Home » Spyware & Browser Hijacker Support Forum » Bitte mal drüber schauen (Hijackthis) » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Bitte mal drüber schauen (Hijackthis)

12.02.2008, 17:11

Merton

...neu hier

Beiträge: 5

#1 Hi, der Computer hat ein paar Trojaner und Spyware drauf (schätz ich mal).

Hier ist das Log
Hoffentlich könnt ihr mal drüberschauen und mir sagen, was weg muss

Danke im Vorraus.

EDIT:

Combofix :

ComboFix 08-02-12.3 - Administrator 2008-02-12 18:57:46.3 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1031.18.243 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-01-12 bis 2008-02-12 ))))))))))))))))))))))))))))))
.

2008-02-12 18:17 . 08-02-12 18:17 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_35c.dat
2008-02-12 18:17 . 08-02-12 18:17 6,736 --a------ C:\WINNT\system32\drivers\PROCEXP90.SYS
2008-02-12 16:58 . 08-02-12 16:58 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_218.dat
2008-02-11 20:34 . 08-02-11 20:34 <DIR> d-------- C:\Programme\Lavasoft
2008-02-11 20:34 . 08-02-11 20:34 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-02-11 20:19 . 08-02-11 20:19 <DIR> d-------- C:\Programme\Trend Micro
2008-02-11 19:18 . 08-02-11 19:18 <DIR> d-------- C:\Programme\Enigma Software Group
2008-02-11 15:59 . 08-02-11 19:12 <DIR> d-------- C:\Programme\SUPERAntiSpyware
2008-02-11 15:59 . 08-02-11 15:59 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-02-11 15:59 . 08-02-11 15:59 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com
2008-02-11 15:18 . 08-02-11 15:18 <DIR> d-------- C:\Programme\Kaspersky Lab
2008-02-11 15:18 . 08-02-12 18:09 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-02-11 15:18 . 08-02-12 19:00 2,630,688 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2008-02-11 15:18 . 08-02-11 15:36 91,700 --a------ C:\WINNT\system32\drivers\klin.dat
2008-02-11 15:18 . 08-02-11 15:36 85,860 --a------ C:\WINNT\system32\drivers\klick.dat
2008-02-11 15:18 . 08-02-12 18:04 35,948 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
2008-02-11 15:18 . 08-02-12 19:00 14,624 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2008-02-11 15:18 . 08-02-12 18:04 2,228 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx
2008-02-11 09:35 . 08-02-11 09:35 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-02-11 09:35 . 08-02-11 09:35 1,409 --a------ C:\WINNT\QTFont.for
2008-02-11 09:33 . 08-02-11 09:34 <DIR> d-------- C:\Programme\NetProject
2008-01-26 10:25 . 08-01-26 10:25 <DIR> d-------- C:\Programme\FireTune
2008-01-26 10:25 . 08-01-26 10:25 737,280 --a------ C:\WINNT\iun6002.exe
2008-01-15 13:57 . 08-01-15 13:57 0 --a------ C:\WINNT\[INI]

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 19:33 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-02-11 14:24 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-02-11 14:16 --------- d-----w C:\Programme\Symantec
2008-02-11 14:15 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2008-02-11 14:10 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Symantec
2008-01-23 12:25 --------- d-----w C:\Programme\Google
2008-01-15 13:17 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Azureus
2008-01-15 13:03 --------- d-----w C:\Programme\YVD
2008-01-15 13:02 --------- d-----w C:\Programme\Thumbs2000
2008-01-15 13:02 --------- d-----w C:\Programme\Spiele
2008-01-15 13:01 --------- d-----w C:\Programme\MTGPlay
2008-01-15 12:59 --------- d-----w C:\Programme\ICQLite
2008-01-15 12:57 --------- d-----w C:\Programme\audiograbber
2007-12-18 12:37 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2007-12-14 10:32 12,632 ----a-w C:\WINNT\system32\lsdelete.exe
2005-08-11 11:19 271 ---h--w C:\Programme\desktop.ini
2005-08-11 11:19 22,080 -c-h--w C:\Programme\folder.htt
2002-07-24 12:00 32,528 -c--a-w C:\WINNT\inf\wbfirdma.sys
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
08-02-12 18:09 10240 --a------ C:\Programme\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 20:05 112400 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [05-06-15 16:20 6803456]
"nwiz"="nwiz.exe" [05-06-15 16:20 1519616 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [05-06-15 16:20 86016]
"HPDJ Taskbar Utility"="C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe" [00-09-05 11:42 192512]
"LVCOMSX"="C:\WINNT\system32\LVCOMSX.EXE" [05-07-19 16:32 221184]
"Dit"="Dit.exe" [03-12-29 23:33 94208 C:\WINNT\Dit.exe]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [06-10-12 03:10 49263]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [05-09-03 11:23 77824]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe" [07-03-09 20:50 200768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02-07-24 13:00 20752 C:\WINNT\system32\internat.exe]
"Task service"="taskmgs.exe" []
"MySpaceIM"="C:\Programme\MySpace\IM\MySpaceIM.exe" [07-08-14 01:04 5562368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Programme\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 20:05 189712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"start"= C:\Programme\NetProject\sbmntr.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{747e1fbe-b70f-441d-bbca-6e536c04924a}"= C:\WINNT\system32\wuuawkz.dll [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programme\SUPERAntiSpyware\SASSEH.DLL [06-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41 294912 C:\Programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"LogitechSoftwareUpdate"=C:\Programme\Logitech\Video\ManifestEngine.exe boot
"MySpaceIM"=C:\Programme\MySpace\IM\MySpaceIM.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"LogitechVideoRepair"=C:\Programme\Logitech\Video\ISStart.exe
"LogitechVideoTray"=C:\Programme\Logitech\Video\LogiTray.exe
"SSC_UserPrompt"="C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe"
"Ulead AutoDetector"=C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
"USB Storage Toolbox"=C:\WINNT\usbstor\Res.exe
"WinDSL MTU-Adjust"=WinDSL_MTU.exe

R1 ATMhelpr;ATMhelpr;C:\WINNT\system32\drivers\ATMhelpr.sys [97-06-17 03:00 ]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [06-08-03 16:34 ]
R2 NwSapAgent;SAP-Agent;C:\WINNT\System32\svchost.exe [02-07-24 13:00 ]
R3 WinDSLa;WinDSL-Adapter (PPP-over-Ethernet);C:\WINNT\system32\DRIVERS\WinDSL.sys [01-11-08 01:45 ]
S3 hp4200c;%usbscan.SvcDesc%;C:\WINNT\system32\DRIVERS\hp4200c.sys [01-02-18 09:09 ]
S3 WinDSLp;%WinDSLp_Desc%;C:\WINNT\system32\DRIVERS\WinDSL.sys [01-11-08 01:45 ]

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 19:00:28
Windows 5.0.2195 Service Pack 4 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-02-12 19:02:04
ComboFix-quarantined-files.txt 2008-02-12 18:01:34
.
2007-12-19 15:36:20 --- E O F ---

Highjackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:05, on 12.02.2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Programme\NetProject\sbmntr.exe
C:\Programme\NetProject\sbsm.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\WINNT\Dit.exe
C:\WINNT\DitExp.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Programme\NetProject\sbmdl.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programme\NetProject\sbmntr.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Task service] taskmgs.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programme\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\scieplugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D238A24-A33D-47AF-BEDB-42DDDBBDEEFF}: NameServer = 85.255.115.27,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5767C04-4000-44EE-8B89-9E7C19B335B4}: NameServer = 85.255.115.27,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.132
O18 - Protocol: bw+0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINNT\system32\wuuawkz.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Personal Security Suite V (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://www.metroid2002.com/version_differences_nintendo_logo_naeu.pn

--
End of file - 19309 bytes

Active Worlds
Ad-Aware 2007
ad-island
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9 - Deutsch
Adobe Type Manager 4.0
Azureus
Barbie(TM) in Die 12 tanzenden Prinzessinnen
Disneys Prinzessinnen - Königliche Pferdewelt
FireTune
FLVPlayer
Google Earth
Google Toolbar for Internet Explorer
Google Video Player
HijackThis 2.0.2
Hotfix for MDAC 2.71 (KB911562)
Hotfix for MDAC 2.71 (KB927779)
hp deskjet 816C series (nur entfernen)
InstallRTC
Internet Explorer Q903235
Internet Service
J2SE Runtime Environment 5.0 Update 9
Kaspersky Personal Security Suite V
Kaspersky Personal Security Suite V
L&H TTS3000 Deutsch
LiveUpdate 3.0 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam-Software
Logitech® Camera-Treiber
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internet Explorer 6 SP1
Microsoft Office Professional Edition 2003
Microsoft XML Parser und SDK
Mozilla Firefox (1.5.0.12)
MSN Messenger 7.0
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multi-Card Reader & Flash Disk
MyPhoneExplorer
MySpaceIM
Nero 7 Premium
Norton AntiSpam
NVIDIA Drivers
PowerDVD
QuickTime
Screensaver_Drake_Josh
Secure Browsing
Sicherheitsupdate for DirectX 9 (KB941568)
Sicherheitsupdate für Windows 2000 (KB904706)
Sicherheitsupdate für Windows 2000 (KB923689)
Sicherheitsupdate für Windows 2000 (KB941569)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows Media Player 9 (KB911565)
Sicherheitsupdate für Windows Media Player 9 (KB936782)
Sony Ericsson PC Suite
SUPERAntiSpyware Free Edition
Total Video Converter 3.02
TuneUp Utilities 2006
Ulead Photo Explorer 8.0 SE Basic
Ulead Photo Express 3.0 SE
Ulead VideoStudio 7 SE VCD
Updaterollup 1 für Windows 2000 SP4
USB Storage Toolbox
VideoLAN VLC media player 0.8.6c
Web Application
Winamp (remove only)
Windows 2000-Hotfix - KB833407
Windows 2000-Hotfix - KB842773
Windows 2000-Hotfix - KB890046
Windows 2000-Hotfix - KB893756
Windows 2000-Hotfix - KB896358
Windows 2000-Hotfix - KB896422
Windows 2000-Hotfix - KB896423
Windows 2000-Hotfix - KB896424
Windows 2000-Hotfix - KB896688
Windows 2000-Hotfix - KB897715
Windows 2000-Hotfix - KB899587
Windows 2000-Hotfix - KB899589
Windows 2000-Hotfix - KB900725
Windows 2000-Hotfix - KB901017
Windows 2000-Hotfix - KB901214
Windows 2000-Hotfix - KB902400
Windows 2000-Hotfix - KB905414
Windows 2000-Hotfix - KB905495
Windows 2000-Hotfix - KB905749
Windows 2000-Hotfix - KB905915
Windows 2000-Hotfix - KB908519
Windows 2000-Hotfix - KB908523
Windows 2000-Hotfix - KB908531
Windows 2000-Hotfix - KB911280
Windows 2000-Hotfix - KB911567
Windows 2000-Hotfix - KB912812
Windows 2000-Hotfix - KB912919
Windows 2000-Hotfix - KB913580
Windows 2000-Hotfix - KB914388
Windows 2000-Hotfix - KB914389
Windows 2000-Hotfix - KB916281
Windows 2000-Hotfix - KB917008
Windows 2000-Hotfix - KB917159
Windows 2000-Hotfix - KB917422
Windows 2000-Hotfix - KB917537
Windows 2000-Hotfix - KB917736
Windows 2000-Hotfix - KB917953
Windows 2000-Hotfix - KB918118
Windows 2000-Hotfix - KB918899
Windows 2000-Hotfix - KB920213
Windows 2000-Hotfix - KB920670
Windows 2000-Hotfix - KB920683
Windows 2000-Hotfix - KB920685
Windows 2000-Hotfix - KB920958
Windows 2000-Hotfix - KB921398
Windows 2000-Hotfix - KB921503
Windows 2000-Hotfix - KB921883
Windows 2000-Hotfix - KB922582
Windows 2000-Hotfix - KB922616
Windows 2000-Hotfix - KB922760
Windows 2000-Hotfix - KB923191
Windows 2000-Hotfix - KB923414
Windows 2000-Hotfix - KB923694
Windows 2000-Hotfix - KB923810
Windows 2000-Hotfix - KB923980
Windows 2000-Hotfix - KB924191
Windows 2000-Hotfix - KB924270
Windows 2000-Hotfix - KB924667
Windows 2000-Hotfix - KB925454
Windows 2000-Hotfix - KB925486
Windows 2000-Hotfix - KB925902
Windows 2000-Hotfix - KB926122
Windows 2000-Hotfix - KB926436
Windows 2000-Hotfix - KB927891
Windows 2000-Hotfix - KB928090
Windows 2000-Hotfix - KB928843
Windows 2000-Hotfix - KB929969
Windows 2000-Hotfix - KB930178
Windows 2000-Hotfix - KB931768
Windows 2000-Hotfix - KB931784
Windows 2000-Hotfix - KB932168
Windows 2000-Hotfix - KB933566
Windows 2000-Hotfix - KB933729
Windows 2000-Hotfix - KB935839
Windows 2000-Hotfix - KB935840
Windows 2000-Hotfix - KB936021
Windows 2000-Hotfix - KB937143
Windows 2000-Hotfix - KB937894
Windows 2000-Hotfix - KB938127
Windows 2000-Hotfix - KB938827
Windows 2000-Hotfix - KB938829
Windows 2000-Hotfix - KB939653
Windows 2000-Hotfix - KB941202
Windows 2000-Hotfix - KB942615
Windows Installer 3.1 (KB893803)
Windows Media Player 9-Hotfix [Weitere Informationen finden Sie unter KB885492.]
Windows Media Player-Hotfix [Weitere Informationen finden Sie in Q828026]
Windows Media Player-Systemupdate (9-Reihe)
WinDSL
WinRAR Archivierer
WinZip
Yu-Gi-Oh! ONLINE

datfind

Datenträger in Laufwerk C: ist System
Datenträgernummer: C8D1-BBE8

Verzeichnis von C:\WINNT\system32

12.02.2008 18:17 16.384 Perflib_Perfdata_35c.dat
12.02.2008 18:09 26.682 nvapps.xml
12.02.2008 16:58 16.384 Perflib_Perfdata_218.dat
14.12.2007 11:32 12.632 lsdelete.exe
03.12.2007 00:00 18.684.536 MRT.exe

Dieser Beitrag wurde am 12.02.2008 um 19:21 Uhr von Merton editiert.

12.02.2008, 17:29

raman

Moderator

Beiträge: 7805

#2 Reiche bitte die Reporte aus Punkt 2 und 3b nach.
http://board.protecus.de/t23187.htm
__________
MfG Ralf
SEO-Spam Hunter

12.02.2008, 19:23

Merton

...neu hier

Themenstarter

Beiträge: 5

#3 habs geändert
schritt 2 und 3b hinzugefügt
ich hab alle gemacht, war das schlimm?

12.02.2008, 21:29

Argus

Ehrenmitglied

Beiträge: 6028

#4 Hallo,

Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

Zitat

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Programme\NetProject\sbmdl.dll

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programme\NetProject\sbmntr.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{1D238A24-A33D-47AF-BEDB-42DDDBBDEEFF}: NameServer = 85.255.115.27,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5767C04-4000-44EE-8B89-9E7C19B335B4}: NameServer = 85.255.115.27,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.132

O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINNT\system32\wuuawkz.dll (file missing)

klicke: Fix checked
Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

cfscript.txt

1.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

Folder::
C:\Programme\NetProject

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"start"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{747e1fbe-b70f-441d-bbca-6e536c04924a}"=-

2.
CFScript.txt mit der rechten Maustaste auf das Symbol von Combofix ziehen

Combofix wird jetzt starten.
Nach neustart des Rechners,poste das log von ComboFix

3.
Benutze FixewareOut
http://virus-protect.org/artikel/tools/fixwareout.html

Der Rechner wird neustarten - und poste das log von FixewareOut und ein log von Hijack This
__________
MfG Argus

13.02.2008, 15:41

Merton

...neu hier

Themenstarter

Beiträge: 5

#5 ComboFix 08-02-12.3 - Administrator 13.02.2008 15:01:12.4 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1031.18.253 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Administrator\Desktop\cfscript.txt

[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programme\NetProject
C:\Programme\NetProject\ot.ico
C:\Programme\NetProject\sbmdl.dll
C:\Programme\NetProject\sbmntr.exe
C:\Programme\NetProject\sbsm.exe
C:\Programme\NetProject\sbun.exe
C:\Programme\NetProject\scit.exe
C:\Programme\NetProject\scm.exe
C:\Programme\NetProject\scu.exe
C:\Programme\NetProject\ts.ico
C:\Programme\NetProject\waun.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-01-13 bis 2008-02-13 ))))))))))))))))))))))))))))))
.

2008-02-13 15:01 . 13.02.08 15:01 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_368.dat
2008-02-12 16:58 . 12.02.08 16:58 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_218.dat
2008-02-11 20:34 . 11.02.08 20:34 <DIR> d-------- C:\Programme\Lavasoft
2008-02-11 20:34 . 11.02.08 20:34 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-02-11 20:19 . 11.02.08 20:19 <DIR> d-------- C:\Programme\Trend Micro
2008-02-11 19:18 . 11.02.08 19:18 <DIR> d-------- C:\Programme\Enigma Software Group
2008-02-11 15:59 . 11.02.08 19:12 <DIR> d-------- C:\Programme\SUPERAntiSpyware
2008-02-11 15:59 . 11.02.08 15:59 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-02-11 15:59 . 11.02.08 15:59 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com
2008-02-11 15:18 . 11.02.08 15:18 <DIR> d-------- C:\Programme\Kaspersky Lab
2008-02-11 15:18 . 13.02.08 14:42 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-02-11 15:18 . 13.02.08 15:04 2,657,568 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2008-02-11 15:18 . 11.02.08 15:36 91,700 --a------ C:\WINNT\system32\drivers\klin.dat
2008-02-11 15:18 . 11.02.08 15:36 85,860 --a------ C:\WINNT\system32\drivers\klick.dat
2008-02-11 15:18 . 12.02.08 20:09 36,404 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
2008-02-11 15:18 . 13.02.08 15:04 16,416 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2008-02-11 15:18 . 12.02.08 20:09 2,492 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx
2008-02-11 09:35 . 11.02.08 09:35 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-02-11 09:35 . 11.02.08 09:35 1,409 --a------ C:\WINNT\QTFont.for
2008-01-26 10:25 . 26.01.08 10:25 <DIR> d-------- C:\Programme\FireTune
2008-01-26 10:25 . 26.01.08 10:25 737,280 --a------ C:\WINNT\iun6002.exe
2008-01-15 13:57 . 15.01.08 13:57 0 --a------ C:\WINNT\[INI]

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 19:33 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-02-11 14:24 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-02-11 14:16 --------- d-----w C:\Programme\Symantec
2008-02-11 14:15 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2008-02-11 14:10 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Symantec
2008-01-23 12:25 --------- d-----w C:\Programme\Google
2008-01-15 13:17 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Azureus
2008-01-15 13:03 --------- d-----w C:\Programme\YVD
2008-01-15 13:02 --------- d-----w C:\Programme\Thumbs2000
2008-01-15 13:02 --------- d-----w C:\Programme\Spiele
2008-01-15 13:01 --------- d-----w C:\Programme\MTGPlay
2008-01-15 12:59 --------- d-----w C:\Programme\ICQLite
2008-01-15 12:57 --------- d-----w C:\Programme\audiograbber
2007-12-18 12:37 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2007-12-14 10:32 12,632 ----a-w C:\WINNT\system32\lsdelete.exe
2005-08-11 11:19 271 ---h--w C:\Programme\desktop.ini
2005-08-11 11:19 22,080 -c-h--w C:\Programme\folder.htt
2002-07-24 12:00 32,528 -c--a-w C:\WINNT\inf\wbfirdma.sys
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21.06.07 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [19.06.03 20:05 112400 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [15.06.05 16:20 6803456]
"nwiz"="nwiz.exe" [15.06.05 16:20 1519616 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [15.06.05 16:20 86016]
"HPDJ Taskbar Utility"="C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe" [05.09.00 11:42 192512]
"LVCOMSX"="C:\WINNT\system32\LVCOMSX.EXE" [19.07.05 16:32 221184]
"Dit"="Dit.exe" [29.12.03 23:33 94208 C:\WINNT\Dit.exe]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [09.07.01 11:50 155648]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [12.10.06 03:10 49263]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [03.09.05 11:23 77824]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe" [09.03.07 20:50 200768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [24.07.02 13:00 20752 C:\WINNT\system32\internat.exe]
"Task service"="taskmgs.exe" []
"MySpaceIM"="C:\Programme\MySpace\IM\MySpaceIM.exe" [14.08.07 01:04 5562368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Programme\Internet Explorer\Connection Wizard\icwconn1.exe" [19.06.03 20:05 189712]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programme\SUPERAntiSpyware\SASSEH.DLL [20.12.06 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll 19.04.07 13:41 294912 C:\Programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"LogitechSoftwareUpdate"=C:\Programme\Logitech\Video\ManifestEngine.exe boot
"MySpaceIM"=C:\Programme\MySpace\IM\MySpaceIM.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"LogitechVideoRepair"=C:\Programme\Logitech\Video\ISStart.exe
"LogitechVideoTray"=C:\Programme\Logitech\Video\LogiTray.exe
"SSC_UserPrompt"="C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe"
"Ulead AutoDetector"=C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
"USB Storage Toolbox"=C:\WINNT\usbstor\Res.exe
"WinDSL MTU-Adjust"=WinDSL_MTU.exe

R1 ATMhelpr;ATMhelpr;C:\WINNT\system32\drivers\ATMhelpr.sys [17.06.97 03:00 ]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [03.08.06 16:34 ]
R2 NwSapAgent;SAP-Agent;C:\WINNT\System32\svchost.exe [24.07.02 13:00 ]
R3 WinDSLa;WinDSL-Adapter (PPP-over-Ethernet);C:\WINNT\system32\DRIVERS\WinDSL.sys [08.11.01 01:45 ]
S3 hp4200c;%usbscan.SvcDesc%;C:\WINNT\system32\DRIVERS\hp4200c.sys [18.02.01 09:09 ]
S3 WinDSLp;%WinDSLp_Desc%;C:\WINNT\system32\DRIVERS\WinDSL.sys [08.11.01 01:45 ]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 15:04:45
Windows 5.0.2195 Service Pack 4 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 13.02.2008 15:06:07
ComboFix-quarantined-files.txt 2008-02-13 14:05:39
ComboFix2.txt 2008-02-12 18:02:05
.
2007-12-19 15:36:20 --- E O F ---
[/color]

Username "Administrator" - 13.02.2008 15:12:39 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{048C4BCB-A426-43F0-8AE2-079B75EAFAE5}
"DhcpNameServer"="85.255.115.27,85.255.112.132" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1D238A24-A33D-47AF-BEDB-42DDDBBDEEFF}
"DhcpNameServer"="85.255.115.27,85.255.112.132" <Value cleared.

Der DNS-Aufl”sungscache wurde geleert.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"Synchronization Manager"="mobsync.exe /logon"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINNT\\System32\\NvMcTray.dll,NvTaskbarInit"
"HPDJ Taskbar Utility"="C:\\WINNT\\System32\\spool\\drivers\\w32x86\\3\\hpztsb01.exe"
"LVCOMSX"="C:\\WINNT\\system32\\LVCOMSX.EXE"
"Dit"="Dit.exe"
"NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"AVP"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Security Suite V\\avp.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\\Programme\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

[color="green"]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:06, on 13.02.2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\WINNT\Dit.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\WINNT\DitExp.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Task service] taskmgs.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programme\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\scieplugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O18 - Protocol: bw+0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {22D2BA16-530E-47A3-BA4D-A1078451B57D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Personal Security Suite V (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://www.metroid2002.com/version_differences_nintendo_logo_naeu.pn

--
End of file - 18171 bytes

So das wärs
Welches Virenprogramm soll ich deiner Meinung nach runter machen?

13.02.2008, 16:46

Argus

Ehrenmitglied

Beiträge: 6028

#6 CombiFix entfernen
Start > Ausführen>Kopiere rein Combofix /U OK

Ich kenne beide nicht aber wenn,wuerde ich Kaspersky behalten

Entferne via Software: Logitech Desktop Messenger
__________
MfG Argus

13.02.2008, 17:14

Merton

...neu hier

Themenstarter

Beiträge: 5

#7 Vielen Dank für alles

ist mein Pc jetzt frei von allem schädlichen?

Edit:
Welches Programm hab ich denn noch drauf?
Ich find irgendwie nu Kaspersky...

13.02.2008, 18:42

Argus

Ehrenmitglied

Beiträge: 6028

#8 Anscheinend sind es reste von Norton
Schau mal nach unter Software
C:\Programme\Symantec\LiveUpdate

Start>Ausfuehren kopiere rein services.msc ok
suche unterstehende daten und beende den Service
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
__________
MfG Argus

13.02.2008, 21:15

Merton

...neu hier

Themenstarter

Beiträge: 5

#9 Okay, hab ich gemacht.
Danke nochmal

Bis dann.

13.02.2008, 22:49

Argus

Ehrenmitglied

Beiträge: 6028

#10 Du kannst noch ein test machen bei http://secunia.com/software_inspector/
ob du noch Updates benoetigst

__________
MfG Argus

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1