2006 08:44 PM 63,418 perfc009.dat
02/19/2006 08:44 PM 473,400 PerfStringBackup.INI
02/08/2006 07:51 PM 68,516 ympguninst.exe
02/08/2006 03:40 PM 176,264 FNTCACHE.DAT
02/07/2006 11:23 PM 4,513,120 MRT.exe
02/07/2006 01:37 AM 6,675 jupdate-1.5.0_06-b05.log
02/05/2006 08:35 PM 3,460 jupdate-1.5.0_03-b07.log
02/03/2006 06:30 PM 16,832 amcompat.tlb
02/03/2006 06:30 PM 23,392 nscompat.tlb
02/03/2006 06:29 PM 2,272 w95inf16.dll
02/03/2006 06:29 PM 4,608 w95inf32.dll
02/03/2006 01:17 PM 1,201 lvcoinst.log
01/31/2006 02:35 PM 91,904 S32EVNT1.DLL
01/26/2006 12:36 PM 574,976 DivX.dll
01/26/2006 12:35 PM 679,936 divx_xx07.dll
01/26/2006 12:35 PM 679,936 divx_xx0c.dll
01/26/2006 12:35 PM 663,552 divx_xx11.dll
01/24/2006 12:08 PM 12,288 DivXWMPExtType.dll

Volume in drive C has no label.
Volume Seri*hier nicht!* Number is C4FC-77D4

Directory of C:\DOCUME~1\Owner\LOCALS~1\Temp

02/22/2006 04:17 PM 65,536 ~DFCA5.tmp
02/22/2006 04:16 PM 550 LVCOMSX.LOG
02/22/2006 04:16 PM 16,384 Perflib_Perfdata_814.dat
02/22/2006 04:16 PM 11,264 netf.dll
02/22/2006 04:16 PM 45,056 tmp1.tmp
02/22/2006 08:32 AM 259,338 mps07C91.tmp

02/07/2006 09:07 PM 24,613 IadHide5.dll
7 File(s) 422,741 bytes
0 Dir(s) 42,517,958,656 bytes free


Volume in drive C has no label.
Volume Seri*hier nicht!* Number is C4FC-77D4

Directory of C:\WINDOWS

02/21/2006 11:54 PM 4,026 ModemLog_Agere Systems AC'97 Modem.txt
02/21/2006 11:54 PM 159 wiadebug.log
02/21/2006 11:54 PM 49 wiaservc.log
02/21/2006 11:53 PM 0 0.log
02/21/2006 11:53 PM 2,048 bootstat.dat
02/21/2006 11:53 PM 32,412 SchedLgU.Txt
02/21/2006 11:52 PM 1,451,406 WindowsUpdate.log
02/21/2006 11:41 PM 54,156 QTFont.qfn
02/21/2006 02:37 AM 68,192 wmsetup.log
02/20/2006 03:11 AM 1,409 QTFont.for
02/19/2006 08:57 PM 13,556 KB911927.log
02/16/2006 01:31 AM 58,059 iis6.log
02/16/2006 01:31 AM 132,870 comsetup.log
02/16/2006 01:31 AM 1,917 imsins.log
02/16/2006 01:31 AM 20,707 ocmsn.log
02/16/2006 01:31 AM 79,956 ntdtcsetup.log
02/16/2006 01:31 AM 150,087 tsoc.log
02/16/2006 01:31 AM 195,279 ocgen.log
02/16/2006 01:31 AM 19,545 msgsocm.log
02/16/2006 01:31 AM 391,003 FaxSetup.log
02/16/2006 01:31 AM 932,705 setupapi.log
02/16/2006 01:31 AM 4,566 imsins.BAK
02/15/2006 02:20 PM 1,830 spupdsvc.log
02/15/2006 02:13 PM 6,885 KB913446.log
02/15/2006 02:12 PM 9,121 KB911564.log
02/15/2006 02:12 PM 21,336 updspapi.log
02/15/2006 02:12 PM 8,876 KB911565.log
02/13/2006 11:08 PM 201,673 setupact.log
02/09/2006 03:59 PM 26 DfrgUIEx.INI
02/09/2006 12:24 AM 39,921 Codec Pack - All In 1 Setup Log.txt
02/09/2006 12:21 AM 737,280 iun6002.exe
02/07/2006 09:07 PM 118,784 bwUnin-7.2.0.157-8876480SL.exe
02/06/2006 11:46 PM 4 Pix11.dat
02/03/2006 07:33 PM 96 Vstudio.INI
02/03/2006 07:33 PM 1,575 Ulead32.ini
02/03/2006 07:30 PM 45 dswplug.ini
02/03/2006 07:26 PM 40 Msdevctl.ini
02/03/2006 07:24 PM 89 Unable to load string
02/03/2006 06:30 PM 1,110 DirectX.log
02/03/2006 12:38 PM 121 GEARInstall.log
02/03/2006 12:33 PM 2,894 COM+.log
02/03/2006 09:46 AM 528 win.ini
02/03/2006 08:49 AM 8,224 KB902344.log



