notepad.exe befallen! Oh je!Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
12.07.2004, 13:17
Member
Beiträge: 40 |
||
|
||
12.07.2004, 13:33
Ehrenmitglied
Beiträge: 29434 |
#32
Hallo baddi
Fixe mit dem HijackThos R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = , R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = , R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file) R3 - URLSearchHook: (no name) - {BECD7FB6-D67E-4104-A8AD-0DBC10251438} - (no file) O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\Odigo\Bin\OdigoBHO.dll O4 - HKLM\..\Run: [DMSDOS] C:\WINDOWS\System32\explorer.exe O4 - HKLM\..\Run: [WinTime] C:\WINDOWS\system32\wintime.exe O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\System32\windll32.exe O8 - Extra context menu item: &SearchIt Toolbar search - res://C:\Programme\IEToolbar\toolbar.dll/SEARCH.HTML O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.skoobidoo.com O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058486de.exe neustarten #Deaktiviere kurz deinen Virenscanner und lade Antivirus http://www.free-av.com/ Konfiguriere den Antivirus AVGCtrl Automatischen Scan stoppen, Einstellungen hochschrauben (Suchen: ALLE DATEIN, Reperatur: OHNE RÜCKFRAGEN, Löschen bei fehlgeschlagener Reperatur: LÖSCHEN OHNE RÜCKFRAGEN, Unerwünschte Programme: ALLE ausser spiele, Heuristik: Win32 Heuristik Priorität hoch) #Geh in den abgesicherten Modus...das ist wichtig !!!!!!!!!11 http://www.bsi.de/av/texte/winsave.htm und mache einen Vollscann mit dem Antivirus. .............................................................................................................. normal neustarten Ueberpruefe mit Kaspersky C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\explorer.exe C:\WINDOWS\system32\wintime.exe http://www.kaspersky.com/scanforvirus #Lade AdAware free...updaten vor dem Scannen !!! und Spybot von dieser Site http://www.rokop-security.de/main/article.php?sid=703 #lade Spysweeper free http://www.spysweeper.com/ #Lade mwav.exe...scanne alle Dateien http://www.mwti.net/antivirus/free_utilities.asp poste dann, was die mwav.exe gefunden hat #Loesche mit ClearProg die Cookies und TemporaryInternetfiles und stelle dann unter <InternetOptionen eine neue Startseite ein . http://www.clearprog.de/ dann poste das Log noch mal, falls es noch Probleme gibt MfG Nikita __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 12.07.2004 um 13:36 Uhr von Sabina editiert.
|
|
|
||
12.07.2004, 16:38
Member
Beiträge: 40 |
#33
jetzt müsst wieder alles gehen :-) danke für die Hilfe *knuddel* *lach* ^^
das spyware prog is ganz gut das verwischt spuren im internet oder? thx 4 Help :-) |
|
|
||
12.07.2004, 17:18
Member
Beiträge: 1095 |
#34
@baddi
Poste nochmal dein Log damit man sieht ob alles weg ist Gruß paff __________ http://www.downclockers.com/ourforum/index.php?board=71.0 Reverse Engineering Malware |
|
|
||
12.07.2004, 19:05
Member
Beiträge: 40 |
#35
welches log? das von hijack? weil das antivirus bzw das mwav.exe nicht fertig gelaufen hab lassen ^^
|
|
|
||
12.07.2004, 22:24
Member
Beiträge: 1095 |
#36
Zitat baddi posteteDas HiJackThis log Gruß paff __________ http://www.downclockers.com/ourforum/index.php?board=71.0 Reverse Engineering Malware |
|
|
||
12.07.2004, 23:27
Member
Beiträge: 40 |
#37
Logfile of HijackThis v1.98.0
Scan saved at 23:27:29, on 12.07.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Anti-Trojan-55\ATWatch.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Spy Sweeper\SpySweeper.exe C:\Programme\ICQ\Icq.exe C:\Programme\Steam\steam.exe C:\Programme\Winamp\Winamp5\winamp.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe P:\Tools\Anti- Viren & Spyware progs\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de F0 - system.ini: Shell= F2 - REG:system.ini: Shell= F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Programme\Anti-Trojan-55\ATWatch.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu O4 - HKLM\..\RunOnce: [delus] C:\DOKUME~1\G1U3CK~1\LOKALE~1\Temp\delus.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.244.108.253:81/activex/AxisCamControl.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5D11B294-D36C-4A11-9198-2AF12690B134}: NameServer = 217.237.150.141 194.25.2.129 |
|
|
||
12.07.2004, 23:38
Member
Beiträge: 1095 |
#38
@baddi
sieht gut aus Gruß paff __________ http://www.downclockers.com/ourforum/index.php?board=71.0 Reverse Engineering Malware |
|
|
||
14.07.2004, 01:14
Member
Beiträge: 40 |
||
|
||
18.07.2004, 12:11
...neu hier
Beiträge: 5 |
#40
Auch ich bin nue hier, hoffe ihr könnte mir helfen
Bei mir öffnet sich immer ein Windows PopUp, das einen Trojaner auf system32/notepad.exe meldet. Bitte um Hilfe lG Christian aka Tahooma Hijack Ergebnis: Logfile of HijackThis v1.98.0 Scan saved at 11:56:15, on 18.07.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\devldr32.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE C:\Programme\Grisoft\AVG6\avgw.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\Christian\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.ipswitch.com/_installs/wsftp_le/setup.exe O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/de/win/QuickTimeInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DAC89387-33E1-4916-98F0-E3253E114CF1}: NameServer = 195.3.96.67 195.3.96.68 |
|
|
||
20.03.2006, 17:56
Member
Beiträge: 11 |
#41
Hallo Leute, ich hab ein Problem mit meiner Notepad.exe
Wenn ich Spyware Doctor drüber laufen lasse, zeigt der mir den Trojaner Gasline B in der: C:\Windows\Notpad.exe C:\Windows\System32\Notpad.exe C:\Windows\dllcache\Notepad.exe an. Wenn ich die mit SW Doctor in Quarantäne verschiebe, und lösche, sindse ja weg. Und von CD die Orginale Notepad.exe kann ich nicht rüberziehen, weil ich keine Windows CD/DVD hab. Das lieg aber daran, das ich eine OEM-Version, die auf einem Targa-Lidl-PC installiert ist, besitze. Ich hab nur sone dähmliche Targa Recovery CD. Könnte mir da jemand evtl. seine Notepad.exe schicken? So ich hab Hitman Pro 2 komplett drüber laufen lassen. Hitman Pro 2.4 - Protokolldatei 20-03-2006 16:55 ----------------------------------------------------------------- CW-Shredder: 1 Ergebniss, gefixt ----------------------------------------------------------------- Ad-Aware SE Personal, free for private use. 00:15:34 1.06r1 SE1R99 20.03.2006 Ad-Aware hat kein Spyware gefunden ----------------------------------------------------------------- Spybot - Search & Destroy 00:04:35 Keine Ergebnisse ----------------------------------------------------------------- PC Tools Spyware Doctor 00:10:20 Version 3.5.0.478 Datenbank 3.04300 Spyware Doctor is a top-rated malware & spyware removal utility that detects and removes your PC from thousands of potential spyware, adware, trojans, keyloggers, spybots and tracking Thread. Tracking Cookie Trojan.Gaslide.B Spyguard Ardamax Keylogger ----------------------------------------------------------------- Hitman Pro AntiSpyware 1.9.2 Diese zusätzliche Inspektion sucht nach Spyware, Viren, Würmern und Trojaner Pferden, die noch nicht durch externe Komponenten gefunden oder gelöscht wurden. # Legenda: erkannt als Spyware # gefunden mit Heuristik # Hinweis auf spyware # HKLM\..\Browser Helper Objects, {45AD732C-2CE2-4666-B366-B2214AD57A49} ist gelöscht Schlüssel ist Orphan Zusätzliche Inspektion hat keine Spyware, Viren, Würmer oder Trojaner Pferde gefunden ------------------------------------------------------------------- Dann hab ich den Multi Virus Cleaner 2006 drüber laufen lassen: Keine Ergebnisse ------------------------------------------------------------------- Norton Antivirus und AntVir 7 ebenfalls keine Ergebnisse. ------------------------------------------------------------------- Hier die Logfile des HijackThis-Tool: Logfile of HijackThis v1.99.1 Scan saved at 17:06:01, on 20.03.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\System32\carpserv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\antiwucher\_antiwucher.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Programme\Windows Media Player\wmplayer.exe C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Programme\Winamp\winampa.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\Spyware Doctor\swdoctor.exe C:\Programme\Hitman Pro\hitmanpro2.exe C:\Programme\Spybot - Search & Destroy\SpybotSD.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\JAN~1.STA\LOKALE~1\Temp\Rar$EX00.781\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Norton] C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programme\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [ATI Remote Control] C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137765512890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140821526531 O17 - HKLM\System\CCS\Services\Tcpip\..\{0904CCEA-0D71-4656-8AB0-2DF406965EA3}: NameServer = 62.104.191.241 62.104.196.134 O17 - HKLM\System\CCS\Services\Tcpip\..\{66466F67-5D8C-47E6-ACBF-0CAD0103FC5C}: NameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0904CCEA-0D71-4656-8AB0-2DF406965EA3}: NameServer = 62.104.191.241 62.104.196.134 O18 - Protocol: bw+0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {A3EDA82A-DB02-459B-8CC8-0F1FA8062A35} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programme\AntiVir\AVWUPSRV.EXE (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe (file missing) O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) Ich hoffe mir kann jemand helfen und überhaupt sagen ob das System infiziert ist (Notepad) oder das Prog nur spinnt (sehr unwahrscheinlich) |
|
|
||
20.03.2006, 19:41
Moderator
Beiträge: 7805 |
#42
Ohne dein Log genauer durchgelesen zu haben, kann ich dir sagen, das es ein Fehlalarm von Spyware doctor ist.
Wenn du das Programm gekauft haben solltest, schicke bitte die Datei an pctools, damit sie diesen Fehlalarm herausnehmen koennen. BTW: Du solltest dein Windows aktualisieren(auf SP2) Soweit ich mich erinnere besteht der Fehlalarm nur auf die notepad.exe aus dem SP1. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
21.03.2006, 15:32
Member
Beiträge: 11 |
#43
Ok danke, du hast mir sehr weitergeholfen ^^ Ich hab von so was nich viel Ahnung, un wenn ein Programm halt meldet, das ein Virus bzw. Trojaner drauf is... SP2 mal schaun mit Modem
|
|
|
||
21.03.2006, 15:52
Moderator
Beiträge: 7805 |
#44
Du kennst doch bestimmt jemanden, mit DSL oder der das sp2 irgendwo auf einer Heft CD hat!?
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
23.03.2006, 17:25
Member
Beiträge: 11 |
#45
Ja ich werds mir schon irgendwie besorgen, Ich hatts schon ma drauf, aber ich hatte Systemwiederherstellung gemacht un dann was halt weg un ich hatte ehrlich gesagt keine Lust, es noch ma neu zu downloaden un zu installieren.
MFG The_Death |
|
|
||
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Anti-Trojan-55\ATWatch.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\explorer.exe
C:\WINDOWS\system32\wintime.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ICQ\Icq.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programme\Steam\Steam.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\G1u3cK1icHm4cH3r\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
R3 - URLSearchHook: (no name) - {BECD7FB6-D67E-4104-A8AD-0DBC10251438} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\Odigo\Bin\OdigoBHO.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Programme\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DMSDOS] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [WinTime] C:\WINDOWS\system32\wintime.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\System32\windll32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &SearchIt Toolbar search - res://C:\Programme\IEToolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.skoobidoo.com
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058486de.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.244.108.253:81/activex/AxisCamControl.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D11B294-D36C-4A11-9198-2AF12690B134}: NameServer = 217.237.150.141 194.25.2.129
hab schon n paar sachen entfernt von denen ich wusste das sie schrott sind aber jetzt weis ich nich mehr weiter!
MFG
Luki
ps thx sabina :-) m3 is just a dumb human