Malware/Virus Virtumonde |
||
---|---|---|
#0
| ||
03.06.2006, 13:46
Member
Beiträge: 11 |
||
|
||
04.06.2006, 00:03
Ehrenmitglied
Beiträge: 29434 |
#2
arbeite vundofix ab und poste den scanreport
http://virus-protect.org/artikel/tools/vundofixx.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.06.2006, 13:19
Member
Themenstarter Beiträge: 11 |
#3
Vundofix fand folgende Datei:
C:/Windows/System32/sstqq.dll Was muss ich jetz mit Hijackthis fixen? Ich hab da nur: Winlogon Notify: sstqq - C:\WINDOWS\ |
|
|
||
04.06.2006, 14:03
Ehrenmitglied
Beiträge: 29434 |
#4
The_Death
fixe mit Hiajckthis Zitat O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)das kannst du auch unbedenklich fixen: O18 - Protocol: bw+0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll PC neustarten --------------------------------------------------------------------------- ich schaue noch mal nach: stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.06.2006, 17:21
Member
Themenstarter Beiträge: 11 |
#5
So hab mit hijackthis gefixt und jetz die 4 logs:
1. Log: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 585A-CB4D Verzeichnis von C:\ 04.06.2006 17:06 0 sys.txt 04.06.2006 17:06 12.206 system.txt 04.06.2006 17:06 309 systemtemp.txt 04.06.2006 17:06 101.788 system32.txt 04.06.2006 16:56 535.613.440 hiberfil.sys 04.06.2006 16:56 805.306.368 pagefile.sys 30.05.2006 15:29 355 boot.ini 28.05.2006 10:04 45 TEST.XML 03.05.2006 16:21 381 overall_network.csv 28.03.2006 13:15 441 bootbak.bat 27.03.2006 19:09 319 boot.bak 27.03.2006 19:09 319 boot.lgb 03.03.2006 19:42 194 BOOT.BKK 2. Log: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 585A-CB4D Verzeichnis von C:\DOKUME~1\JAN~1.STA\LOKALE~1\Temp 04.06.2006 16:58 16.384 Perflib_Perfdata_6b4.dat 1 Datei(en) 16.384 Bytes 0 Verzeichnis(se), 76.927.205.376 Bytes frei 3. Log: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 585A-CB4D Verzeichnis von C:\WINDOWS 04.06.2006 16:58 49 NeroDigital.ini 04.06.2006 16:57 0 0.log 04.06.2006 16:57 159 wiadebug.log 04.06.2006 16:57 50 wiaservc.log 04.06.2006 16:56 2.048 bootstat.dat 04.06.2006 16:55 7.926 ModemLog_FM-56PCI-HSFi-AB.txt 04.06.2006 16:46 32.468 SchedLgU.Txt 04.06.2006 16:38 610 oleco.ini 02.06.2006 15:08 778.009 setupapi.log 01.06.2006 20:38 47.352 Windows Update.log 01.06.2006 19:09 89.235 iis6.log 01.06.2006 19:09 241.662 comsetup.log 01.06.2006 19:09 146.993 ntdtcsetup.log 01.06.2006 19:09 239.366 tsoc.log 01.06.2006 19:09 1.891 imsins.log 01.06.2006 19:09 323.487 ocgen.log 01.06.2006 19:09 22.515 ocmsn.log 01.06.2006 19:09 29.308 msgsocm.log 01.06.2006 19:09 572.081 FaxSetup.log 01.06.2006 18:43 848 HBCIKRNL.INI 01.06.2006 14:41 83 wwp.INI 31.05.2006 19:56 389 LUINSTALL.LOG 30.05.2006 21:18 870.012 ntbtlog.txt 30.05.2006 18:01 9.255 Zmodeler.ini 29.05.2006 16:25 227 system.ini 28.05.2006 15:16 69.179 wmsetup.log 28.05.2006 15:16 17.581 dasetup.log 28.05.2006 15:15 332.849 DirectX.log 28.05.2006 14:16 797 win.ini 28.05.2006 14:04 535.617.536 MEMORY.DMP 28.05.2006 12:23 1.562 ATIWDM.LOG 28.05.2006 10:40 243 wmsetup10.log 28.05.2006 10:40 316.640 WMSysPr9.prx 28.05.2006 10:02 1.442 COM+.log 28.05.2006 09:59 719.744 setuplog.txt 28.05.2006 09:57 4.382 imsins.BAK 28.05.2006 09:57 424.647 setupact.log 28.05.2006 09:53 299.552 WMSysPrx.prx 28.05.2006 09:52 2.060 OEWABLog.txt 28.05.2006 09:52 4.161 ODBCINST.INI 28.05.2006 09:52 3.090 setuperr.log 28.05.2006 09:52 749 WindowsShell.Manifest 28.05.2006 09:51 858 DtcInstall.log 28.05.2006 09:51 9.173 sessmgr.setup.log 28.05.2006 09:48 8.114 regopt.log 27.05.2006 23:51 363.239 setupapi.old 27.05.2006 23:48 290.816 Setup1.exe 27.05.2006 23:48 74.752 ST6UNST.EXE 25.05.2006 22:29 1.845.769 WindowsUpdate.log 18.05.2006 14:52 260 musicmaker.INI 16.05.2006 16:03 367 lexstat.ini 08.05.2006 18:16 258 RtlRack.ini 21.04.2006 21:27 161.564 f-15-3_large.jpg 14.04.2006 15:59 383.015 WoWGeR-Client 1.9.4 Patch Setup Log.txt 08.04.2006 03:54 7.183 svcpack.log 07.04.2006 15:55 3.618 KB897715-OE6SP1-20050503.210336.log 07.04.2006 14:47 10.631 KB914798.log 07.04.2006 14:45 22.539 KB885250.log 07.04.2006 14:45 5.452 xpsp1hfm.log 07.04.2006 14:45 7.703 KB840374.log 07.04.2006 14:44 18.368 KB841356.log 07.04.2006 14:44 8.205 KB839645.log 07.04.2006 14:43 18.422 KB871250.log 07.04.2006 14:43 7.781 KB833987.log 07.04.2006 14:43 19.076 KB841873.log 07.04.2006 14:43 16.676 KB873376.log 07.04.2006 14:42 16.136 KB841533.log 07.04.2006 14:42 19.202 KB840987.log 03.04.2006 16:33 403 toolsx86.INI 4. Log: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 585A-CB4D Verzeichnis von C:\WINDOWS\system32 04.06.2006 16:56 146.466 ikhcore.log 04.06.2006 16:54 77 bios.rom 01.06.2006 17:51 2.993 CONFIG.NT 31.05.2006 19:54 9.767.149 kspydoc.log 31.05.2006 19:48 0 Sweeper.cfg 31.05.2006 11:02 624.640 aswBoot.exe 31.05.2006 10:54 90.112 AVASTSS.scr 30.05.2006 15:29 2.177.024 TUKernel.exe 28.05.2006 15:21 278.152 FNTCACHE.DAT 28.05.2006 12:46 9.216 Thumbs.db 28.05.2006 12:19 0 TFTP1692 28.05.2006 10:40 16.832 amcompat.tlb 28.05.2006 10:40 23.392 nscompat.tlb 28.05.2006 10:07 477.462 perfh009.dat 28.05.2006 10:07 79.020 perfc009.dat 28.05.2006 10:07 95.108 perfc007.dat 28.05.2006 10:07 499.308 perfh007.dat 28.05.2006 10:07 1.164.800 PerfStringBackup.INI 28.05.2006 10:03 12.598 wpa.dbl 28.05.2006 09:56 288 $winnt$.inf 28.05.2006 09:53 25.065 wmpscheme.xml 28.05.2006 09:52 488 WindowsLogon.manifest 28.05.2006 09:52 488 logonui.exe.manifest 28.05.2006 09:52 749 cdplayer.exe.manifest 28.05.2006 09:52 749 sapi.cpl.manifest 28.05.2006 09:52 749 wuaucpl.cpl.manifest 28.05.2006 09:52 749 nwc.cpl.manifest 28.05.2006 09:52 749 ncpa.cpl.manifest 28.05.2006 09:51 22.976 emptyregdb.dat 27.05.2006 23:43 12.598 wpa.bak 21.05.2006 11:40 4.096 crash 25.04.2006 20:28 2.043.008 kernel1.exe 20.04.2006 17:53 98.304 CmdLineExt.dll 13.04.2006 14:34 38.925 sstqq.dll PS: Noch ma zu der Avast-Nachricht: Sobald diese DCOM Exploit abgewehrt kommt, hängt sich alles außer Internet auf. Und manchmal kommt ein Fenster, da steht dann ungefähr: Speichern sie alle änderungen, Windows wird von Windows NT/Autorität beendet. oder so was in der Art und nach 55 sec is der pc dann down, ich konnte es aber mit spyware doctor on guard blocken, nur wird der im mom von nem sogen. neuen bo-objekt traktiert, was er alle 2 sek im fenster anzeigt: BO-Objekt erkannt wird de/re-registiert oder so was... Ich hab keine Ahnung, lass aber gleich noch mal spyware doctor drüberlaufen, vllt. zeigt sich ja noch was. MFG The_Death |
|
|
||
04.06.2006, 17:31
Ehrenmitglied
Beiträge: 29434 |
#6
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: .......... C:\WINDOWS\system32\TFTP1692 C:\WINDOWS\system32\sstqq.dll PC neustarten * poste das neue Log vom HijackThis * poste noch mal die logs von datfindbat (bis Februar 2006) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.06.2006, 17:47
Member
Themenstarter Beiträge: 11 |
#7
neuer Hijackthislog:
Logfile of HijackThis v1.99.1 Scan saved at 17:43:38, on 04.06.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Avast4\aswUpdSv.exe C:\Programme\Avast4\ashServ.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programme\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe C:\WINDOWS\System32\carpserv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Spyware Doctor\swdoctor.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\Avast4\ashMaiSv.exe C:\Programme\Avast4\ashWebSv.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Dokumente und Einstellungen\Jan.STARGATECENTER\Desktop\Programme\HijackThis.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Norton] C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137765512890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140821526531 O17 - HKLM\System\CCS\Services\Tcpip\..\{66466F67-5D8C-47E6-ACBF-0CAD0103FC5C}: NameServer = 192.168.0.1 O20 - Winlogon Notify: sstqq - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programme\AntiVir\AVWUPSRV.EXE (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe (file missing) O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) dann der 1. Log: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 585A-CB4D Verzeichnis von C:\WINDOWS\system32 04.06.2006 17:42 159.312 ikhcore.log 04.06.2006 16:54 77 bios.rom 01.06.2006 17:51 2.993 CONFIG.NT 31.05.2006 19:54 9.767.149 kspydoc.log 31.05.2006 19:48 0 Sweeper.cfg 31.05.2006 11:02 624.640 aswBoot.exe 31.05.2006 10:54 90.112 AVASTSS.scr 30.05.2006 15:29 2.177.024 TUKernel.exe 28.05.2006 15:21 278.152 FNTCACHE.DAT 28.05.2006 12:46 9.216 Thumbs.db 28.05.2006 10:40 23.392 nscompat.tlb 28.05.2006 10:40 16.832 amcompat.tlb 28.05.2006 10:07 79.020 perfc009.dat 28.05.2006 10:07 477.462 perfh009.dat 28.05.2006 10:07 95.108 perfc007.dat 28.05.2006 10:07 499.308 perfh007.dat 28.05.2006 10:07 1.164.800 PerfStringBackup.INI 28.05.2006 10:03 12.598 wpa.dbl 28.05.2006 09:56 288 $winnt$.inf 28.05.2006 09:53 25.065 wmpscheme.xml 28.05.2006 09:52 488 WindowsLogon.manifest 28.05.2006 09:52 488 logonui.exe.manifest 28.05.2006 09:52 749 cdplayer.exe.manifest 28.05.2006 09:52 749 sapi.cpl.manifest 28.05.2006 09:52 749 nwc.cpl.manifest 28.05.2006 09:52 749 wuaucpl.cpl.manifest 28.05.2006 09:52 749 ncpa.cpl.manifest 28.05.2006 09:51 22.976 emptyregdb.dat 27.05.2006 23:43 12.598 wpa.bak 21.05.2006 11:40 4.096 crash 25.04.2006 20:28 2.043.008 kernel1.exe 20.04.2006 17:53 98.304 CmdLineExt.dll 29.03.2006 14:55 2.043.008 KERNEL.TMP 28.03.2006 15:21 8.464 sporder.dll 20.03.2006 16:41 664 d3d9caps.dat 10.03.2006 02:10 4.799.320 MRT.exe 07.03.2006 19:05 221.184 UAService7.exe 24.02.2006 23:23 4.212 zllictbl.dat 22.02.2006 05:27 6.684.672 atioglx1.dll 22.02.2006 05:11 151.552 atikvmag.dll 22.02.2006 05:04 258.048 ati2cqag.dll 22.02.2006 04:21 282.624 ATIDEMGR.dll 14.02.2006 10:20 550.120 LegitCheckControl.dll 13.02.2006 22:29 121.995 atiicdxx.dat 01.02.2006 04:48 106.496 atinppt2.ax 2. Log: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 585A-CB4D Verzeichnis von C:\WINDOWS 04.06.2006 17:42 0 0.log 04.06.2006 17:42 157 wiadebug.log 04.06.2006 17:42 50 wiaservc.log 04.06.2006 17:42 2.048 bootstat.dat 04.06.2006 17:41 32.468 SchedLgU.Txt 04.06.2006 17:41 35.336 ModemLog_FM-56PCI-HSFi-AB.txt 04.06.2006 17:38 610 oleco.ini 04.06.2006 17:07 49 NeroDigital.ini 02.06.2006 15:08 778.009 setupapi.log 01.06.2006 20:38 47.352 Windows Update.log 01.06.2006 19:09 241.662 comsetup.log 01.06.2006 19:09 89.235 iis6.log 01.06.2006 19:09 146.993 ntdtcsetup.log 01.06.2006 19:09 1.891 imsins.log 01.06.2006 19:09 239.366 tsoc.log 01.06.2006 19:09 29.308 msgsocm.log 01.06.2006 19:09 323.487 ocgen.log 01.06.2006 19:09 22.515 ocmsn.log 01.06.2006 19:09 572.081 FaxSetup.log 01.06.2006 18:43 848 HBCIKRNL.INI 01.06.2006 14:41 83 wwp.INI 31.05.2006 19:56 389 LUINSTALL.LOG 30.05.2006 21:18 870.012 ntbtlog.txt 30.05.2006 18:01 9.255 Zmodeler.ini 29.05.2006 16:25 227 system.ini 28.05.2006 15:16 69.179 wmsetup.log 28.05.2006 15:16 17.581 dasetup.log 28.05.2006 15:15 332.849 DirectX.log 28.05.2006 14:16 797 win.ini 28.05.2006 14:04 535.617.536 MEMORY.DMP 28.05.2006 12:23 1.562 ATIWDM.LOG 28.05.2006 10:40 243 wmsetup10.log 28.05.2006 10:40 316.640 WMSysPr9.prx 28.05.2006 10:02 1.442 COM+.log 28.05.2006 09:59 719.744 setuplog.txt 28.05.2006 09:57 4.382 imsins.BAK 28.05.2006 09:57 424.647 setupact.log 28.05.2006 09:53 299.552 WMSysPrx.prx 28.05.2006 09:52 2.060 OEWABLog.txt 28.05.2006 09:52 4.161 ODBCINST.INI 28.05.2006 09:52 3.090 setuperr.log 28.05.2006 09:52 749 WindowsShell.Manifest 28.05.2006 09:51 858 DtcInstall.log 28.05.2006 09:51 9.173 sessmgr.setup.log 28.05.2006 09:48 8.114 regopt.log 27.05.2006 23:51 363.239 setupapi.old 27.05.2006 23:48 290.816 Setup1.exe 27.05.2006 23:48 74.752 ST6UNST.EXE 25.05.2006 22:29 1.845.769 WindowsUpdate.log 18.05.2006 14:52 260 musicmaker.INI 16.05.2006 16:03 367 lexstat.ini 08.05.2006 18:16 258 RtlRack.ini 21.04.2006 21:27 161.564 f-15-3_large.jpg 14.04.2006 15:59 383.015 WoWGeR-Client 1.9.4 Patch Setup Log.txt 08.04.2006 03:54 7.183 svcpack.log 07.04.2006 15:55 3.618 KB897715-OE6SP1-20050503.210336.log 07.04.2006 14:47 10.631 KB914798.log 07.04.2006 14:45 22.539 KB885250.log 07.04.2006 14:45 5.452 xpsp1hfm.log 07.04.2006 14:45 7.703 KB840374.log 07.04.2006 14:44 18.368 KB841356.log 07.04.2006 14:44 8.205 KB839645.log 07.04.2006 14:43 18.422 KB871250.log 07.04.2006 14:43 7.781 KB833987.log 07.04.2006 14:43 19.076 KB841873.log 07.04.2006 14:43 16.676 KB873376.log 07.04.2006 14:42 16.136 KB841533.log 07.04.2006 14:42 19.202 KB840987.log 03.04.2006 16:33 403 toolsx86.INI 28.03.2006 15:28 183.296 NDNuninstall7_22.exe 10.03.2006 15:40 7.330 WGA.log 02.03.2006 18:28 107.134 UninstallFirefox.exe 02.03.2006 18:28 4.370 mozver.dat 02.03.2006 18:26 179 LDM.log 02.03.2006 18:25 86 KE.log 27.02.2006 18:42 2.359.350 Firefox Wallpaper.bmp 27.02.2006 18:42 177.823 206cc.jpg 25.02.2006 22:08 2.737 spupdsvc.log 25.02.2006 00:54 56.468 KB913446.log 25.02.2006 00:54 51.687 KB911564.log 25.02.2006 00:53 62.645 KB911927.log 25.02.2006 00:53 32.720 updspapi.log 25.02.2006 00:53 48.743 KB911565.log 25.02.2006 00:52 49.116 KB905915-IE6SP1-20051122.175908.log 25.02.2006 00:51 45.532 KB910437.log 25.02.2006 00:51 54.246 KB900725.log 25.02.2006 00:51 55.797 KB902400.log 25.02.2006 00:50 31.858 KB896423.log 25.02.2006 00:50 32.214 KB890859.log 25.02.2006 00:50 22.764 KB887472.log 3. Log: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 585A-CB4D Verzeichnis von C:\ 04.06.2006 17:42 0 sys.txt 04.06.2006 17:42 12.206 system.txt 04.06.2006 17:42 556 systemtemp.txt 04.06.2006 17:42 101.695 system32.txt 04.06.2006 17:42 535.613.440 hiberfil.sys 04.06.2006 17:42 805.306.368 pagefile.sys 30.05.2006 15:29 355 boot.ini 28.05.2006 10:04 45 TEST.XML 03.05.2006 16:21 381 overall_network.csv 28.03.2006 13:15 441 bootbak.bat 27.03.2006 19:09 319 boot.bak 27.03.2006 19:09 319 boot.lgb 03.03.2006 19:42 194 BOOT.BKK 15.04.2004 18:50 870 IPH.PH 15.04.2004 02:30 0 CONFIG.SYS 15.04.2004 02:30 0 MSDOS.SYS 15.04.2004 02:30 0 IO.SYS 15.04.2004 02:30 0 AUTOEXEC.BAT 02.04.2003 14:00 4.952 bootfont.bin 02.04.2003 14:00 47.580 NTDETECT.COM 02.04.2003 14:00 235.296 ntldr 21 Datei(en) 1.341.325.017 Bytes 0 Verzeichnis(se), 76.925.460.480 Bytes frei 4. Log: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 585A-CB4D Verzeichnis von C:\DOKUME~1\JAN~1.STA\LOKALE~1\Temp 04.06.2006 17:42 16.384 Perflib_Perfdata_120.dat 04.06.2006 17:38 8.871 trash.htm 04.06.2006 17:38 0 TMP3.tmp 04.06.2006 17:12 0 TMP2.tmp 04.06.2006 17:09 0 TMP4.tmp 04.06.2006 16:58 16.384 Perflib_Perfdata_6b4.dat 6 Datei(en) 41.639 Bytes 0 Verzeichnis(se), 76.925.476.864 Bytes frei |
|
|
||
04.06.2006, 18:06
Ehrenmitglied
Beiträge: 29434 |
#8
1.
fixe mit dem HijackThis: O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file) O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - (no file) O20 - Winlogon Notify: sstqq - C:\WINDOWS\ PC neustarten 2. loesche: C:\WINDOWS\system32\sporder.dll C:\WINDOWS\NDNuninstall7_22.exe 3. scanne mit ewido und poste den report http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.06.2006, 12:09
Member
Themenstarter Beiträge: 11 |
#9
Spyware Doctor Scan-Ergebnisse:
Infizierungen: 4 Virtumonde Virtumonde modifies the Windows Internet connection mechanism and display varios pop-up advertisements. Files: - C:\System Volume Information\_restore{8B30F253-140D-44FB-91C8-1D10644DE9EC}\RP21\A0033077.dll - C:\System Volume Information\_restore{8B30F253-140D-44FB-91C8-1D10644DE9EC}\RP21\A0035118.dll Registry: - HKLM\Software\Mircrosoft\Windows\Current Version\Explorer\Browser Helper Objects\{F2FA09FB-EE7A-46D8-9145-A1EEF7850052} - HKLM\Software\Mircrosoft\Windows\Current Version\Explorer\Browser Helper Objects\{F2FA09FB-EE7A-46D8-9145-A1EEF7850052}## --------------------------------------------------------------------------------------------------------------------------- ewido anti-malware - System-Scan - 13 Infizierungen, konnte Report durch "Aufhängen" nicht speichern, Infizierungen behoben. - 2. Scan brachte keine Ergebnisse mehr. --------------------------------------------------------- ewido anti-malware - Prozess Report --------------------------------------------------------- + Erstellt am: 10:53:45, 05.06.2006 + Report-Checksumme: 5A006EA8 0: System Process 4: System Process 192: C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe 236: C:\Programme\Messenger\msmsgs.exe 240: C:\WINDOWS\System32\ctfmon.exe 280: C:\WINDOWS\System32\svchost.exe 288: C:\Programme\Spyware Doctor\swdoctor.exe 420: C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe 476: \SystemRoot\System32\smss.exe 528: C:\WINDOWS\System32\UAService7.exe 544: \??\C:\WINDOWS\system32\csrss.exe 568: \??\C:\WINDOWS\system32\winlogon.exe 612: C:\WINDOWS\system32\services.exe 624: C:\WINDOWS\system32\lsass.exe 768: C:\WINDOWS\System32\Ati2evxx.exe 796: C:\WINDOWS\system32\svchost.exe 840: C:\WINDOWS\System32\svchost.exe 864: C:\Programme\TGTSoft\StyleXP\StyleXPService.exe 948: C:\WINDOWS\System32\svchost.exe 1024: C:\WINDOWS\System32\svchost.exe 1152: C:\WINDOWS\system32\Ati2evxx.exe 1212: C:\WINDOWS\Explorer.EXE 1288: C:\WINDOWS\system32\LEXBCES.EXE 1312: C:\WINDOWS\system32\spoolsv.exe 1328: C:\WINDOWS\system32\LEXPPS.EXE 1356: C:\Programme\Avast4\ashWebSv.exe 1500: C:\Programme\Avast4\aswUpdSv.exe 1528: C:\Programme\Avast4\ashServ.exe 1588: C:\Programme\ewido anti-malware\ewidoctrl.exe 1612: C:\Programme\ewido anti-malware\ewidoguard.exe 1840: C:\Programme\Avast4\ashMaiSv.exe 1852: C:\WINDOWS\System32\SCardSvr.exe 1908: C:\Programme\Spyware Doctor\sdhelp.exe 1924: C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe 1932: C:\WINDOWS\System32\carpserv.exe 1968: C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe 1976: C:\Programme\Microsoft IntelliType Pro\type32.exe 1984: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe 1992: C:\Programme\ATI Technologies\ATI.ACE\cli.exe 2024: C:\PROGRA~1\Avast4\ashDisp.exe 2032: C:\Programme\Spybot - Search & Destroy\TeaTimer.exe 2488: C:\WINDOWS\System32\wbem\wmiprvse.exe 2804: C:\Programme\ATI Technologies\ATI.ACE\cli.exe 2844: C:\Programme\ewido anti-malware\securitysuite.exe --------------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 11:51:44, on 05.06.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Avast4\aswUpdSv.exe C:\Programme\Avast4\ashServ.exe C:\Programme\ewido anti-malware\ewidoctrl.exe C:\Programme\ewido anti-malware\ewidoguard.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programme\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\carpserv.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Spyware Doctor\swdoctor.exe C:\WINDOWS\System32\UAService7.exe C:\Programme\Avast4\ashWebSv.exe C:\Programme\Avast4\ashMaiSv.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ewido anti-malware\securitysuite.exe C:\WINDOWS\notepad.exe C:\Dokumente und Einstellungen\Jan.STARGATECENTER\Desktop\Programme\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Norton] C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137765512890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140821526531 O17 - HKLM\System\CCS\Services\Tcpip\..\{66466F67-5D8C-47E6-ACBF-0CAD0103FC5C}: NameServer = 192.168.0.1 O20 - Winlogon Notify: sstqq - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programme\AntiVir\AVWUPSRV.EXE (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe (file missing) O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) |
|
|
||
05.06.2006, 12:14
Ehrenmitglied
Beiträge: 29434 |
#10
The_Death
1. Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren) 2. Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) sstqq in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. in: "Enter search strings" (reinschreiben oder reinkopieren) {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. ----------------------------------------------------------------------- 3. poste das log RootkitRevealer http://www.sysinternals.com/Utilities/RootkitRevealer.html 4. Download f-secure-Beta Trial http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei -> hier posten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.06.2006, 18:31
Member
Themenstarter Beiträge: 11 |
#11
06/05/06 18:12:31 [Info]: BlackLight Engine 1.0.37 initialized
06/05/06 18:12:31 [Info]: OS: 5.1 build 2600 (Service Pack 1) 06/05/06 18:12:31 [Note]: 7019 4 06/05/06 18:12:31 [Note]: 7005 0 06/05/06 18:12:37 [Note]: 7006 0 06/05/06 18:12:37 [Note]: 7011 1188 06/05/06 18:12:37 [Note]: 7026 0 06/05/06 18:12:37 [Note]: 7026 0 06/05/06 18:12:41 [Note]: FSRAW library version 1.7.1015 06/05/06 18:15:27 [Note]: 7007 0 ------------------------------------------------------------------- HKLM\SOFTWARE\Classes\webcal\URL Protocol 19.1.2006 17:56 13 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 23.3.2006 18:50 0 bytes Key name contains embedded nulls (*) HKLM\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40 5.6.2006 18:08 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf41 28.5.2006 14:14 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf42 28.5.2006 14:14 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf43 30.3.2006 14:20 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\s0 20.1.2006 17:10 4 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\s1 20.1.2006 17:10 4 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\s2 20.1.2006 17:10 4 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\g0 20.1.2006 17:10 32 bytes Hidden from Windows API. C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 2.3.2006 19:14 252.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 2.3.2006 19:14 111.50 KB Visible in Windows API, but not in MFT or directory index. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 05.06.2006 18:30:29 for strings: ; 'sstqq' ; '{f2fa09fb-ee7a-46d8-9145-a1eef7850052}' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstqq] [HKEY_USERS\S-1-5-21-2998049325-2888997173-801624603-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit] "LastKey"="Arbeitsplatz\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\sstqq" [HKEY_USERS\S-1-5-21-2998049325-2888997173-801624603-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll] "a"="C:\\WINDOWS\\system32\\sstqq.dll" ; End Of The Log... |
|
|
||
06.06.2006, 00:33
Ehrenmitglied
Beiträge: 29434 |
#12
The_Death
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry beifuegen. Zitat REGEDIT4PC neustarten poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.06.2006, 15:27
Member
Themenstarter Beiträge: 11 |
#13
Logfile of HijackThis v1.99.1
Scan saved at 15:26:28, on 06.06.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Avast4\aswUpdSv.exe C:\Programme\Avast4\ashServ.exe C:\Programme\ewido anti-malware\ewidoctrl.exe C:\Programme\ewido anti-malware\ewidoguard.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programme\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe C:\WINDOWS\System32\carpserv.exe C:\WINDOWS\System32\UAService7.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Spyware Doctor\swdoctor.exe C:\Programme\Avast4\ashWebSv.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\Avast4\ashMaiSv.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Dokumente und Einstellungen\Jan.STARGATECENTER\Desktop\Programme\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Norton] C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137765512890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140821526531 O17 - HKLM\System\CCS\Services\Tcpip\..\{66466F67-5D8C-47E6-ACBF-0CAD0103FC5C}: NameServer = 192.168.0.1 O20 - Winlogon Notify: sstqq - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programme\AntiVir\AVWUPSRV.EXE (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe (file missing) O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) |
|
|
||
06.06.2006, 16:50
Ehrenmitglied
Beiträge: 29434 |
#14
nun weiss ich nicht, ob du die reg-Datei korrekt angewendet hast......
berichte bitte, denn eigentlich muessten nun die Eintraege im HijackThis verschwunden sein Start - Ausfuehren - regedit bearbeiten - suchen - - sstqq - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} loesche alles raus, was du findest und starte den Rechner neu __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.06.2006, 17:18
Member
Themenstarter Beiträge: 11 |
#15
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstqq] Die Zwei krieg ich net weg! EDIT: Ich denke es hat sich erledigt... Bei Regestry durchsuchen zeigt er nichts an... noch heute oder morgen alles an antiviren/malware etc. drüber laufen lassen un dann mal schaun... wenns weg ist: tausend dank für die professionelle hilfe. Wenn nich auch tausend dank Zitat freiwillig: PayPalwerd sehn was sich machen lässt Dieser Beitrag wurde am 07.06.2006 um 17:32 Uhr von The_Death editiert.
|
|
|
||
Virtumonde
Spyware Doctor zeigt an, dass EXPLORER.EXE befallen ist, im WINDOWS Ordner die Datei sstqq.dll, die sich natürlich nicht löschen lässt (habs mit allem versucht, mehrere Datenvernichterprogramme, zb. Tune Up) außerdem in der Regisry files, die immer wieder kommen, wenn man sie löscht. Sobald ich ins Internet gehe, wird alles dermaßen langsam, das nur noch Reset hilft. Deswegen entschuldigt auch bitte, falls es so nen Tread schon gibt, nur muss ich halt immer schnell machen, bevor wieder alles abkackt.
Also hier hab ich mal Hijackthis drüber laufen lassen:
Logfile of HijackThis v1.99.1
Scan saved at 13:28:24, on 03.06.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avast4\aswUpdSv.exe
C:\Programme\Avast4\ashServ.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\Programme\Avast4\ashWebSv.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Avast4\ashMaiSv.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Dokumente und Einstellungen\Jan.STARGATECENTER\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - C:\WINDOWS\system32\sstqq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [Norton] C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137765512890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140821526531
O17 - HKLM\System\CCS\Services\Tcpip\..\{66466F67-5D8C-47E6-ACBF-0CAD0103FC5C}: NameServer = 192.168.0.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{0904CCEA-0D71-4656-8AB0-2DF406965EA3}: NameServer = 62.104.191.241 62.104.196.134
O18 - Protocol: bw+0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: sstqq - C:\WINDOWS\SYSTEM32\sstqq.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programme\AntiVir\AVWUPSRV.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Das wärs soweit, hoffe auf baldige Anwort und Hilfe
In tiefer Verzweiflung:
The_Death
PS: Avast Zugriffs-Schutz zeigt mir immer:
"DCOM Exploit" abgewehrt von irgendner IP-Adresse oder so. Kann mir da jemand was zu sagen?