Backdoor.Win32.RA-based.ba

02.01.2007, 10:02

uterio

...neu hier

Beiträge: 3

#1 gruezi
habe einen avk wächter. dieser hat folgendes in der Quarantäne.
Virus: Backdoor.Win.32.RA-based.ba
Datei: PavProc.sys
Verzeichnis: c:\windows\system32\drivers
ist dies schlimm und wie kann ich das entfernen
mfG uterio

02.01.2007, 11:52

Sabina

Ehrenmitglied

Beiträge: 29434

#2 uterio

Zitat

SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\PavSRK.sys ZwWriteVirtualMemory

1.
http://virus-protect.org/zip/gmer.zip
Bitte nutze Gmer Starte es und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit nein beantworten, auf den Reiter rootkit gehen, wiederum die Frage mit nein beantworten und mit Hilfe von copy den Bericht hier einfuegen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. ist dieser Beendet, wähle Copy und füge den Bericht ein.

2.
Erstellen eines Hijackthis-Logfiles
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit

02.01.2007, 12:23

uterio

...neu hier

Themenstarter

Beiträge: 3

#3 Grüezi Sabine
habe Gmer gemacht und folgendes hat sich gemdlet

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-02 12:04:16
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [FA2A5758] ShldDrv.SYS
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [FA2A5AC2] ShldDrv.SYS

---- EOF - GMER 1.0.12 ----

habe danach den Scan gemacht und folgendes ist passiert

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-02 12:28:48
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwCreateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwOpenProcess
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateThread

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [FA2A5758] ShldDrv.SYS
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [FA2A5AC2] ShldDrv.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE [FA2A571A] ShldDrv.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION [FA2A5A84] ShldDrv.SYS
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE [FA2A571A] ShldDrv.SYS
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [FA2A5A84] ShldDrv.SYS

---- EOF - GMER 1.0.12 ----

Dieser Beitrag wurde am 02.01.2007 um 12:29 Uhr von uterio editiert.

02.01.2007, 12:40

Sabina

Ehrenmitglied

Beiträge: 29434

#4 uterio

Erstellen eines Hijackthis-Logfiles
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit

02.01.2007, 12:47

uterio

...neu hier

Themenstarter

Beiträge: 3

#5 Grüezi Sabina
anbei das KOMPLETTE Log

Logfile of HijackThis v1.99.1
Scan saved at 12:46:09, on 02.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\Programme\Logitech\MediaLife\MediaLifeService.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programme\AntiVirenKit 2005\AVKBar.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\FRITZ!\FriFax32.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programme\AntiVirenKit 2005\AVKService.exe
C:\Programme\AntiVirenKit 2005\AVKWCtl.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\unzipped\gmer[1]\gmer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ch/0SEDECH/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ch/0SEDECH/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ch/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ch/0SEDECH/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\system32\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\system32\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dischostcrypt] C:\WINDOWS\system32\hostlogcrypt.exe
O4 - HKLM\..\Run: [hostx] C:\WINDOWS\system32\runlogsysexpoler.exe %srun%
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Programme\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [mmtask] "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [expoler] C:\WINDOWS\system32\hostlogcrypt.exe
O4 - HKCU\..\Run: [servicex] C:\WINDOWS\system32\runlogsysexpoler.exe %srun%
O4 - HKCU\..\Run: [AVKBar] "C:\Programme\AntiVirenKit 2005\AVKBar.exe"
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: E-Mail.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: FRITZ!fax.lnk = C:\Programme\FRITZ!\FriFax32.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\system32\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\system32\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\system32\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\windows\system32\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\system32\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for ¸æ: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0512d8eb1556afbec114/netzip/RdxIE601_de.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://hpt1.bluewin.ch/app/static/activex/msxml4.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.de/r/neutral/controls/MsnPUpld.cab?5,0,1730,0
O17 - HKLM\System\CCS\Services\Tcpip\..\{70B71E78-E1B7-4616-BED4-2CE9D21F17C6}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol: bw+0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {EDDAF3A5-1FE8-4DDE-AED7-0DF4AFFF2EBC} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit 2005\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit 2005\AVKWCtl.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe

mfG uterio

02.01.2007, 12:48

Sabina

Ehrenmitglied

Beiträge: 29434

#6 uterio

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1