Volume in drive C has no label.
Volume Seri*hier nicht!* Number is C4FC-77D4

Directory of C:\

02/22/2006 04:21 PM 0 sys.txt
02/22/2006 04:20 PM 8,960 system.txt
02/22/2006 04:20 PM 592 systemtemp.txt
02/22/2006 04:20 PM 106,456 system32.txt
02/21/2006 11:53 PM 754,974,720 pagefile.sys
12/04/2005 08:10 PM 211 boot.ini
05/18/2005 11:29 AM 0 AUTOEXEC.BAT
05/18/2005 11:29 AM 0 CONFIG.SYS
05/18/2005 11:29 AM 0 MSDOS.SYS
05/18/2005 11:29 AM 0 IO.SYS
08/04/2004 06:00 AM 250,032 ntldr
08/04/2004 06:00 AM 47,564 NTDETECT.COM
12 File(s) 755,388,535 bytes
0 Dir(s) 42,517,909,504 bytes free


Logfile of HijackThis v1.99.1
Scan saved at 4:26:30 PM, on 2/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.computers.us.fujitsu.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O18 - Protocol: bw+0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe


Danke!
Seitenanfang Seitenende
23.02.2006, 12:29
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5 AlexW

1.
Start-->Ausführen, gib ein : services.msc
Navigiere zu folgendem Eintrag:
Windows Log
rechtsklick-->Eigenschaften und setze den Starttyp auf deaktiviert.

-------------------------------------------------------------------------
2.
öffne das HijackThis -- Button "scan" -- vor die Einträge Häkchen setzen -- Button "Fix checked"

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w

fixe das auch, damit es aus dem Autostart kommt...hat dort nichts zu suchen....


O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O18 - Protocol: bw+0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

3.
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren: .

C:\WINDOWS\system32\netf.dll
C:\WINDOWS\system32\nvsvcd.exe
C:\WINDOWS\system\smss.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFCA5.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\LVCOMSX.LOG
C:\DOCUME~1\Owner\LOCALS~1\Temp\netf.dll
C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_814.dat
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp1.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\mps07C91.tmp
C:\WINDOWS\system32\nvsvcd.exe
C:\Temp\data.exe
C:\WINDOWS\system32\ympguninst.exe

4.
PC neustarten

5.
nach dem Neustart suche: C:\!KillBox
und loesche alle dort befindlichen Dateien manuell

--------------------------------------------------------------------
6.
scanne mit allen 4 Scannern
http://virus-protect.org/multiavtool.html

7.
Download Registry Search by Bobbi Flekman
http://www.bleepingcomputer.com/files/regsearch.php
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

Windows Log

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

8.
Online-Virenscan (Kaspersky) --> poste den scanreport
http://virus-protect.org/onlinescan.html

------------------------------------------------------------------------------

Ergebnis von C:\WINDOWS\system32\nvsvcd.exe
Anti-Virus Backdoor.Win32.IRCBot.nw
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.02.2006, 07:57
...neu hier

Themenstarter

Beiträge: 8
#6 Hallo Sabina, erstmal vielen Dank fuer deine Hilfe. Hier mein Bericht:

Nachdem ich "Windows Log" deaktiviert hab und Hijackthis startete, fehlte dieser Eintrag: O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

Naja dann halt alle anderen Eintraege gefixt, Killbox in Auftrag gegeben und das System wurde neugestartet. Dann stoppte der Boot-Prozess komischerweise beim Auswahl-Modus (irgendwas von wegen Systemdateien wurden geandert) und ich waehlte dann erstmal Normaler Modus. Bekam danach aber nur einen schwarzen Bildschirm und Windows wollte auch nach 30min warten nicht starten. Dann per kaltstart neugestartet und noch dreimal probiert bis ich denn Abgesicherten Modus ausgewaehlt hab. Das ging dann und ich dachte deaktiviertes Windows Log ist schuld und reaktivierte dies im abgesicherten Modus, Neustart und auf einmal fuhr Windows glatt hoch. Nun weiss ich nich ob mein reaktivieren im abgesicherten Modus geholfen hat oder ob Windows nur den abgesicherten Modus kurz brauchte um klarzukommen.
Naja wie auch immer, im normalen Modus war Windows Log noch immer deaktiviert und ist es immer noch.
Nach dem loeschen der KillBox Dateien, und beim ernueten Hijackthis scan tauchte auf einmal der Eintrag "O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe" wieder auf diesmal aber mit dem Zusatz "file missing", hab ich dann einfach markiert und fixen lassen.
Bei dem Mutlivirusscanner haben nur Nr. 1 und 2 funktioniert (haben uebrigens nix verdaechtiges gefunden), McAfee konnte sich als anonymous online nich einloggen und Kaspersky wollte erst garnet starten, beide mehrmals probiert, ging nicht.

Hier das Ergebnis von regsearch:

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.0.1

; Results at 2/24/2006 12:49:58 AM for strings:
; 'windows log'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_LOG\0000]
"Service"="Windows Log"
"DeviceDesc"="Windows Log"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]
"Description"="Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Log]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Log]
"DisplayName"="Windows Log"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Log\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Log\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDOWS_LOG\0000]
"Service"="Windows Log"
"DeviceDesc"="Windows Log"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SENS]
"Description"="Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows Log]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows Log]
"DisplayName"="Windows Log"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows Log\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_LOG\0000]
"Service"="Windows Log"
"DeviceDesc"="Windows Log"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS]
"Description"="Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log]
"DisplayName"="Windows Log"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log\Enum]

[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\WindowsLogoff]
@="Windows Logoff"

[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\WindowsLogon]
@="Windows Logon"

[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\WindowsLogoff]
@="Windows Logoff"

[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\WindowsLogon]
@="Windows Logon"

[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\WindowsLogoff]
@="Windows Logoff"

[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\WindowsLogon]
@="Windows Logon"

[HKEY_USERS\S-1-5-21-2837426592-2895418826-846507257-1003\AppEvents\EventLabels\WindowsLogoff]
@="Windows Logoff"

[HKEY_USERS\S-1-5-21-2837426592-2895418826-846507257-1003\AppEvents\EventLabels\WindowsLogon]
@="Windows Logon"

[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\WindowsLogoff]
@="Windows Logoff"

[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\WindowsLogon]
@="Windows Logon"

; End Of The Log...

Kaspersky Online Scan hat ordentlich was gefunden (obwohl die anderen scanner die funktionierten nix gefunden haben), hier der Bericht:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, February 24, 2006 12:07:58 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 24/02/2006
Kaspersky Anti-Virus database records: 167461
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 48853
Number of viruses found: 2
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 00:46:51

Infected Object Name / Virus Name / Last Action
C:\Program Files\Norton AntiVirus\Quarantine\57713FEC.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\System Volume Information\_restore{23DE466A-C5BE-4836-843E-EDA1EA9C15E0}\RP149\A0012047.dll Infected: Backdoor.Win32.IRCBot.nw skipped
C:\System Volume Information\_restore{23DE466A-C5BE-4836-843E-EDA1EA9C15E0}\RP150\A0012185.dll Infected: Backdoor.Win32.IRCBot.nw skipped
C:\System Volume Information\_restore{23DE466A-C5BE-4836-843E-EDA1EA9C15E0}\RP150\A0012213.dll Infected: Backdoor.Win32.IRCBot.nw skipped
C:\System Volume Information\_restore{23DE466A-C5BE-4836-843E-EDA1EA9C15E0}\RP151\A0012245.dll Infected: Backdoor.Win32.IRCBot.nw skipped
C:\System Volume Information\_restore{23DE466A-C5BE-4836-843E-EDA1EA9C15E0}\RP151\A0012246.exe Infected: Backdoor.Win32.IRCBot.nw skipped
C:\System Volume Information\_restore{23DE466A-C5BE-4836-843E-EDA1EA9C15E0}\RP151\A0012247.exe Infected: Backdoor.Win32.IRCBot.nw skipped
C:\System Volume Information\_restore{23DE466A-C5BE-4836-843E-EDA1EA9C15E0}\RP151\A0013247.dll Infected: Backdoor.Win32.IRCBot.nw skipped
C:\System Volume Information\_restore{23DE466A-C5BE-4836-843E-EDA1EA9C15E0}\RP151\A0013248.exe Infected: Backdoor.Win32.IRCBot.nw skipped
C:\System Volume Information\_restore{23DE466A-C5BE-4836-843E-EDA1EA9C15E0}\RP151\A0013249.exe Infected: Backdoor.Win32.IRCBot.nw skipped

Scan process completed.

Um sicher zu gehen, hier nochmal das neueste (gerade ausgefuehrt) Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:52:56 AM, on 2/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.computers.us.fujitsu.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {E8A93A85-0C2D-45D2-AAE2-A0356D4C1906} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Und die akuellste Auswertung von datFind.bat:

Volume in drive C has no label.
Volume Seri*hier nicht!* Number is C4FC-77D4

Directory of C:\WINDOWS\system32

02/24/2006 12:13 AM 4,074 OODBS.lor
02/20/2006 01:20 AM 1,158 wpa.dbl
02/19/2006 08:44 PM 402,974 perfh009.dat
02/19/2006 08:44 PM 63,418 perfc009.dat
02/19/2006 08:44 PM 473,400 PerfStringBackup.INI
02/08/2006 03:40 PM 176,264 FNTCACHE.DAT
02/07/2006 11:23 PM 4,513,120 MRT.exe
02/07/2006 01:37 AM 6,675 jupdate-1.5.0_06-b05.log
02/05/2006 08:35 PM 3,460 jupdate-1.5.0_03-b07.log
02/03/2006 06:30 PM 16,832 amcompat.tlb
02/03/2006 06:30 PM 23,392 nscompat.tlb
02/03/2006 06:29 PM 2,272 w95inf16.dll
02/03/2006 06:29 PM 4,608 w95inf32.dll
02/03/2006 01:17 PM 1,201 lvcoinst.log
01/31/2006 02:35 PM 91,904 S32EVNT1.DLL
01/26/2006 12:36 PM 574,976 DivX.dll
01/26/2006 12:35 PM 679,936 divx_xx07.dll
01/26/2006 12:35 PM 679,936 divx_xx0c.dll
01/26/2006 12:35 PM 663,552 divx_xx11.dll
01/24/2006 12:08 PM 12,288 DivXWMPExtType.dll
01/24/2006 11:34 AM 118,784 sirenacm.dll
01/12/2006 11:32 AM 543,496 LegitCheckControl.DLL
01/09/2006 01:32 PM 86,016 dpl100.dll
01/09/2006 01:32 PM 593,920 dpuGUI11.dll
01/09/2006 01:32 PM 200,704 dtu100.dll
01/09/2006 01:32 PM 339,968 dpus11.dll
01/09/2006 01:32 PM 57,344 dpv11.dll
01/09/2006 01:32 PM 294,912 dpu11.dll
01/09/2006 01:32 PM 294,912 dpu10.dll
01/03/2006 09:35 PM 68,096 webclnt.dll
12/30/2005 08:18 PM 180,224 xvidvfw.dll

Volume in drive C has no label.
Volume Seri*hier nicht!* Number is C4FC-77D4

Directory of C:\DOCUME~1\Owner\LOCALS~1\Temp

02/24/2006 12:48 AM 81,920 ~DFF6D4.tmp
02/24/2006 12:46 AM 618 jusched.log
02/24/2006 12:36 AM 2,620 LVCOMSX.LOG
02/24/2006 12:36 AM 0 Perflib_Perfdata_f0c.dat
02/24/2006 12:09 AM 9,965 WscWlanScanner_2006-02-24.log
02/23/2006 11:03 PM 596,143 gtb5.tmp.cab
02/23/2006 11:03 PM 0 gtb5.tmp
7 File(s) 691,266 bytes
0 Dir(s) 42,265,600,000 bytes free


Volume in drive C has no label.
Volume Seri*hier nicht!* Number is C4FC-77D4

Directory of C:\WINDOWS

02/24/2006 12:14 AM 49 wiaservc.log
02/24/2006 12:14 AM 3,636 ModemLog_Agere Systems AC'97 Modem.txt
02/24/2006 12:14 AM 159 wiadebug.log
02/24/2006 12:13 AM 0 0.log
02/24/2006 12:13 AM 2,048 bootstat.dat
02/24/2006 12:13 AM 32,408 SchedLgU.Txt
02/24/2006 12:12 AM 1,453,894 WindowsUpdate.log
02/24/2006 12:09 AM 940,944 setupapi.log
02/23/2006 05:25 PM 114,758 ntbtlog.txt
02/22/2006 10:38 PM 54,156 QTFont.qfn
02/21/2006 02:37 AM 68,192 wmsetup.log
02/20/2006 03:11 AM 1,409 QTFont.for
02/19/2006 08:57 PM 13,556 KB911927.log
02/16/2006 01:31 AM 132,870 comsetup.log
02/16/2006 01:31 AM 58,059 iis6.log
02/16/2006 01:31 AM 150,087 tsoc.log
02/16/2006 01:31 AM 1,917 imsins.log
02/16/2006 01:31 AM 20,707 ocmsn.log
02/16/2006 01:31 AM 79,956 ntdtcsetup.log
02/16/2006 01:31 AM 195,279 ocgen.log
02/16/2006 01:31 AM 19,545 msgsocm.log
02/16/2006 01:31 AM 391,003 FaxSetup.log
02/16/2006 01:31 AM 4,566 imsins.BAK
02/15/2006 02:20 PM 1,830 spupdsvc.log
02/15/2006 02:13 PM 6,885 KB913446.log
02/15/2006 02:12 PM 9,121 KB911564.log
02/15/2006 02:12 PM 21,336 updspapi.log
02/15/2006 02:12 PM 8,876 KB911565.log
02/13/2006 11:08 PM 201,673 setupact.log
02/09/2006 03:59 PM 26 DfrgUIEx.INI
02/09/2006 12:24 AM 39,921 Codec Pack - All In 1 Setup Log.txt
02/09/2006 12:21 AM 737,280 iun6002.exe
02/07/2006 09:07 PM 118,784 bwUnin-7.2.0.157-8876480SL.exe
02/06/2006 11:46 PM 4 Pix11.dat
02/03/2006 07:33 PM 96 Vstudio.INI
02/03/2006 07:33 PM 1,575 Ulead32.ini
02/03/2006 07:30 PM 45 dswplug.ini
02/03/2006 07:26 PM 40 Msdevctl.ini
02/03/2006 07:24 PM 89 Unable to load string
02/03/2006 06:30 PM 1,110 DirectX.log
02/03/2006 12:38 PM 121 GEARInstall.log
02/03/2006 12:33 PM 2,894 COM+.log
02/03/2006 09:46 AM 528 win.ini
02/03/2006 08:49 AM 8,224 KB902344.log
01/12/2006 07:32 AM 3,574 JB3DRV.LOG
01/04/2006 05:29 AM 9,973 KB908519.log

Volume in drive C has no label.
Volume Seri*hier nicht!* Number is C4FC-77D4

Directory of C:\

02/24/2006 12:54 AM 0 sys.txt
02/24/2006 12:54 AM 9,012 system.txt
02/24/2006 12:54 AM 613 systemtemp.txt
02/24/2006 12:53 AM 106,405 system32.txt
02/24/2006 12:13 AM 754,974,720 pagefile.sys
02/22/2006 07:16 PM 0 logwmemory.bin
12/04/2005 08:10 PM 211 boot.ini
05/18/2005 11:29 AM 0 AUTOEXEC.BAT
05/18/2005 11:29 AM 0 CONFIG.SYS
05/18/2005 11:29 AM 0 MSDOS.SYS
05/18/2005 11:29 AM 0 IO.SYS
08/04/2004 06:00 AM 47,564 NTDETECT.COM
08/04/2004 06:00 AM 250,032 ntldr
13 File(s) 755,388,557 bytes
0 Dir(s) 42,265,595,904 bytes free



Na Gut sieht so aus als waer ich noch nicht erloest. Vielen Dank fuer deine weitere Hilfe, Sabina.

Alex
Seitenanfang Seitenende
24.02.2006, 11:35
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#7 AlexW

Sollte man Probleme haben, die Einträge zu löschen,
Legacy_ .....kann nicht gelöscht werden. Fehler beim Löschen des Schlüssels,
dann gehe mit Rechtsklick im Kontextmenü auf: "Berechtigungen" Setze das Häkchen bei "Vollzugriff zulassen"
Übernehmen, OK
Danach sollte(n) sich der(die) betreffenden Schlüssel löschen lassen.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_LOG\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Log
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDOWS_LOG\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows Log
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_LOG\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log

bitte keine anderen Schluessel loeschen. !


PC neustarten

Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
dann wieder aktivieren.

P.s: schau noch mal in C:\Temp+ C:\WINDOWS\Temp ob du dort exe findest und berichte

loeschen:
C:\Documente und Einstellungen\Owner\Lokale Einstellungen\Temp\gtb5.tmp.cab
C:\Documente und Einstellungen\Owner\Lokale Einstellungen\Temp\gtb5.tmp

Backdoor.IRCBot.ob
http://virus-protect.org/artikel/dienste/nvsvcd.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.02.2006, 23:20
...neu hier

Themenstarter

Beiträge: 8
#8 Also die Eintraege..

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_LOG\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log

gab gar nicht mehr, hab nur die ersten vier mit regedit geloescht. Was ist denn der C:\Temp+ Ordner? Den gibs nicht auf meiner Festplatte, und in C:\WINDOWS\Temp gab nur den Ordner History, Temporary Internet Files (in deren Unterordnern keine .exe Dateien waren) und ein paar Perflib_Perfdata_***.dat und T30DebugLogFile.txt. Was sind eigentlich diese Perflib_Perfdata Eintraege, die auch in anderen Temp-Ordnern auftauchen?

Was mach ich denn nun mit: C:\Program Files\Norton AntiVirus\Quarantine\57713FEC.wmf Infected: Trojan-Downloader.Win32.Agent.acd ??? Die Datei ist in Quarantaene, also koennt ich sie einfach loeschen? Norton AV laeuft sowieso bald aus. Kannst du einen guten freien Rundum Virenschutz empfehlen? Danke.

Gut das war es dann soweit...ich lass jetzt nochmal Kaspersky Online Scan durchlaufen...und dann denk ich mal bin ich befreit, oder?
In Zukunft werden keine .exe Dateien aus dem Internet ausgefuehrt.

Vielen, vielen Dank...Sabina.
Seitenanfang Seitenende
24.02.2006, 23:39
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#9 bevor du den Antivirus installierst, muss der Norton AntiVirus deinstalliert werden..sonst wird das System langsam.
http://virus-protect.org/antivirus.html

mache dann mit dem Antivirus im abgesicherten Modus einen Vollscann und berichte ;)
Dann aktiviere auch wieder die Systemwiederherstellung.
.------------------------------------------------------------
kannst du mit der Killbox loeschen...........
C:\Program Files\Norton AntiVirus\Quarantine\57713FEC.wmf
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.02.2006, 00:02
...neu hier

Themenstarter

Beiträge: 8
#10 Ups, die Systemwiederherstellung hatte ich direkt nach dem deaktivieren, uebernehmen, direkt wieder reaktiviert. Wie komme ich eigentlich mit XP SP2 in den abgesicherten Modus, wenn ich F8 druecke bietet Windows garnicht mehr an, wie ueblich bei XP SP1???
Seitenanfang Seitenende
25.02.2006, 00:10
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#11 nun, eigentlich hat sich da von SP1 zu SP2 nichts veraendert...du drueckst fleissig F8, dann kommt der schwarze Bildschirm mit den Auswahlmoeglichkeiten. Anders kenne ich es nicht....
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.02.2006, 00:26
...neu hier

Themenstarter

Beiträge: 8
#12 Sollte ich AntiVir's Win32 file heuristic aktivieren?
Seitenanfang Seitenende
25.02.2006, 00:37
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#13 ja, mache das, aber stelle es auf mittel, falls es das gibt (die Version ist neu)...der Scan wird dann sehr lange dauern, aber dafuer ist er gruendlich) ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.02.2006, 02:32
...neu hier

Themenstarter

Beiträge: 8
#14 Ok also fuer den Scan heuristic aktivieren, aber lieber nicht fuer den AntiVir Guard, oder? Bremst bestimmt das System zu sehr aus, oder?

Hier der scanreport:

Report file date: Friday, February 24, 2006 17:30


Jobname: 'Local Hard Disks'

Scanning for 318953 virus strains and unwanted programs.

Licensed to: AntiVir PersonalEdition Classic

3441 Scanning directories
200282 Files were scanned
0 viruses and/or unwanted programs was found
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
6213 Archives were scanned
44 Warnings
4 Notes

Ausserdem: Kannst du Spyware Doctor empfehlen, ich hab die Vollversion aufm PC?
Dieser Beitrag wurde am 25.02.2006 um 02:36 Uhr von AlexW editiert.
Seitenanfang Seitenende
25.02.2006, 10:15
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#15 AlexW

Mit Spyware Doctor habe ich noch nie gearbeitet... deshalb kann ich dazu nichts sagen.
Aktiviere also den Guard vom Antivirus ( das ist wichtig), stelle die Heuristik auf Mittel, surfe nur mit dem Firefox (oder Opera)
http://virus-protect.org/firefox.html
und wenn moeglich mit einem eingeschraenktem Benutzerkonto.
http://virus-protect.org/administrator.html

alles Gute fuer dich + PC ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: