Home » Spyware & Browser Hijacker Support Forum » Spyware Viren - TR/Zlob.IT.3, Swizzor usw. » Themenansicht
Spyware Viren - TR/Zlob.IT.3, Swizzor usw. |
||
|---|---|---|
| #0
| ||
|
30.04.2006, 22:28
Member
Beiträge: 11 |
||
 
|
|
|
|
01.05.2006, 00:22
Ehrenmitglied
 Beiträge: 29434 |
#2
domdidom
arbeite das bitte ab  und poste hier die Logshttp://board.protecus.de/t23187.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
01.05.2006, 14:37
Member
Themenstarter Beiträge: 11 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 12:46:10, on 01.05.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\atmclk.exe C:\WINDOWS\system32\dcomcfg.exe C:\WINDOWS\htpatch.exe C:\WINDOWS\Dit.exe C:\Programme\Medion\PowerCinema\PCMService.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Programme\MessengerPlus! 3\MsgPlus.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\8r2qoqlh.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\ICQPlus\vplus.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\WINDOWS\DitExp.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Programme\internet explorer\iexplore.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\mozilla\bin\mozilla.exe C:\Programme\Outlook Express\msimn.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp955A.tmp O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [mmtask] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [websx] C:\Programme\websx\int512328.exe -auto O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [XM2002] C:\Programme\IPPS\XM2002®\XM2002.exe -auto O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\NDetect.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [8r2qoqlh] C:\WINDOWS\System32\8r2qoqlh.exe O4 - HKLM\..\Run: [Heart title loud option] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hide noun heart title\Dash Bind.exe O4 - HKLM\..\Run: [Uwcivqt] C:\Program Files\Xakozc\Vwinly.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [keep chic tick okay] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DupeIntraKeepChic\City comp.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe" O4 - HKCU\..\Run: [Amok hold] C:\DOKUME~1\Dominik\ANWEND~1\JUMPBA~1\dogprogram.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: PalNetaware.lnk = C:\Programme\Paltalk\pnetaware.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing) O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/de/filesharingctrl.cab O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/eng/roulette_2_0_0_17.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2A781DED-C22D-4153-9812-CEA98A32981C} (GameDesire Makao) - http://67.15.101.3/g_bin/eng/cardsmakao_2_0_0_20.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/eng/boards_2_0_0_20.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/302e6de2e228ab6e9205/netzip/RdxIE601_de.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_39.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web8.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_29.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/eng/soccer_2_0_0_8.cab O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/eng/billard9_2_0_0_24.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_24.cab O18 - Protocol: bw+0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Mqgnjcfq.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Winklmg - Unknown owner - C:\WINDOWS\System32\Winklmg.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS\system32 01.05.2006 14:27 3.936 8r2qoqlh.ini 01.05.2006 14:26 5.004 stdole3.tlb 01.05.2006 12:07 6.144 simpole.tlb 01.05.2006 12:06 0 85ssu50d.html 01.05.2006 12:06 4.720 ide21201.vxd 01.05.2006 12:06 33.280 hp955A.tmp 01.05.2006 12:06 28.685 ld92CA.tmp 30.04.2006 23:10 10.080 atmclk.exe 30.04.2006 18:55 1.632 d3d8caps.dat 29.04.2006 14:45 4.286 ot.ico 29.04.2006 14:45 4.286 ts.ico 29.04.2006 13:05 16.420 dcomcfg.exe 29.04.2006 12:06 15.089 regperf.exe 20.04.2006 23:45 16 6g1lgb9e.dat 20.04.2006 23:45 249.640 d4ljqf17.dat 20.04.2006 23:45 1.648 kh3u32hl.dat 19.04.2006 18:05 2.826 39877ri7.dat 09.04.2006 12:05 1.744 d3d9caps.dat 06.04.2006 21:48 5.143.456 MRT.exe 04.04.2006 08:41 31.232 8fnl656o.exe 03.04.2006 13:58 358.981 8r2qoqlh.exe 03.04.2006 13:52 139.325 aue4ui4j.dll 30.03.2006 11:26 1.492.480 shdocvw.dll 30.03.2006 03:16 18.944 xpsp3res.dll 26.03.2006 15:50 376.840 perfh009.dat 26.03.2006 15:50 52.044 perfc009.dat 26.03.2006 15:50 62.856 perfc007.dat 26.03.2006 15:50 387.564 perfh007.dat 26.03.2006 15:50 889.486 PerfStringBackup.INI 23.03.2006 22:34 3.074.560 mshtml.dll 18.03.2006 13:09 615.424 urlmon.dll 17.03.2006 11:11 679.424 inetcomm.dll 17.03.2006 06:03 8.493.056 shell32.dll 17.03.2006 02:38 28.672 verclsid.exe 10.03.2006 06:09 5.533.696 wmp.dll 04.03.2006 05:34 664.064 wininet.dll 04.03.2006 05:34 474.624 shlwapi.dll 04.03.2006 05:34 532.480 mstime.dll 04.03.2006 05:34 448.512 mshtmled.dll 04.03.2006 05:34 146.432 msrating.dll 04.03.2006 05:34 39.424 pngfilt.dll 04.03.2006 05:34 205.312 dxtrans.dll 04.03.2006 05:34 1.056.256 danim.dll 04.03.2006 05:34 251.392 iepeers.dll 04.03.2006 05:34 96.768 inseng.dll 04.03.2006 05:34 55.808 extmgr.dll 04.03.2006 05:34 152.064 cdfview.dll 04.03.2006 05:34 1.022.976 browseui.dll 05.02.2006 01:33 63.192 sk1ah50r.dat 05.02.2006 01:33 147.592 4ovmv8f2.dat Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\DOKUME~1\Dominik\LOKALE~1\Temp 01.05.2006 14:25 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}14435.html 01.05.2006 14:00 62.574 72d4b0.exe 01.05.2006 12:13 16.384 ~DFCF39.tmp 01.05.2006 12:13 16.384 ~DFC5AD.tmp 01.05.2006 12:13 512 ~DFC5BE.tmp 23.01.2006 15:36 429 datFind.bat Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS 01.05.2006 12:07 0 0.log 01.05.2006 12:07 159 wiadebug.log 01.05.2006 12:07 4.210 ModemLog_Creatix V.9X DSP Data Fax Modem.txt 01.05.2006 12:07 347.546 setupapi.log 01.05.2006 12:07 50 wiaservc.log 01.05.2006 12:07 1.597.514 WindowsUpdate.log 01.05.2006 12:06 2.048 bootstat.dat 01.05.2006 03:03 32.526 SchedLgU.Txt 30.04.2006 18:55 11.536 mozver.dat 29.04.2006 19:29 1.125 winamp.ini 27.04.2006 00:50 125.218 iis6.log 27.04.2006 00:50 294.117 comsetup.log 27.04.2006 00:50 170.995 ntdtcsetup.log 27.04.2006 00:50 344.775 tsoc.log 27.04.2006 00:50 1.374 imsins.log 27.04.2006 00:50 30.123 ocmsn.log 27.04.2006 00:50 12.044 KB900485.log 27.04.2006 00:50 41.378 msgsocm.log 27.04.2006 00:50 456.416 ocgen.log 27.04.2006 00:50 914.158 FaxSetup.log 24.04.2006 11:15 262.144 Setup1.exe 24.04.2006 11:15 74.752 ODEUNST.EXE 23.04.2006 13:22 1.121 ULEAD32.INI 22.04.2006 18:07 54.156 QTFont.qfn 18.04.2006 15:40 126.648 wmsetup.log 16.04.2006 15:28 1.409 QTFont.for 13.04.2006 16:03 30.677 spupdsvc.log 13.04.2006 16:00 1.374 imsins.BAK 13.04.2006 16:00 19.081 KB908531.log 13.04.2006 16:00 37.874 updspapi.log 13.04.2006 16:00 18.341 KB911562.log 13.04.2006 15:59 19.611 KB912812.log 13.04.2006 15:59 13.520 KB911565.log 13.04.2006 15:58 13.203 KB911567.log 04.04.2006 08:40 64.000 s6me0bmq.exe 29.03.2006 22:00 2.560 _MSRSTRT.EXE 19.02.2006 03:04 11.220 KB911927.log 19.02.2006 03:04 6.509 KB911564.log 19.02.2006 03:03 7.241 KB913446.log 15.02.2006 14:03 50.688 ALCFDRTM.VER Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\ 01.05.2006 14:29 0 sys.txt 01.05.2006 14:29 13.931 system.txt 01.05.2006 14:29 628 systemtemp.txt 01.05.2006 14:29 107.423 system32.txt 01.05.2006 12:06 536.399.872 hiberfil.sys 01.05.2006 12:06 805.306.368 pagefile.sys 28.04.2006 12:27 521 hpfr3420.xml 28.04.2006 12:27 170.572 hpfr3425.log |
|
|
|
|
|
|
01.05.2006, 17:04
Ehrenmitglied
Beiträge: 29434 |
#4
1.
Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) Winklmg in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. 2. ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
01.05.2006, 17:16
Ehrenmitglied
Beiträge: 29434 |
#5
Versteckte- und Systemdateien sichtbar machen
http://virus-protect.org/invisible.html ------------------------------------------------------- 1. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten 2. öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp955A.tmpPC neustarten 3. SmitRem2.8 http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 Doppelklick: smitRem.exe -> Klicke: Start --> klicke: ok 4. Starte den PC neu --> in den abgesicherten Modus (Taste F8 drücken, wenn der PC hochfährt) 5. öffne smitRem --> Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) wenn ein uninstaller vorhanden ist, den smitRem entfernt, wird der uninstaller gestartet. Klicke einfach den Uninstall button und warte, bis deinstalliert wurde. 6. deinstalliere Paltalk MessengerPlus! 3 + Sponsor PartyGaming (PartyPoker) 7. loesche: C:\Program Files\Xakozc C:\Programme\websx C:\Programme\Common files\SearchUpgrader C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DupeIntraKeepChic\ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hide noun heart title\ C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\JUMPBA..... (ist nicht die komplette Bezeichnung) ------------------------------------------- 8. Dr.Web http://virus-protect.org/cureit.html Poste bitte das, was drweb gefuinden hat. Dazu unter Start - Ausfuehren %userprofil%\doctorweb\cureit.log eingeben und enter druecken. Den Inhalt der Dinge, die Drweb gefunden hat bitte posten. ---------- 9. Wenn dein System wieder aufgestartet ist, wird sich ein Logfile mit den Ergebnissen der Tätigkeiten des Avenger öffnen. Dieses Logfile befindet sich als avenger.txt im Ordner des Avenger auf C:\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
01.05.2006, 19:00
Member
Themenstarter Beiträge: 11 |
#6
REGEDIT4
; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.0.1 ; Results at 01.05.2006 18:56:57 for strings: ; 'winklmg' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINKLMG] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINKLMG\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINKLMG\0000] "Service"="Winklmg" "DeviceDesc"="Winklmg" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winklmg] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winklmg] ; Contents of value: ; C:\WINDOWS\System32\Winklmg.exe "ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,32,5c,\ 57,69,6e,6b,6c,6d,67,2e,65,78,65,00 "DisplayName"="Winklmg" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winklmg\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winklmg\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winklmg\Enum] "0"="Root\\LEGACY_WINKLMG\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINKLMG] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINKLMG\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINKLMG\0000] "Service"="Winklmg" "DeviceDesc"="Winklmg" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Winklmg] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Winklmg] ; Contents of value: ; C:\WINDOWS\System32\Winklmg.exe "ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,32,5c,\ 57,69,6e,6b,6c,6d,67,2e,65,78,65,00 "DisplayName"="Winklmg" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Winklmg\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINKLMG] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINKLMG\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINKLMG\0000] "Service"="Winklmg" "DeviceDesc"="Winklmg" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winklmg] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winklmg] ; Contents of value: ; C:\WINDOWS\System32\Winklmg.exe "ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,32,5c,\ 57,69,6e,6b,6c,6d,67,2e,65,78,65,00 "DisplayName"="Winklmg" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winklmg\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winklmg\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winklmg\Enum] "0"="Root\\LEGACY_WINKLMG\\0000" ; End Of The Log... The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows XP Home Edition Version: 5.1.2600 Service Pack 2 Mai 1, 2006 19:00:32 ---> Begin Service Listing <--- Unknown Service # 1 Service Name: AntiVirScheduler Display Name: AntiVir PersonalEdition Classic Planer Start Mode: Auto Start Name: LocalSystem Description: Dienst zur Steuerung von AntiVir Prüfaufträgen und ... Service Type: Own Process Path: c:\programme\antivir personaledition classic\sched.exe State: Running Process ID: 2708 Started: Wahr Exit Code: 0 Accept Pause: Wahr Accept Stop: Wahr Unknown Service # 2 Service Name: AntiVirService Display Name: AntiVir PersonalEdition Classic Guard Start Mode: Auto Start Name: LocalSystem Description: Bietet permanente Schutz vor Viren und Malware mit der AntiVir ... Service Type: Own Process Path: c:\programme\antivir personaledition classic\avguard.exe State: Running Process ID: 3380 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 3 Service Name: C-DillaCdaC11BA Display Name: C-DillaCdaC11BA Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\drivers\cdac11ba.exe State: Running Process ID: 1964 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #4 Service Name: MDM Display Name: Machine Debug Manager Start Mode: Auto Start Name: LocalSystem Description: Manages local and remote debugging for Visual Studio ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\microsoft shared\vs7debug\mdm.exe" State: Running Process ID: 204 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #5 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{99cf382b-22be-4265-b366-0ea378558289} State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 6 Service Name: Winklmg Display Name: Winklmg Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\winklmg.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch ---> End Service Listing <--- There are 89 Win32 services on this machine. 6 were unrecognized. Script Execution Time: 2,609375 seconds. Zitat Sabina postetedas da funktioniert nicht. also wenn ich %userprofil%\doctorweb\cureit.log kopiere und enter drücke kommt eine fehlermeldung. und wofür genau steht $%userprofil% ? Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\icbsfwge ******************* Script file located at: \??\C:\WINDOWS\ldpfvskl.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\8r2qoqlh.ini deleted successfully. File C:\WINDOWS\System32\8r2qoqlh.exe deleted successfully. File C:\WINDOWS\system32\stdole3.tlb deleted successfully. File C:\WINDOWS\system32\simpole.tlb deleted successfully. File C:\WINDOWS\system32\85ssu50d.html not found! Deletion of file C:\WINDOWS\system32\85ssu50d.html failed! Could not process line: C:\WINDOWS\system32\85ssu50d.html Status: 0xc0000034 File C:\WINDOWS\system32\ide21201.vxd deleted successfully. File C:\WINDOWS\system32\atmclk.exe deleted successfully. File C:\WINDOWS\system32\d3d8caps.dat deleted successfully. File C:\WINDOWS\system32\ot.ico deleted successfully. File C:\WINDOWS\system32\ts.ico deleted successfully. File C:\WINDOWS\system32\dcomcfg.exe deleted successfully. File C:\WINDOWS\system32\regperf.exe deleted successfully. File C:\WINDOWS\system32\6g1lgb9e.dat deleted successfully. File C:\WINDOWS\system32\d4ljqf17.dat deleted successfully. File C:\WINDOWS\system32\kh3u32hl.dat deleted successfully. File C:\WINDOWS\system32\39877ri7.dat deleted successfully. File C:\WINDOWS\system32\8fnl656o.exe deleted successfully. File C:\WINDOWS\system32\8r2qoqlh.exe not found! Deletion of file C:\WINDOWS\system32\8r2qoqlh.exe failed! Could not process line: C:\WINDOWS\system32\8r2qoqlh.exe Status: 0xc0000034 File C:\WINDOWS\system32\aue4ui4j.dll deleted successfully. File C:\WINDOWS\system32\sk1ah50r.dat deleted successfully. File C:\WINDOWS\system32\4ovmv8f2.dat deleted successfully. File C:\WINDOWS\s6me0bmq.exe deleted successfully. File C:\Program Files\Xakozc\Vwinly.exe not found! Deletion of file C:\Program Files\Xakozc\Vwinly.exe failed! Could not process line: C:\Program Files\Xakozc\Vwinly.exe Status: 0xc0000034 Could not open file C:\Programme\websx\int512328.exe for deletion Deletion of file C:\Programme\websx\int512328.exe failed! Could not process line: C:\Programme\websx\int512328.exe Status: 0xc000003a Completed script processing. ******************* Finished! Terminate. Dieser Beitrag wurde am 01.05.2006 um 19:42 Uhr von domdidom editiert.
|
|
|
|
|
|
|
01.05.2006, 21:33
Ehrenmitglied
Beiträge: 29434 |
#7
Text in den Texteditor kopieren
abspeichern (alle Dateien)als service.bat doppeltklicken Zitat @ECHO OFF-------------------------------- Start -- Ausführen -- regedit (reinschreiben) Sollte man Probleme haben, die Einträge zu löschen, Legacy_ .....kann nicht gelöscht werden. Fehler beim Löschen des Schlüssels, dann gehe mit Rechtsklick im Kontextmenü auf: "Berechtigungen" Setze das Häkchen bei "Vollzugriff zulassen" Übernehmen, OK Danach sollte(n) sich der(die) betreffenden Schlüssel löschen lassen. bearbeiten - suchen - WINKLMG [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINKLMG] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINKLMG\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winklmg] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINKLMG] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Winklmg] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINKLMG] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winklmg] PC neustarten -------------------- scanne mit ewido und poste den scanreport http://virus-protect.org/ewido.html -------------------- dann poste noch mal die 4 Logs von datfindbat...bis Anfang dezember 2005 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
01.05.2006, 23:39
Member
Themenstarter Beiträge: 11 |
#8
---------------------------------------------------------
ewido anti-malware - Scan Report --------------------------------------------------------- + Erstellt am: 23:29:40, 01.05.2006 + Report-Checksumme: 8CB746E9 + Scanergebnis: HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Gesäubert mit Backup HKU\S-1-5-21-792949788-3740296879-3850259339-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Gesäubert mit Backup :mozilla.8:C:\Dokumente und Einstellungen\D\Anwendungsdaten\Mozilla\Firefox\Profiles\default.6oz\cookies.txt -> TrackingCookie.Adtech : Gesäubert mit Backup :mozilla.9: C:\ttt.exe -> Adware.WinAD : Gesäubert mit Backup C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Gesäubert mit Backup D:\download\BSINSTALL.exe -> Adware.SaveNow : Gesäubert mit Backup D:\lalala\Messenger Plus! - Setup.exe/sponsor.exe -> Downloader.Swizzor.ag : Gesäubert mit Backup ::Report Ende Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS\system32 01.05.2006 19:51 1.632 d3d8caps.dat 01.05.2006 19:09 52 stdole3.tlb 01.05.2006 14:38 0 nbmimkcp.html 09.04.2006 12:05 1.744 d3d9caps.dat 06.04.2006 21:48 5.143.456 MRT.exe 30.03.2006 11:26 1.492.480 shdocvw.dll 30.03.2006 03:16 18.944 xpsp3res.dll 26.03.2006 15:50 376.840 perfh009.dat 26.03.2006 15:50 52.044 perfc009.dat 26.03.2006 15:50 62.856 perfc007.dat 26.03.2006 15:50 387.564 perfh007.dat 26.03.2006 15:50 889.486 PerfStringBackup.INI 23.03.2006 22:34 3.074.560 mshtml.dll 18.03.2006 13:09 615.424 urlmon.dll 17.03.2006 11:11 679.424 inetcomm.dll 17.03.2006 06:03 8.493.056 shell32.dll 17.03.2006 02:38 28.672 verclsid.exe 10.03.2006 06:09 5.533.696 wmp.dll 04.03.2006 05:34 664.064 wininet.dll 04.03.2006 05:34 474.624 shlwapi.dll 04.03.2006 05:34 146.432 msrating.dll 04.03.2006 05:34 532.480 mstime.dll 04.03.2006 05:34 448.512 mshtmled.dll 04.03.2006 05:34 39.424 pngfilt.dll 04.03.2006 05:34 205.312 dxtrans.dll 04.03.2006 05:34 55.808 extmgr.dll 04.03.2006 05:34 251.392 iepeers.dll 04.03.2006 05:34 96.768 inseng.dll 04.03.2006 05:34 1.056.256 danim.dll 04.03.2006 05:34 152.064 cdfview.dll 04.03.2006 05:34 1.022.976 browseui.dll 25.01.2006 05:34 118.784 sirenacm.dll 18.01.2006 14:05 57.344 avsda.dll 04.01.2006 05:35 68.096 webclnt.dll 29.12.2005 04:54 280.064 gdi32.dll 12.12.2005 20:06 10 pl2006.cfg 05.12.2005 17:44 110.592 DL_Bmpbtn.ocx 05.12.2005 17:44 81.920 DL_Caption.ocx 05.12.2005 11:33 294.864 FNTCACHE.DAT 04.12.2005 21:33 12.638 wpa.dbl 04.12.2005 21:32 90 spupdwxp.log Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\DOKUME~1\Dominik\LOKALE~1\Temp 01.05.2006 23:34 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}10301.html 01.05.2006 23:23 32.768 ~DFF20F.tmp 01.05.2006 22:53 49.152 ~DFF233.tmp 01.05.2006 22:48 16.384 ~DFF1FE.tmp 01.05.2006 22:48 16.384 ~DFF1DA.tmp 01.05.2006 22:48 16.384 ~DFF222.tmp 01.05.2006 22:48 512 ~DFF1EB.tmp 01.05.2006 22:48 512 ~DFF1C7.tmp 01.05.2006 22:48 16.384 ~DFF1B6.tmp 01.05.2006 22:34 16.384 Perflib_Perfdata_a74.dat 01.05.2006 22:21 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}13241.html 01.05.2006 20:53 512 ~DF3307.tmp 01.05.2006 20:53 16.384 ~DF32F6.tmp 01.05.2006 20:53 16.384 ~DF32AE.tmp 01.05.2006 20:53 512 ~DF32BF.tmp 01.05.2006 20:53 16.384 ~DF328A.tmp 01.05.2006 20:53 16.384 ~DF32D2.tmp 01.05.2006 20:53 512 ~DF329B.tmp 01.05.2006 20:53 512 ~DF32E3.tmp 01.05.2006 20:51 16.384 ~DF3A9A.tmp 01.05.2006 20:51 512 ~DF346B.tmp 01.05.2006 20:51 16.384 ~DF345A.tmp 01.05.2006 19:41 16.384 ~DFA0E7.tmp 01.05.2006 19:41 16.384 ~DF9A9E.tmp 23.01.2006 15:36 429 datFind.bat Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS 01.05.2006 20:44 352.342 setupapi.log 01.05.2006 20:43 0 0.log 01.05.2006 20:43 4.210 ModemLog_Creatix V.9X DSP Data Fax Modem.txt 01.05.2006 20:43 1.614.918 WindowsUpdate.log 01.05.2006 20:43 159 wiadebug.log 01.05.2006 20:43 50 wiaservc.log 01.05.2006 20:43 2.048 bootstat.dat 01.05.2006 20:42 32.526 SchedLgU.Txt 01.05.2006 19:27 257.304 setupact.log 01.05.2006 15:24 1.125 winamp.ini 30.04.2006 18:55 11.536 mozver.dat 27.04.2006 00:50 125.218 iis6.log 27.04.2006 00:50 294.117 comsetup.log 27.04.2006 00:50 344.775 tsoc.log 27.04.2006 00:50 1.374 imsins.log 27.04.2006 00:50 170.995 ntdtcsetup.log 27.04.2006 00:50 30.123 ocmsn.log 27.04.2006 00:50 12.044 KB900485.log 27.04.2006 00:50 456.416 ocgen.log 27.04.2006 00:50 41.378 msgsocm.log 27.04.2006 00:50 914.158 FaxSetup.log 24.04.2006 11:15 262.144 Setup1.exe 24.04.2006 11:15 74.752 ODEUNST.EXE 23.04.2006 13:22 1.121 ULEAD32.INI 22.04.2006 18:07 54.156 QTFont.qfn 18.04.2006 15:40 126.648 wmsetup.log 16.04.2006 15:28 1.409 QTFont.for 13.04.2006 16:03 30.677 spupdsvc.log 13.04.2006 16:00 1.374 imsins.BAK 13.04.2006 16:00 19.081 KB908531.log 13.04.2006 16:00 37.874 updspapi.log 13.04.2006 16:00 18.341 KB911562.log 13.04.2006 15:59 19.611 KB912812.log 13.04.2006 15:59 13.520 KB911565.log 13.04.2006 15:58 13.203 KB911567.log 29.03.2006 22:00 2.560 _MSRSTRT.EXE 19.02.2006 03:04 11.220 KB911927.log 19.02.2006 03:04 6.509 KB911564.log 19.02.2006 03:03 7.241 KB913446.log 15.02.2006 14:03 50.688 ALCFDRTM.VER 14.01.2006 01:38 15.988 yacs.log 12.01.2006 02:07 10.400 KB908519.log 06.01.2006 12:50 11.200 KB912919.log 14.12.2005 14:16 11.185 KB910437.log 14.12.2005 14:16 17.304 KB905915.log 05.12.2005 12:09 12.167 KB885250.log 05.12.2005 12:09 12.197 KB887742.log 05.12.2005 12:09 11.739 KB887472.log 05.12.2005 12:09 11.545 KB896688.log 05.12.2005 12:07 5.777 KB886185.log 05.12.2005 12:07 3.219 KB885884.log 04.12.2005 23:28 12.055 KB896424.log 04.12.2005 23:28 25.583 KB904706.log 04.12.2005 21:34 3.291 OEWABLog.txt 04.12.2005 21:33 788.290 setuplog.txt 04.12.2005 21:32 1.191 DtcInstall.log 04.12.2005 21:32 316.640 WMSysPr9.prx 04.12.2005 12:13 435.194 svcpack.log 04.12.2005 12:13 214.959 KB905749.log 04.12.2005 12:12 218.183 KB905414.log 04.12.2005 12:11 235.829 KB902400.log 04.12.2005 12:11 223.307 KB901214.log 04.12.2005 12:10 225.806 KB901017.log 04.12.2005 12:09 219.891 KB900725.log 04.12.2005 12:09 229.470 KB899591.log 04.12.2005 12:08 222.696 KB899588.log 04.12.2005 12:07 240.691 KB899587.log 04.12.2005 12:07 212.867 KB896428.log 04.12.2005 12:06 229.167 KB896423.log 04.12.2005 12:05 239.097 KB896422.log 04.12.2005 12:04 227.970 KB896358.log 04.12.2005 12:04 230.357 KB893756.log 04.12.2005 12:03 220.051 KB893086.log 04.12.2005 12:02 229.684 KB893066.log 04.12.2005 12:02 228.127 KB891781.log 04.12.2005 12:01 222.864 KB890859.log 04.12.2005 12:00 227.843 KB890046.log 04.12.2005 12:00 221.134 KB888302.log 04.12.2005 11:59 226.926 KB888113.log 04.12.2005 11:58 231.739 KB885836.log 04.12.2005 11:58 236.704 KB885835.log 04.12.2005 11:57 226.801 KB873339.log 04.12.2005 11:56 228.594 KB873333.log 04.12.2005 11:56 1.100.228 setupapi.log.1.old 04.12.2005 11:53 200 cmsetacl.log 04.12.2005 11:53 18.801 sessmgr.setup.log Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\ 01.05.2006 23:35 0 sys.txt 01.05.2006 23:35 13.881 system.txt 01.05.2006 23:35 1.622 systemtemp.txt 01.05.2006 23:35 106.494 system32.txt 01.05.2006 20:43 536.399.872 hiberfil.sys 01.05.2006 20:43 805.306.368 pagefile.sys 01.05.2006 19:25 3.596 smitfiles.txt 01.05.2006 19:10 4.964 avenger.txt 28.04.2006 12:27 521 hpfr3420.xml 28.04.2006 12:27 170.572 hpfr3425.log 15.01.2006 04:19 52.612 EasyShare.dmp 04.12.2005 11:53 211 boot.ini 04.12.2005 11:48 47.564 NTDETECT.COM 04.12.2005 11:48 251.184 ntldr 28.08.2005 19:11 250.200 temp.raw 12.08.2005 14:10 3.147.738 DTB.EXE 24.12.2004 01:37 184 Setup.log |
|
|
|
|
|
|
02.05.2006, 09:59
Ehrenmitglied
Beiträge: 29434 |
#9
domdidom
1. KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: ............ C:\WINDOWS\system32\stdole3.tlb C:\WINDOWS\system32\nbmimkcp.html PC neustarten 2. SUPERAntiSpyware http://virus-protect.org/artikel/tools/superantispyware.html gehe nach dem Scan in die Quanrantaene, kopiere hier, was du dort findest, dann loesche die Quarantaene 3. poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.05.2006, 15:52
Member
Themenstarter Beiträge: 11 |
#10
Die Quarantäne kopieren ging leider nicht.
Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS\system32 02.05.2006 15:32 1.632 d3d8caps.dat 09.04.2006 12:05 1.744 d3d9caps.dat 06.04.2006 21:48 5.143.456 MRT.exe 30.03.2006 11:26 1.492.480 shdocvw.dll 30.03.2006 03:16 18.944 xpsp3res.dll 26.03.2006 15:50 376.840 perfh009.dat 26.03.2006 15:50 52.044 perfc009.dat 26.03.2006 15:50 387.564 perfh007.dat 26.03.2006 15:50 62.856 perfc007.dat 26.03.2006 15:50 889.486 PerfStringBackup.INI 23.03.2006 22:34 3.074.560 mshtml.dll 18.03.2006 13:09 615.424 urlmon.dll 17.03.2006 11:11 679.424 inetcomm.dll 17.03.2006 06:03 8.493.056 shell32.dll 17.03.2006 02:38 28.672 verclsid.exe 10.03.2006 06:09 5.533.696 wmp.dll Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\DOKUME~1\Dominik\LOKALE~1\Temp 02.05.2006 15:31 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}8685.html 02.05.2006 15:30 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}15460.html 02.05.2006 15:30 16.384 ~DF26CC.tmp 02.05.2006 15:30 16.384 ~DF1EF8.tmp 02.05.2006 15:11 16.384 ~DF1A7D.tmp 01.05.2006 20:51 16.384 ~DF3A9A.tmp 01.05.2006 20:51 16.384 ~DF345A.tmp 01.05.2006 19:41 16.384 ~DFA0E7.tmp 01.05.2006 19:41 16.384 ~DF9A9E.tmp 17.02.2006 16:55 143.360 SSUPDATE.EXE 08.02.2006 03:02 73.728 KillBox.exe 23.01.2006 15:36 429 datFind.bat Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS 02.05.2006 15:48 355.557 setupapi.log 02.05.2006 15:47 4.210 ModemLog_Creatix V.9X DSP Data Fax Modem.txt 02.05.2006 15:47 0 0.log 02.05.2006 15:47 159 wiadebug.log 02.05.2006 15:47 1.637.139 WindowsUpdate.log 02.05.2006 15:47 50 wiaservc.log 02.05.2006 15:47 2.048 bootstat.dat 02.05.2006 15:46 32.756 SchedLgU.Txt 02.05.2006 14:10 1.125 winamp.ini 01.05.2006 19:27 257.304 setupact.log 30.04.2006 18:55 11.536 mozver.dat 27.04.2006 00:50 125.218 iis6.log 27.04.2006 00:50 294.117 comsetup.log 27.04.2006 00:50 344.775 tsoc.log 27.04.2006 00:50 1.374 imsins.log 27.04.2006 00:50 170.995 ntdtcsetup.log 27.04.2006 00:50 30.123 ocmsn.log 27.04.2006 00:50 12.044 KB900485.log 27.04.2006 00:50 456.416 ocgen.log 27.04.2006 00:50 41.378 msgsocm.log 27.04.2006 00:50 914.158 FaxSetup.log 24.04.2006 11:15 262.144 Setup1.exe 24.04.2006 11:15 74.752 ODEUNST.EXE 23.04.2006 13:22 1.121 ULEAD32.INI 22.04.2006 18:07 54.156 QTFont.qfn 18.04.2006 15:40 126.648 wmsetup.log 16.04.2006 15:28 1.409 QTFont.for 13.04.2006 16:03 30.677 spupdsvc.log 13.04.2006 16:00 1.374 imsins.BAK 29.03.2006 22:00 2.560 _MSRSTRT.EXE 15.02.2006 14:03 50.688 ALCFDRTM.VER 14.01.2006 01:38 15.988 yacs.log 04.12.2005 11:56 1.100.228 setupapi.log.1.old 04.12.2005 11:53 200 cmsetacl.log 04.12.2005 11:53 18.801 sessmgr.setup.log Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\ 02.05.2006 15:48 0 sys.txt 02.05.2006 15:48 13.881 system.txt 02.05.2006 15:48 972 systemtemp.txt 02.05.2006 15:48 106.394 system32.txt 02.05.2006 15:47 536.399.872 hiberfil.sys 02.05.2006 15:47 805.306.368 pagefile.sys 01.05.2006 19:25 3.596 smitfiles.txt 01.05.2006 19:10 4.964 avenger.txt 28.04.2006 12:27 521 hpfr3420.xml 28.04.2006 12:27 170.572 hpfr3425.log 15.01.2006 04:19 52.612 EasyShare.dmp 04.12.2005 11:53 211 boot.ini 04.12.2005 11:48 47.564 NTDETECT.COM 04.12.2005 11:48 251.184 ntldr |
|
|
|
|
|
|
03.05.2006, 10:15
Ehrenmitglied
Beiträge: 29434 |
#11
domdidom
fixe mit dem HijackThis : (ist keine malware, kann/soll aber raus)...wird nicht geloescht... Zitat O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe** PC neustarten ** dann poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
03.05.2006, 14:33
Member
Themenstarter Beiträge: 11 |
#12
Logfile of HijackThis v1.99.1
Scan saved at 14:31:34, on 03.05.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Programme\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\htpatch.exe C:\WINDOWS\Dit.exe C:\Programme\Medion\PowerCinema\PCMService.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\ICQPlus\vplus.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\WINDOWS\DitExp.exe C:\Programme\ICQ\ICQ.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Outlook Express\msimn.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.fussballmanager-online.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mmtask] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [XM2002] C:\Programme\IPPS\XM2002®\XM2002.exe -auto O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\NDetect.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing) O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/de/filesharingctrl.cab O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/eng/roulette_2_0_0_17.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2A781DED-C22D-4153-9812-CEA98A32981C} (GameDesire Makao) - http://67.15.101.3/g_bin/eng/cardsmakao_2_0_0_20.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/eng/boards_2_0_0_20.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/302e6de2e228ab6e9205/netzip/RdxIE601_de.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web8.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_29.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O18 - Protocol: offline-8876480 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
|
|
|
|
03.05.2006, 15:31
Ehrenmitglied
Beiträge: 29434 |
#13
1.
Fixe mit HijackThis: (hat nichts im Autostart verloren....) O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O18 - Protocol: offline-8876480 - {BDD430E7-6FFD-4D34-BD7B-3352A28E7D37} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll PC neustarten 2. nun mache bitte noch einen Onlinescan mit Panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
03.05.2006, 19:52
Member
Themenstarter Beiträge: 11 |
#14
Incident Status Location
Spyware:application/bestoffer Not disinfected c:\windows\smdat32a.sys Potentially unwanted tool:application/altnet Not disinfected c:\program files\Altnet Adware:adware/whenusearch Not disinfected c:\programme\gemeinsame dateien\WhenU Potentially unwanted tool:application/myway Not disinfected c:\programme\MyWay Adware:adware/savenow Not disinfected Windows Registry Adware:adware/emediacodec Not disinfected Windows Registry Adware:adware/dyfuca Not disinfected Windows Registry Adware:Adware/SecurityError Not disinfected C:\avenger\backup.zip[avenger/atmclk.exe] Adware:Adware/SecurityError Not disinfected C:\avenger\backup.zip[avenger/dcomcfg.exe] Adware:Adware/SecurityError Not disinfected C:\avenger\backup.zip[avenger/simpole.tlb] Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Mozilla\Profiles\default\mbbx8oej.slt\cookies.txt[.adtech.de/] Spyware:Cookie/Atlas DMT Not disinfected C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Mozilla\Profiles\default\mbbx8oej.slt\cookies.txt[.atdmt.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Mozilla\Profiles\default\mbbx8oej.slt\cookies.txt[.doubleclick.net/] Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Mozilla\Profiles\default\mbbx8oej.slt\cookies.txt[as1.falkag.de/] Spyware:Cookie/Tradedoubler Not disinfected C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Mozilla\Profiles\default\mbbx8oej.slt\cookies.txt[.tradedoubler.com/] Spyware:Cookie/2o7 Not disinfected C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@2o7[1].txt Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@adtech[2].txt Spyware:Cookie/Advertising Not disinfected C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@advertising[1].txt Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@as-eu.falkag[1].txt Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@as1.falkag[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@atwola[1].txt Spyware:Cookie/Com.com Not disinfected C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@fastclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@media.fastclick[2].txt Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@sel.as-eu.falkag[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Dominik\Desktop\smitRem\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Dominik\Desktop\smitRem.exe[smitRem/Process.exe] |
|
|
|
|
|
|
03.05.2006, 19:56
Ehrenmitglied
Beiträge: 29434 |
#15
boote in den bgesicherten modus und loesche manuell:
Zitat c:\program files\Altnetdann scanne noch mal (die cookies und smitRem\Process.exe brauchst du dann nicht zu beachten...alles andere muss geloescht sewin ! ) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich habe seit gestern einige verschiedene Viren auf dem PC TR/Zlob.IT.3, diesen Swizzor usw.
Wie kann ich dagegen vorgehen ?
Gruß Dominik