|
Log-Analyse und Auswertung: Da is doch was im Busch...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.12.2005, 21:18 | #1 |
| Da is doch was im Busch... Schönen guten abend allerseits, wäre euch wirklich sehr verbunden, wenn ihr hier mal drüberschauen könntet. Versuche schon den ganzen Tag meinen gestern abend noch topfiten pc wieder herzurichten. Weiß der Kuckuck, was die Nacht da passiert ist. Wie gesagt werde ich den ganzen Tag mit plötzlichen Neustarts, graphischen Aussetzern etc. auf Trapp gehalten. Habe schon sämtliche Virenprogramme laufen lassen, die finden auch regelmäßig was, doch wenn ich fest überzeugt bin, nun alles entfernt zu haben, taucht doch wieder was neues auf. Unter anderem hat sich auch kurzzeitig der "Ezula" Virus gezeigt und außerdem werden auch regelmäßig infizierte Lesezeichen und Cookies des Firefox gelöscht. Vielleicht is da die undichte Stelle. Vielen Dank für eure Hilfe. Logfile of HijackThis v1.99.1 Scan saved at 21:15:39, on 12.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Programme\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe D:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\WINDOWS\ATKKBService.exe d:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\CTsvcCDA.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Java\jre1.5.0_05\bin\jusched.exe C:\Programme\Creative\ShareDLL\CtNotify.exe D:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe d:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Creative\ShareDLL\Mediadet.exe C:\WINDOWS\System32\svchost.exe D:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe D:\Programme\802.11 Wireless LAN\802.11b Pen Size Wireless USB 2.0 Adapter HW.31 V.1.00\WlanCU.exe D:\Programme\ICQLite\ICQLite.exe C:\DOKUME~1\***\LOKALE~1\Temp\mwavscan.com C:\DOKUME~1\***i\LOKALE~1\Temp\kavss.exe D:\Programme\Firefox\firefox.exe C:\Dokumente und Einstellungen\***\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.internetcologne.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w*w.internetcologne.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.internetcologne.de R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Programme\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - D:\Programme\iFinger\plugins\IE.ifp O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Programme\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [CTStartup] "C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [AVGCtrl] "d:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] \Program\ O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Wireless Configuration Utility HW.31.lnk = D:\Programme\802.11 Wireless LAN\802.11b Pen Size Wireless USB 2.0 Adapter HW.31 V.1.00\WlanCU.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109076121648 O18 - Protocol: bw+0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {3040C9C2-3554-44DA-BA11-D4F166F97A43} - d:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - d:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programme\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe |
12.12.2005, 21:28 | #2 |
| Da is doch was im Busch... Ich bin mir ja nicht ganz sicher, aber ich schieb nochmal die log datei aus e-scan hinterher. Bitte verratet einem Laien wie mir doch bitte, wo man die infizierten Dateien löschen kann. Danke nochmal.
__________________Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKCR\TypeLib\{54CB0D09-E60F-41B1-B8AF-C7F6652621EC}" refers to invalid object "E:\Games\EA SPORTS\FIFA 06 Demo\fifa06 demo.exe". Action Taken: No Action Taken. Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\RunMSC.Loader" refers to invalid object "{9F95F736-0F62-4214-A4B4-CAA6738D4C07}". Action Taken: No Action Taken. Entry "HKCR\RunMSC.Loader.1" refers to invalid object "{9F95F736-0F62-4214-A4B4-CAA6738D4C07}". Action Taken: No Action Taken. Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. File C:\DOKUME~1\Smi\LOKALE~1\Temp\saveinstwm.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken. |
Themen zu Da is doch was im Busch... |
adobe, adobe reader, antivir, bho, browser, computer, desktop, einstellungen, excel, explorer, firefox, helper, hijack, hijackthis, icqtoolbar, infizierte, internet, internet explorer, object, rundll, software, system, temp, urlsearchhook, usb, usb 2.0, virus, windows, windows xp, wireless lan |