Tr/startpa.du.dll.1 |
||
---|---|---|
#0
| ||
16.06.2005, 13:59
...neu hier
Beiträge: 2 |
||
|
||
19.06.2005, 17:29
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@Caddy
wenn du die XP-CD bei der Hand hast, dann formatiere, das geht schneller, als tagelange Reinigungen. (und das System ist sehr verseucht.........) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.06.2005, 17:57
...neu hier
Themenstarter Beiträge: 2 |
#3
Jo, genau das hab ich mir gestern auch gedacht
naja system läuft jetzt wieder bestens, trotzdem heißen dank für die antwort |
|
|
||
04.07.2005, 11:55
...neu hier
Beiträge: 4 |
#4
Hallo Sabina,
könntest du dir bitte auch mein HJT Lockfile anschauen und mir einen Rat geben, was ich jetzt am besten tue? Logfile of HijackThis v1.99.1 Scan saved at 11:53:50, on 04.07.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\sdkjw.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\PROGRA~1\Iomega\System32\AppServices.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\system32\usrbridg.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\1XConfig.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Program Files\Media Access\MediaAccK.exe C:\Program Files\Media Access\MediaAccess.exe C:\WINDOWS\system32\ntsa.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\AIM95\aim.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Sandra\Eigene Dateien\Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vnszf.dll/sp.html#69959 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vnszf.dll/sp.html#69959 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vnszf.dll/sp.html#69959 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vnszf.dll/sp.html#69959 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vnszf.dll/sp.html#69959 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vnszf.dll/sp.html#69959 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vnszf.dll/sp.html#69959 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hecki R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: Class - {FEDEDE09-9933-49F9-EDC7-9EFF9FDECDCB} - C:\WINDOWS\system32\javagg32.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\System32\ZCfgSvc.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe O4 - HKLM\..\Run: [iexplore.exe] C:\Programme\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [ntsa.exe] C:\WINDOWS\system32\ntsa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Programme\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Programme\Iomega\Iomega Automatic Backup\ibackup.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.66.com/route66/images/website/downloads/msjavx86.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c5.cab O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} (IntraLaunch.MainControl) - http://www.tualeta.net/swflash-mcrsoft.cab O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwlc.ops.placeware.com/etc/place/LIMA/SCLpws-c1/5.1.8.511/lib/quicksilver.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19787a1bab81f4919a05/netzip/RdxIE601_de.cab O16 - DPF: {898FBC6E-E394-4D8C-A8A1-441F40110022} (pixelnet_de_bilduebertragung) - http://www.pixelnet.de/upload/pixelnet_de_bilduebertragung.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkjw.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe Herzlichen Dank! Gruss Sandra |
|
|
||
04.07.2005, 12:07
Ehrenmitglied
Beiträge: 29434 |
#5
Hallo@Sandra
Formatieren geht schnell...die Reinigung ist muehevoll und langwierig (und ich gehe in 2 Tagen in Urlaub) Was willst du ? Reinigen oder Formatieren? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.07.2005, 12:20
...neu hier
Beiträge: 4 |
#6
Werde dann wohl formatieren. Kannst du mir noch einen Tipp geben, wie ich meine Daten unverseucht runterholen (sichern) kann, damit ich den Trojaner nicht mitschleppe?
|
|
|
||
04.07.2005, 12:53
Ehrenmitglied
Beiträge: 29434 |
#7
es ist nicht nur ein Trojaner...dein System ist voellig verseucht...sogar Dienste haben die Backdoors erstellt !!!!!!!!
nun, wenn es Text -Dateien sind, die kannst du auf eine zweite Partition z.B D:\ legen (falls du eine hast...sollte man immer) Und dann formatiere nur, wo Windows ist, z.B. C:\ fuer die Zukunft: http://virus-protect.org/nachneuinst.html http://virus-protect.org/ntbackup.html http://virus-protect.org/administrator.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.07.2005, 12:58
...neu hier
Beiträge: 4 |
#8
Noch ne Frage: Welche Dateien greift dieser TR/StartPa.DU.DLL.1 an? Nur den IE? Klaut er Daten von meinem PC? Ich hab versucht Infos zu bekommen, war aber leider erfolglos.
Hat das Logfile noch andere Viren o.ä. erkannt? Mein Antivir hat mir nämlich nur den TR/StartPa.DU.DLL.1 ausgespuckt. Vielen Dank für deine Hilfe. Sandra |
|
|
||
04.07.2005, 13:55
Ehrenmitglied
Beiträge: 29434 |
#9
Zitat Sandra22 posteteder PC ist von Backdoors befallen, die auch Dienste erstellt haben. Die machen auf deinem PC, was sie wollen, kommen an alle Daten ran. und der Startseitentrojaner im Browser registriert alles, was du im Internet machst, also welche Seiten die ansurfst und welche passworte du eingibst. Die Daten werden auf einer bestimmten Seite gespeichert (dort, wohin der Browser umgelenkt wird) und wird irgendwann von dem abgeholt, der den Trojaner erstellt hat) C:\WINDOWS\system32\usrbridg.exe C:\Program Files\Media Access\MediaAccK.exe C:\Program Files\Media Access\MediaAccess.exe C:\WINDOWS\system32\ntsa.exe C:\WINDOWS\system32\javagg32.dll C:\WINDOWS\System32\gah95on6.exe O4 - HKLM\..\Run: [iexplore.exe] C:\Programme\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [ntsa.exe] C:\WINDOWS\system32\ntsa.exe O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.66.com/route66/images/website/downloads/msjavx86.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c5.cab O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} (IntraLaunch.MainControl) - http://www.tualeta.net/swflash-mcrsoft.cab O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwlc.ops.placeware.com/etc/place/LIMA/SCLpws-c1/5.1.8.511/lib/quicksilv er.cab O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkjw.exe Natuerlich kann man das reinigen...wenn du willst .... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.07.2005, 14:56
...neu hier
Beiträge: 4 |
||
|
||
Wäre nett wenn mir wer helfen könnte, bin quasi am verzweifeln und hab auch recht wenig ahnung von trojanern uä.
Problem bei dem Trojaner ist ua das sich der IE immer beim starten öffnet und mir ständig irgendwelche "sicherheitsupdates" andrehen will, dh neue fenster öffnen sich plötzlich mit files die ich runterladen soll.
hier mein log:
Logfile of HijackThis v1.99.1
Scan saved at 13:57:33, on 16.06.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
H:\Programme\Winamp\winampa.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Alcatel One Touch PC Suite 2\DesktopTool\DesktopTool.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Avant Browser\avant.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\systj32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\LVComS.exe
G:\Programme\adobe\Reader\reader_sl.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
G:\hjack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xzxpl.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xzxpl.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xzxpl.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xzxpl.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xzxpl.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xzxpl.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xzxpl.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bittorrentfiles.de/wbb2/index.php?sid=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programme\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {6A68C13B-80CB-8A2B-E2B7-DD786A9B3F26} - C:\WINDOWS\system32\ntyd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] h:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Desktop Tool] "C:\Programme\Alcatel One Touch PC Suite 2\DesktopTool\DesktopTool.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [avant.exe] C:\Programme\Avant Browser\avant.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [PerformCl] C:\WINDOWS\System32\perfcl.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iexplore.exe] C:\Programme\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [systj32.exe] C:\WINDOWS\system32\systj32.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Programme\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = G:\Programme\adobe\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - C:\Programme\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Hervorheben - C:\Programme\Avant Browser\Highlight.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Suchen - C:\Programme\Avant Browser\Search.htm
O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - C:\Programme\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - C:\Programme\Avant Browser\OpenAllLinks.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.morwillsearch.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 63.218.226.78
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} - http://gn.one2bill.de/soft/axload.cab
O18 - Protocol: bw+0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {36C7720D-CCCC-43E4-BB94-DDBAADBFC151} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - G:\Programme\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - G:\Programme\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe