msn plus ad ware entfernen |
||
---|---|---|
#0
| ||
23.04.2005, 13:24
Member
Beiträge: 16 |
||
|
||
23.04.2005, 16:11
Moderator
Beiträge: 7805 |
#2
Updaate dein Windows auf SP2 und fix das:
F3 - REG:win.ini: run= O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [basebat] C:\DOKUME~1\RAYNE_~1\ANWEND~1\BENDNA~1\SOFTWAREPLUS4.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE Sowie alle "O16" Eintraege. Du weisst was das ist? O23 - Service: Groove Games Licensing Service - Groove Games - C:\Programme\Gemeinsame Dateien\Groove Games Shared\Service\ggameslicsvc.exe Im Zweifelsfalle auch raus damit... Du koenntest zur Sicherheit deine Temp. Verzeichnisse mit der [URL=http://support.microsoft.com/default.aspx?scid=kb;de;315246]Datentraegerbereinigung[/URL] oder [URL=http://www.ccleaner.com/]anderen[/URL] [URL=http://www.clearprog.de/programme/clearprog/index.php]Programmen[/URL] leeren und die [URL=http://www.bsi.bund.de/av/texte/wiederher_xp.htm]Systemwiederherstellung[/URL] deaktivieren, neu starten und wieder aktivieren. Pruefe den Rechner bitte noch mit [URL=http://www.trojaner-info.de/hijacker/escan.shtml]eScan[/URL] und sag, wenn es etwas gefunden haben sollte. Ein Update ist nicht noetig, nur solltest du den Scan im abgesicherten Modus machen. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
23.04.2005, 22:42
Member
Themenstarter Beiträge: 16 |
||
|
||
23.04.2005, 22:59
Moderator
Beiträge: 7805 |
#4
Die "O16" Eintraege solltst du fixen! Zu Den einzelnen Punkten bei Hijackthis findest du hier informatioenen:
http://www.trojaner-info.de/anleitungen/hijackthis/htlogtutorial.html __________ MfG Ralf SEO-Spam Hunter |
|
|
||
23.04.2005, 23:09
Member
Themenstarter Beiträge: 16 |
#5
die werbung ist wieder da und die favs sind immer noch nicht sauber
|
|
|
||
24.04.2005, 08:51
Moderator
Beiträge: 7805 |
#6
Die Favoriten musst du auch selber loeschen, ueber Favorieten/verwalten im IE. Mache das aber erst, wenn der Rechner sonst sauber ist.
Bitte poste nun folgendes: Ein hijackthis log, eine uninstall liste und einen scan mit Escan und sag, was alles als "infected" oder "tagged as" gefunden wurde. Fuer das uninstall.log bitte Hijackthis starten, dann auf "Open misc tools section"/Open uninstallmanager/Save list/ Diese Speichern und den Inhalt des Aufpoppenden Editors hier ebenfalls posten. [Nachtrag: Du kannst es auch mit dem offiziellen Cleaner dafuer versuchen. Garantie gibt es dafuer nicht! http://lop.com/new_uninstall.exe ] __________ MfG Ralf SEO-Spam Hunter |
|
|
||
24.04.2005, 10:32
Member
Themenstarter Beiträge: 16 |
#7
das offiezielle tool ist ein trojaner
hijack this logfile Logfile of HijackThis v1.99.1 Scan saved at 10:26:38, on 24.04.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\Programme\Softwin\BitDefender8\vsserv.exe C:\WINDOWS\Explorer.EXE C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe C:\Programme\Softwin\BitDefender8\bdoesrv.exe C:\programme\softwin\bitdefender8\bdnagent.exe C:\WINDOWS\Mixer.exe C:\Programme\MessengerPlus! 3\MsgPlus.exe C:\Programme\Yahoo!\Messenger\ypager.exe C:\WINDOWS\System32\ctfmon.exe c:\progra~1\intern~1\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Outlook Express\msimn.exe C:\Program Files\mIRC\mirc.exe C:\Programme\teamspeak2_RC2\TeamSpeak.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Winamp\winamp.exe C:\Programme\Internet Explorer\IEXPLORE.EXE D:\downloads\HijackThis.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_3_0.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_3_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [BDNewsAgent] c:\programme\softwin\bitdefender8\bdnagent.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [basebat] C:\DOKUME~1\RAYNE_~1\ANWEND~1\BENDNA~1\SOFTWAREPLUS4.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: MSI Media Center Deluxe II.lnk = C:\Programme\MSI\Media Center Deluxe II\Projector.exe O4 - Global Startup: WinIRXHelper.lnk = C:\Programme\MSI\Media Center Deluxe II\WinIRXHelper.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Groove Games Licensing Service - Groove Games - C:\Programme\Gemeinsame Dateien\Groove Games Shared\Service\ggameslicsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe uninstall list 3DMark05 ACE-HIGH MP3 WAV WMA OGG Converter Ad-aware 6 Personal Adobe Download Manager 1.2 (Nur entfernen) Adobe MPEG Encoder Adobe Premiere 6.5 Adobe Reader 6.0.1 Advanced Networking Pack fur Windows XP Alcohol 120% (Trial Version) BitDefender 8 Professional Plus BitTorrent 3.4.2 Codec Pack - All In 1 5.0.4.8 Diet K DivX Player DivX Pro Codec Adware eMule EVEREST Home Edition v1.10 Far Cry Fraps (remove only) HighMAT-Erweiterung fur den Microsoft Windows XP-Assistenten zum Schreiben von CDs HijackThis 1.99.1 ICQ 5 InstallRTC Intel A/V Codecs V2.0 Intel(R) PRO Network Adapters and Drivers Internet Explorer Q831167 Ipswitch WS_FTP Pro IrfanView (remove only) Java 2 Runtime Environment, SE v1.4.1_02 Java Web Start Kazaa Lite K++ v2.4.3 Macromedia Dreamweaver MX Macromedia Extension Manager Macromedia Shockwave Player Messenger Plus! 3 Microsoft Word 97 mIRC MSI Media Center Deluxe II MSN Add-In fur Windows Messenger MSN Messenger 6.2 Nero 6 Ultra Edition Netscape (7.1) NVIDIA Drivers Outlook Express Q837009 Pariah Multiplayer Demo Pariah Multiplayer Demo [Try&Die] (Shared Components) PCI Audio Driver PowerDVD PowerQuest PartitionMagic 8.0 QuickTime SpeechRedist Spybot - Search & Destroy 1.3 TeamSpeak 2 RC2 Totalidea RAM-Disk Driver Unreal Tournament 2004 Viewpoint Media Player (Remove Only) Winamp (remove only) Windows Media Encoder 7.1 Windows Media Format Runtime Windows Media Player 10 Windows Media Player-Hotfix [Weitere Informationen finden Sie in KB837272] Windows Media Player-Hotfix [Weitere Informationen finden Sie in Q828026] Windows XP-Hotfix - KB820291 Windows XP-Hotfix - KB821253 Windows XP-Hotfix - KB822603 Windows XP-Hotfix - KB823182 Windows XP-Hotfix - KB824105 Windows XP-Hotfix - KB824141 Windows XP-Hotfix - KB825119 Windows XP-Hotfix - KB826939 Windows XP-Hotfix - KB826942 Windows XP-Hotfix - KB828028 Windows XP-Hotfix - KB828035 Windows XP-Hotfix - KB828741 Windows XP-Hotfix - KB833998 Windows XP-Hotfix - KB835732 Windows XP-Hotfix - KB837001 Windows XP-Hotfix - KB840374 Windows XP-Hotfix - KB842773 Windows XP-Hotfix (SP2) Q322011 Windows XP-Hotfix (SP2) Q327979 Windows XP-Hotfix (SP2) Q814995 Windows XP-Hotfix (SP2) Q819696 WinRAR Archivierer Yahoo! Anti-Spy (BETA) Yahoo! Messenger Yahoo! Toolbar eScan File c:\dokume~1\rayne_~1\lokale~1\temp\sfwglcjl.exe infected by "not-a-virus:AdWare.Lop.m" Virus. Action Taken: No Action Taken. File C:\PROGRA~2\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.14. No Action Taken. File C:\DOKUME~1\RAYNE_~1\ANWEND~1\BENDNA~1\SOFTWAREPLUS4.exe infected by "not-a-virus:AdWare.Lop.m" Virus. Action Taken: No Action Taken. |
|
|
||
25.04.2005, 17:51
Ehrenmitglied
Beiträge: 29434 |
#8
Hallo@rayne
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren + Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [basebat] C:\DOKUME~1\RAYNE_~1\ANWENDUNGSDATEN\BENDNA~1\SOFTWAREPLUS4.exe PC neustarten MessengerPlus3<---deinstallieren Loeschen: C:\Dokumente und Einstellungen\rayne_~1\Lokale Einstellungen\Temp\sfwglcjl.exe C:\Dokumente und Einstellungen\RAYNE_~1\ANWENDUNGSDATEN\BENDNA~1\SOFTWAREPLUS4.exe CCleaner--> loesche alle *temp-Datein http://www.ccleaner.com/ccdownload.asp #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.04.2005, 16:05
Member
Themenstarter Beiträge: 16 |
#9
Ad-Aware SE Build 1.05
Logfile Created onienstag, 26. April 2005 07:03:41 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R41 25.04.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 26.04.2005 07:03:41 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Rayne_2004\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\macromedia\dreamweaver 6\recent file list Description : list of recently used files in macromedia dreamweaver MRU List Object Recognized! Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\mediaplayer\preferences Description : last search path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 668 ThreadCreationTime : 26.04.2005 04:59:39 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 716 ThreadCreationTime : 26.04.2005 04:59:40 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 740 ThreadCreationTime : 26.04.2005 04:59:42 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 784 ThreadCreationTime : 26.04.2005 04:59:42 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 796 ThreadCreationTime : 26.04.2005 04:59:42 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 976 ThreadCreationTime : 26.04.2005 04:59:43 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1104 ThreadCreationTime : 26.04.2005 04:59:43 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1252 ThreadCreationTime : 26.04.2005 04:59:44 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1396 ThreadCreationTime : 26.04.2005 04:59:44 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1584 ThreadCreationTime : 26.04.2005 04:59:44 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:11 [btwdins.exe] FilePath : C:\Programme\WIDCOMM\Bluetooth Software\bin\ ProcessID : 1792 ThreadCreationTime : 26.04.2005 04:59:53 BasePriority : Normal FileVersion : 1.4.2 Build 10 ProductVersion : 1.4.2 Build 10 ProductName : Bluetooth Software 1.4.2 Build 10 CompanyName : WIDCOMM, Inc. FileDescription : Bluetooth Support Server InternalName : BTWDIns LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003. OriginalFilename : BTWDIns.EXE #:12 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1836 ThreadCreationTime : 26.04.2005 04:59:53 BasePriority : Normal FileVersion : 6.14.10.6693 ProductVersion : 6.14.10.6693 ProductName : NVIDIA Driver Helper Service, Version 66.93 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 66.93 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:13 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1916 ThreadCreationTime : 26.04.2005 04:59:53 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:14 [xcommsvr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\ ProcessID : 180 ThreadCreationTime : 26.04.2005 04:59:53 BasePriority : Normal FileVersion : 1, 7, 0, 6 ProductVersion : 1, 7, 0, 6 ProductName : Softwin BitDefender Communicator Server CompanyName : Softwin FileDescription : BitDefender Communicator Server InternalName : XCOMMSVR LegalCopyright : Copyright © 2003-2004 Softwin OriginalFilename : xcommsvr.exe Comments : Manages communication between BitDefender components #:15 [bdss.exe] FilePath : C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\ ProcessID : 232 ThreadCreationTime : 26.04.2005 04:59:53 BasePriority : Normal #:16 [vsserv.exe] FilePath : C:\Programme\Softwin\BitDefender8\ ProcessID : 428 ThreadCreationTime : 26.04.2005 05:00:01 BasePriority : Normal #:17 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 524 ThreadCreationTime : 26.04.2005 05:00:39 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatische Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : wuauclt.exe #:18 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1080 ThreadCreationTime : 26.04.2005 05:00:45 BasePriority : Normal FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:19 [icqlite.exe] FilePath : C:\Programme\ICQLite\ ProcessID : 1292 ThreadCreationTime : 26.04.2005 05:00:49 BasePriority : Normal FileVersion : 20, 32, 2315, 0 ProductVersion : 20, 32, 2315, 0 ProductName : ICQLite CompanyName : ICQ Ltd. FileDescription : ICQLite InternalName : ICQ Lite LegalCopyright : Copyright (C) 2002 OriginalFilename : ICQLite.exe #:20 [rundll32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1716 ThreadCreationTime : 26.04.2005 05:00:50 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Eine DLL-Datei als Anwendung ausführen InternalName : rundll LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : RUNDLL.EXE #:21 [bdmcon.exe] FilePath : C:\PROGRA~1\softwin\BITDEF~1\ ProcessID : 1956 ThreadCreationTime : 26.04.2005 05:00:50 BasePriority : Normal FileVersion : 8.1.0.0 ProductVersion : 8.1.0.0 ProductName : BitDefender 8 CompanyName : SOFTWIN S.R.L. FileDescription : BitDefender Management Console InternalName : Management Console LegalCopyright : © 2005 SOFTWIN S.R.L. OriginalFilename : bdmcon.exe #:22 [bdoesrv.exe] FilePath : C:\Programme\Softwin\BitDefender8\ ProcessID : 276 ThreadCreationTime : 26.04.2005 05:00:52 BasePriority : Normal FileVersion : 8, 1, 0, 0 ProductVersion : 8, 1, 0, 0 ProductName : Bitdefender 8 CompanyName : SOFTWIN SRL FileDescription : bdoesrv application InternalName : bdoesrv LegalCopyright : © 2005 SOFTWIN S.R.L. OriginalFilename : bdoesrv.exe #:23 [bdnagent.exe] FilePath : C:\programme\softwin\bitdefender8\ ProcessID : 612 ThreadCreationTime : 26.04.2005 05:00:53 BasePriority : Normal #:24 [mixer.exe] FilePath : C:\WINDOWS\ ProcessID : 636 ThreadCreationTime : 26.04.2005 05:00:53 BasePriority : Normal FileVersion : 1.58 ProductVersion : 1.58 ProductName : Mixer CompanyName : C-Media Electronic Inc. (www.cmedia.com.tw) FileDescription : Mixer InternalName : Mixer LegalCopyright : Copyright (C) 1997-2002 LegalTrademarks : NONE OriginalFilename : Mixer.EXE Comments : Feng Min-Chih (min_chih@cmedia.com.tw) #:25 [ypager.exe] FilePath : C:\Programme\Yahoo!\Messenger\ ProcessID : 656 ThreadCreationTime : 26.04.2005 05:00:53 BasePriority : Normal FileVersion : 6,0,0,1750 ProductVersion : 6,0,0,1750 ProductName : Yahoo! Messenger CompanyName : Yahoo! Inc. FileDescription : Yahoo! Messenger InternalName : Yahoo! Messengerr LegalCopyright : Copyright 1998-2004 OriginalFilename : YPager.exe #:26 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 568 ThreadCreationTime : 26.04.2005 05:00:53 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:27 [msnmsgr.exe] FilePath : C:\Programme\MSN Messenger\ ProcessID : 1412 ThreadCreationTime : 26.04.2005 05:00:53 BasePriority : Normal FileVersion : 6.2.0205 ProductVersion : Version 6.2 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:28 [bttray.exe] FilePath : C:\Programme\WIDCOMM\Bluetooth Software\ ProcessID : 840 ThreadCreationTime : 26.04.2005 05:00:55 BasePriority : Normal FileVersion : 1.4.2 Build 10 ProductVersion : 1.4.2 Build 10 ProductName : Bluetooth Software 1.4.2 Build 10 CompanyName : WIDCOMM, Inc. FileDescription : Bluetooth Tray Application InternalName : BTTray LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003. OriginalFilename : BTTray.exe #:29 [btstac~1.exe] FilePath : C:\PROGRA~1\WIDCOMM\BLUETO~1\ ProcessID : 1352 ThreadCreationTime : 26.04.2005 05:00:58 BasePriority : Normal FileVersion : 1.4.2 Build 10 ProductVersion : 1.4.2 Build 10 ProductName : Bluetooth Software 1.4.2 Build 10 CompanyName : WIDCOMM, Inc. FileDescription : Bluetooth Stack COM Server InternalName : BTStackServer LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003. OriginalFilename : BTStackServer.exe #:30 [msimn.exe] FilePath : C:\Programme\Outlook Express\ ProcessID : 2532 ThreadCreationTime : 26.04.2005 05:01:58 BasePriority : Normal FileVersion : 6.00.2800.1123 ProductVersion : 6.00.2800.1123 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Outlook Express InternalName : MSIMN LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : MSIMN.EXE #:31 [mirc.exe] FilePath : C:\Program Files\mIRC\ ProcessID : 2552 ThreadCreationTime : 26.04.2005 05:02:00 BasePriority : Normal FileVersion : 6.14 ProductVersion : 6.14 ProductName : mIRC CompanyName : mIRC Co. Ltd. FileDescription : mIRC InternalName : mIRC LegalCopyright : Copyright © 1995-2004 mIRC Co. Ltd. LegalTrademarks : mIRC® is a Registered Trademark of mIRC Co. Ltd. OriginalFilename : mirc.exe #:32 [msmsgs.exe] FilePath : C:\Programme\Messenger\ ProcessID : 2580 ThreadCreationTime : 26.04.2005 05:02:00 BasePriority : Normal FileVersion : 4.7.2010 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:33 [teamspeak.exe] FilePath : C:\Programme\teamspeak2_RC2\ ProcessID : 2588 ThreadCreationTime : 26.04.2005 05:02:01 BasePriority : Normal FileVersion : 2.0.32.60 ProductVersion : 2.0.32.60 ProductName : TeamSpeak 2 Client CompanyName : Dominating Bytes Design FileDescription : The TeamSpeak 2 client InternalName : TeamSpeak.exe LegalCopyright : (c) 2002-2003 Dominating Bytes Design OriginalFilename : TeamSpeak.exe #:34 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3048 ThreadCreationTime : 26.04.2005 05:03:33 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 14 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\adm.exe AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\adm.exe Value : AppID AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\altnet signing module.exe AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\altnet signing module.exe Value : AppID Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 7 Objects found so far: 21 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 21 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : rayne_2004@adtech[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:rayne_2004@adtech.de/ Expires : 23.04.2015 22:18:42 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : rayne_2004@as1.falkag[1].txt Category : Data Miner Comment : Hits:5 Value : Cookie:rayne_2004@as1.falkag.de/ Expires : 25.05.2005 22:21:20 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : rayne_2004@tradedoubler[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:rayne_2004@tradedoubler.com/ Expires : 26.04.2005 10:19:52 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : rayne_2004@2o7[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:rayne_2004@2o7.net/ Expires : 25.04.2010 07:01:44 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : rayne_2004@serving-sys[2].txt Category : Data Miner Comment : Hits:3 Value : Cookie:rayne_2004@serving-sys.com/ Expires : 01.01.2038 07:00:00 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : rayne_2004@weborama[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:rayne_2004@weborama.fr/ Expires : 26.04.2007 07:01:38 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 6 Objects found so far: 27 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» <STOP> ad awar bleibt immer bei einer datei haengen |
|
|
||
27.04.2005, 12:21
Ehrenmitglied
Beiträge: 29434 |
||
|
||
27.04.2005, 19:58
Member
Themenstarter Beiträge: 16 |
#11
problem erfolgreich geloerst!!
DANKE fuer die hilfe |
|
|
||
jetzt habe ich die laestige werbung, die ich mittlerweile schon wegbekommen habe, das einzige, was mich noch stoert sind die eintraege, die sich in den favs festgesetzt haben
habe mir ein hijack this logfile angelegt, aber blick da nicht so ganz durch
vielleicht kann mir ja jemand helfen
Logfile of HijackThis v1.99.1
Scan saved at 13:15:26, on 23.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\programme\softwin\bitdefender8\bdnagent.exe
C:\WINDOWS\Mixer.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Programme\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\Programme\Winamp\winamp.exe
C:\Programme\Diet K\DietK.exe
C:\Programme\Kazaa-Lite\KazaaLite.kpp
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\downloads\HijackThis.exe
F3 - REG:win.ini: run=
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_3_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_3_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinFast Schedule] C:\Programme\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\programme\softwin\bitdefender8\bdnagent.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [basebat] C:\DOKUME~1\RAYNE_~1\ANWEND~1\BENDNA~1\SOFTWAREPLUS4.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: MSI Media Center Deluxe II.lnk = C:\Programme\MSI\Media Center Deluxe II\Projector.exe
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinIRXHelper.lnk = C:\Programme\MSI\Media Center Deluxe II\WinIRXHelper.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {11F44F56-0B88-41E6-BA33-A86E5E216F1E} (bilder_vobis_de_bilduebertragung) - http://www.bilder.vobis.de/upload/bilder_vobis_bilduebertragung.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104282085671
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instantservice.com/jars/customerxsigned41.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://eq2beta.station.sony.com/beta_reg/de/soesysinfo.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Programme\Gemeinsame Dateien\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe