|
"SpySheriff" SOS totale PC-Niete brauch hilfe! Hallo, ich bin das erste mal hier,... den Grund könnt ihr ja der Überschrift entnehmen. Wir haben uns einen Spysheriff eingefangen!! Tja wie los kriegen? Ich habe keinerlei Ahnung von PCs, mein Mann hat noch 5gramm weniger Plan... kann mir hier jemand erklären wie ich schritt für schritt vorgehen muss? Ich habe wirklich keinerlei Ahnung, *verzweifel*... :bussi: Lg Jessy |
Hallo Famfieger, mach ein Hijackthis-Log nach dieser Anweisung http://www.trojaner-board.de/showthread.php?t=17493 danach machst du einen EScan nach dieser Anweisung http://www.trojaner-board.de/showthread.php?t=17492 Beachte die Anleitung genau,unten auf den Seiten steht ein PDF als Download zur Verfügung,das kann man ausdrucken wenn nötig. Beide Log`s stellst du dann hier in deinen Thread,dann sehen wir weiter. Irrlicht |
Zitat:
also ersteres habe ich jetzt mal gemacht,... ich hoffe es stimmt so.. *bibber* Logfile of HijackThis v1.99.1 Scan saved at 17:15:13, on 14.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\per.exe C:\WINDOWS\System32\cisvc.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\tt.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\AOL 9.0\waol.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLacsd.exe C:\Programme\AOL 9.0\shellmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Programme\HiJackThis - NEU!!!\hijackthis\HijackThis.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programme\Symantec\LiveUpdate\AUpdate.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/2484/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.52/2484/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/2484/search.php?qq= R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\per.exe internat.dll,LoadKeyboardProfile O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{77D172EC-2175-473C-A8E4-8897306440C2}: NameServer = 205.188.146.145 O18 - Protocol: bw+0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll |
Beim 2. Link versteh ich momentan nur Bahnhof, kann also noch ein weilchen dauern! Wenn ich auf "Download" klicke kommen einige "Artikel"... auf der seite runtergescrollt habe ich dann 3x die auswahl etwas zu downloaden... WAS WILL ICH?? *doofgugg* :o |
Hi, ich mach mal kurz für irrlicht weiter: bitte folgende Dateien mal bei Jotti online scannen lassen: C:\WINDOWS\system32\per.exe C:\WINDOWS\system32\tt.exe Mir schwant was sehr, sehr böses. Bitte das Ergebnis posten. Grund: evtl. kannst du dir den eScan sparen, wenn die beiden Dateien das sind, was ich glaube... cacatoa |
Zitat:
TT.exe könnte dabei ein Würmchen, und vom SpySheriff kann gar keine rede mehr sein ;) |
...und scheinbar hat schon jemand zugegriffen,so jedenfalls würde ich das deuten : O17 - HKLM\System\CCS\Services\Tcpip\..\{77D172EC-2175-473C-A8E4-8897306440C2}: NameServer = 205.188.146.145 Gehe ich recht mit meiner Annahme ? Irrlicht |
tt.exe --> Auslastung: 0% 100% Datei: tt.exe Status: INFIZIERT/MALWARE Entdeckte Packprogramme: - AntiVir Trojan/Click.Spywad.l gefunden ArcaVir Keine Viren gefunden Avast Win32:Hoaxalarm-K gefunden AVG Antivirus Keine Viren gefunden BitDefender Trojan.FakeAlert.X gefunden ClamAV Keine Viren gefunden Dr.Web Trojan.Fakealert gefunden F-Prot Antivirus unknown virus gefunden (mögliche Variante) Fortinet Keine Viren gefunden Kaspersky Anti-Virus not-virus:Hoax.Win32.Renos.aq gefunden NOD32 a variant of Win32/Adware.SpySheriff application gefunden Norman Virus Control Keine Viren gefunden UNA Keine Viren gefunden VBA32 Trojan.Fakealert gefunden per.exe --> Auslastung: 0% 100% Datei: per.exe Status: INFIZIERT/MALWARE Entdeckte Packprogramme: FSG AntiVir Keine Viren gefunden ArcaVir Keine Viren gefunden Avast Keine Viren gefunden AVG Antivirus Keine Viren gefunden BitDefender Dropped:Generic.Malware.SYdld.B6F39757 gefunden (mögliche Variante) ClamAV Keine Viren gefunden Dr.Web DLOADER.Trojan gefunden (mögliche Variante) F-Prot Antivirus Keine Viren gefunden Fortinet Keine Viren gefunden Kaspersky Anti-Virus Keine Viren gefunden NOD32 Keine Viren gefunden Norman Virus Control Sandbox: W32/Downloader; [ General information ] * File might be compressed. * Creating several executable files on hard-drive. * File length: 8177 bytes. [ Changes to filesystem ] * Creates file sdfff. * Creates file C:\WINDOWS\SYSTEM32\tt.exe. * Creates file fdsf. * Creates file C:\WINDOWS\SYSTEM32\t.exe. [ Changes to registry ] * Creates key "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System". * Sets value "DisableTaskMgr"="1" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System". [ Network services ] * Opens URL: http://www.perlink.biz/05/1002.exe. * Opens URL: http://www.perlink.biz/05/1001.exe. [ Security issues ] * Starting downloaded file - potential security problem. gefunden UNA Keine Viren gefunden VBA32 Keine Viren gefunden *BAHNHOF* |
@irrlicht Zitat:
|
Zitat:
:daumenhoc :lach: |
@FamFieger Wechsle in abgesicherten Modus. Ändere die Einstellungen im Windows Explorer und suche nach diesen Dateien. C:\WINDOWS\system32\per.exe C:\WINDOWS\system32\tt.exe C:\winstall.exe Lösche die alle. Fixe mit HJT diese Reg-Einträge Zitat:
|
ääääähm,... "Fixe mit HJT diese Reg-Einträge......." HEIßT????? und dann: Danach poste nochmal HJT-Log nochmal neu machen dann, oder wie? *grübel* hachherje... :balla: |
@FamFieger Zitat:
Zitat:
|
@all in diesem thread: habe mich nicht mehr gemeldet, da ich kurz mal ohne Zugriff aufs Board war. Naja, das www.eben...;) Fixen heißt: nach dem scan mit HJT einen Haken bei den von Rene-Gad gezeigten Einträgen machen und unten auf "fix checked" clicken. cacatoa |
Hallo nochmal, ich kann alle drei angegebenen .exe Dateien nicht löschen... sie sind aber nicht schreibgeschützt... *hmm* ?? |
Schau im task-manager, ob die Prozesse laufen. Wenn ja, beende sie und lösche dann. cacatoa |
Logfile of HijackThis v1.99.1 Scan saved at 19:11:54, on 14.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\per.exe C:\Programme\Java\jre1.5.0\bin\jusched.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Internet Explorer\iexplore.exe C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE C:\WINDOWS\system32\tt.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\AOL 8.0b\aoltray.exe C:\WINDOWS\System32\cisvc.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\Programme\AOL 9.0\waol.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\AOL 9.0\shellmon.exe C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\WINDOWS\system32\cidaemon.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Fieger\LOKALE~1\Temp\Rar$EX00.797\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll F3 - REG:win.ini: run= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\per.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] C:\\checker.exe /check O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [explore] c:\windows\explore.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0b\aoltray.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{77D172EC-2175-473C-A8E4-8897306440C2}: NameServer = 205.188.146.145 O18 - Protocol: bw+0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {8CC19F16-D823-44A2-A839-EEB5A855D6D0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe Winstall.exe wurde jetzt gelöscht der Taskmanager wurde durch den Administrator deaktiviert!! ICH kenne mich nimmer aus, ich hoffe ihr wisst was ihr tut... stimmt das alles so?! :o |
Erscheint bei dir etwas ähnliches wie hier? cacatoa |
Also, nach allem was ich bei dir gesehen habe; und weil ich jetzt auch noch Spuren eines Backdoor-Trojaners (Graybird) finde; gebe ich Dir einen guten Rat: Setze Dein System neu auf! Das ist die einzige sichere Lösung. Und wahrscheinlich schneller, als stundenlanges, unsicheres Bereinigen... cacatoa |
seufz,..okay... dann werde ich alles wichtige "zur Seite räumen" und dann ein Neuanfang.... seufz.. ich danke euch für euere Hilfe!!:aplaus: :daumenhoc |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 08:37 Uhr. |
Copyright ©2000-2025, Trojaner-Board