virus (trojaner?) per msn messenger,werd ihn net los |
||
---|---|---|
#0
| ||
26.03.2008, 09:46
...neu hier
Beiträge: 8 |
||
|
||
26.03.2008, 10:44
Ehrenmitglied
Beiträge: 29434 |
#77
Hallo Mira_
wende bitte Combofix an + poste den report http://www.virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.03.2008, 12:38
...neu hier
Beiträge: 8 |
#78
hoi sabina, merci viel mal fuer deine antwort...also log zeigt das an:
ComboFix 08-03-25.4 - mira 2008-03-26 12:33:57.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1404 [GMT 1:00] Running from: C:\Documents and Settings\mira\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . ((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))) . 2008-03-26 10:54 . 2008-03-26 10:54 <DIR> d-------- C:\Documents and Settings\mira\Application Data\Grisoft 2008-03-26 10:53 . 2008-03-26 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-26 10:53 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-26 09:26 . 2008-03-26 09:26 <DIR> d-------- C:\Program Files\Safari 2008-03-25 22:30 . 2008-03-25 22:30 37,376 -r-hs---- C:\WINDOWS\msn.com 2008-03-18 23:15 . 2008-03-18 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith 2008-03-18 23:14 . 2008-03-18 23:14 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared 2008-03-10 18:45 . 2008-03-10 18:45 <DIR> d-------- C:\Documents and Settings\mira\Application Data\EarMaster 2008-03-10 18:45 . 2008-03-10 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EarMaster 2008-03-09 17:06 . 2008-03-26 11:45 <DIR> d-------- C:\Documents and Settings\mira\Application Data\skypePM 2008-03-09 17:06 . 2008-03-09 17:06 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-09 17:05 . 2008-03-09 17:05 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-02-28 17:01 . 2008-02-28 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-02-27 08:56 . 2008-02-27 08:56 <DIR> d-------- C:\Program Files\iPod 2008-02-27 08:56 . 2008-03-25 09:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-27 08:56 . 2008-02-27 08:56 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-27 08:55 . 2008-02-27 08:56 <DIR> d-------- C:\Program Files\iTunes 2008-02-27 08:53 . 2008-02-27 08:54 <DIR> d-------- C:\Program Files\QuickTime 2008-02-26 18:53 . 2008-02-26 18:53 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-02-26 18:51 . 2008-02-26 18:52 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-02-26 18:51 . 2008-02-26 18:51 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-02-26 18:33 . 2008-02-27 09:02 <DIR> d-------- C:\Program Files\Windows Live 2008-02-26 18:33 . 2008-02-26 18:47 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-26 18:32 . 2008-02-26 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-26 17:29 . 2007-10-12 02:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll 2008-02-26 17:13 . 2007-10-12 02:59 1,920,920 --a------ C:\WINDOWS\system32\drivers\lvpopflt.sys 2008-02-26 17:12 . 2007-10-12 03:00 3,647,384 --a------ C:\WINDOWS\system32\drivers\lvuvc.sys 2008-02-26 17:12 . 2007-10-12 03:00 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll 2008-02-26 17:12 . 2007-10-12 03:00 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll 2008-02-26 17:12 . 2007-10-12 02:57 416,280 --a------ C:\WINDOWS\system32\lvcodec2.dll 2008-02-26 17:12 . 2007-10-12 02:11 59,500 --a------ C:\WINDOWS\system32\lvcoinst.ini 2008-02-26 17:12 . 2007-10-12 03:00 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2008-02-26 17:12 . 2007-10-12 03:01 23,832 --a------ C:\WINDOWS\system32\drivers\lvuvcflt.sys 2008-02-26 17:12 . 2007-10-12 02:18 21,138 --a------ C:\WINDOWS\system32\Repository.reg . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-26 10:59 --------- d-----w C:\Documents and Settings\mira\Application Data\Skype 2008-03-25 08:01 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs 2008-03-25 08:01 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad 2008-02-28 16:01 --------- d-----w C:\Documents and Settings\mira\Application Data\Uniblue 2008-02-26 16:29 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-02-26 16:27 --------- d-----w C:\Program Files\Logitech 2008-02-26 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-02-26 15:32 --------- d-----w C:\Program Files\Common Files\Logitech 2008-02-19 08:03 --------- d-----w C:\Documents and Settings\mira\Application Data\System Tweaker 2008-02-18 21:08 --------- d--h--r C:\Documents and Settings\mira\Application Data\yahoo! 2008-02-18 19:37 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-17 13:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX 2008-02-17 13:24 --------- d-----w C:\Program Files\Common Files\MAGIX Shared 2008-02-15 07:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-02-12 11:10 --------- d-----w C:\Program Files\Yahoo! 2008-02-12 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-02-05 17:17 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys 2008-02-01 10:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-01-18 10:11 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue PowerSuite"="D:\Uniblue\PowerSuite\PowerSuite.exe" [2008-01-29 09:20 3202832] "Uniblue RegistryBooster 2"="D:\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 08:58 1885464] "Uniblue SpeedUpMyPC"="D:\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-01-29 08:53 9442584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 16:30 864256] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920] "BitDefender Antiphishing Helper"="E:\bitdefender\IEShow.exe" [2007-10-09 15:46 61440] "BDAgent"="E:\bitdefender\bdagent.exe" [2008-02-24 22:32 360448] "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 00:30 1687824] "Adobe Reader Speed Launcher"="E:\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 10:45 63712] "!AVG Anti-Spyware"="D:\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-10-12 03:03 439568] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-07 13:19:00 67128] Phone Connection Monitor.lnk - E:\P800 P900\Mobile\audevicemgr.exe [2007-09-03 20:39:03 754176] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "D:\Program Files\Microsoft ActiveSync\rapimgr.exe"= D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"= D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 d343bus;d343bus;C:\WINDOWS\system32\DRIVERS\d343bus.sys [2003-12-15 17:46] R0 d343port;d343port;C:\WINDOWS\system32\DRIVERS\d343port.sys [2003-12-15 16:29] R2 LANPkt;Realtek LANPkt Protocol;C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 14:57] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-02-05 18:17] R3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 16:27] R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 22:43] S3 Diag69xp;Diag69xp;C:\WINDOWS\system32\Drivers\Diag69xp.sys [2003-09-02 10:25] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0244df1-c274-11dc-9db0-001109daead4}] \Shell\AutoRun\command - I:\wd_windows_tools\setup.exe *Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER *Newly Created Service* - AVG_ANTI-SPYWARE_GUARD *Newly Created Service* - FB4642DD *Newly Created Service* - FDFD585B . Contents of the 'Scheduled Tasks' folder "2008-03-26 07:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-26 11:18:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-03-11 08:14:12 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - D:\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-02-20 08:14:21 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - D:\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-02-28 16:28:46 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - D:\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-26 12:37:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ . Completion time: 2008-03-26 12:39:13 ComboFix-quarantined-files.txt 2008-03-26 11:39:01 . 2008-03-20 09:59:04 --- E O F --- liebe gruesse mira |
|
|
||
26.03.2008, 13:26
Ehrenmitglied
Beiträge: 29434 |
#79
Hallo mira_
1. beende im Taskmanager: C:\WINDOWS\msn.com 2. http://www.virus-protect.org/artikel/tools/otmoveIt.html öffne: OTMoveIt.exe Kopiere rein: im linken Fenster ,wo steht: Paste Standard List of Files/Folders to be Move Zitat C:\WINDOWS\msn.comKlicke auf den Roten MoveIt! »» poste hier das Löschlog, was erscheint 3. lade MSNFix.zip - die batdatei MSNFix anklicken - L schreiben, so kannst du die Sprache wählen (G steht für Deutsch) dann R schreiben, so beginnt die Suche..warte, dann schreibe Q, so beginnt die Reinigung http://sosvirus.changelog.fr/MSNFix.zip Anleitung (in französchisch) http://www.malekal.com/tutorial_MSNFix.php 4. scanne mit Bitdefender + poste den report http://board.protecus.de/t8642.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.03.2008, 13:36
...neu hier
Beiträge: 8 |
#80
heya again
also im OTMoveIt2 habe ich rechts : OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03262008_134342 mehr habe ich im fenster nicht... lg mira |
|
|
||
26.03.2008, 13:39
Ehrenmitglied
Beiträge: 29434 |
#81
hier kopierst du ein:
C:\WINDOWS\msn.com und klickst den roten MoveIt! __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.03.2008, 13:42
Ehrenmitglied
Beiträge: 29434 |
#82
DANACH:
lade MSNFix.zip - die batdatei MSNFix anklicken - L schreiben, so kannst du die Sprache wählen (G steht für Deutsch) dann R schreiben, so beginnt die Suche..warte, dann schreibe Q, so beginnt die Reinigung http://sosvirus.changelog.fr/MSNFix.zip Anleitung (in französchisch) http://www.malekal.com/tutorial_MSNFix.php __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.03.2008, 13:47
...neu hier
Beiträge: 8 |
#83
hoi sabine
also vom msnfix have ich folgendes: MSNFix 1.691 C:\Documents and Settings\mira\Local Settings\Temp\MSNFix\MSNFix Scan done at 2008-03-26 - 13:51:00.55 By mira normal mode ************************ Checking Files No files found ************************ Checking Folders No Folders Found ************************ Suspect Files /!\ The detected files must be reviewed by a forum Helper before changes can be made [C:\WINDOWS\system32\WinFXDocObj.exe] 660336AD0305C852122C5EEBBACE9BAF [color=#FF0000]==>[/color] Please upload the file C:\DOCUME~1\mira\Desktop\Upload_Me.zip to http://upload.changelog.fr ************************ HKLM\...\Winlogon\Userinit Userinit = C:\WINDOWS\system32\userinit.exe, ------------------------------------------------------------------------ Author : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- was meinst du dazu? llg mira |
|
|
||
26.03.2008, 14:02
Ehrenmitglied
Beiträge: 29434 |
#84
nun, das sieht gut aus
hast du schon die msn.com mit OTMoveIt2 gelöscht ? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.03.2008, 14:08
...neu hier
Beiträge: 8 |
||
|
||
26.03.2008, 14:10
Ehrenmitglied
Beiträge: 29434 |
#86
welches Programm fordert dich auf in den abgesicherten Modus zu booten ?
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.03.2008, 14:13
...neu hier
Beiträge: 8 |
#87
ahem keinen aber bitdefender konnte erstmals den virus nicht entfernen desshalb dachte ich mir wenn ich im safe modus starte das programm evtl. sauber...
xxmira sabina, ich werde den bitdefender nochmals arbeiten lassen und hoffe dass nach dem scan alles sauber wieder lauft...msn habe ich seit gestern nicht mehr gestartet. gibt es evtl. etwas was ich noch machen muss im programm selber oder sollte alles wieder ok sein? ich danke dir viel viel mals fuer deine hilfe support und geduld jetzt kann ich ruhiger abfliegen...muss um 19h am flughafen sein ganz liebe gruesse mira Dieser Beitrag wurde am 26.03.2008 um 14:27 Uhr von Mira_ editiert.
|
|
|
||
26.03.2008, 14:29
Ehrenmitglied
Beiträge: 29434 |
#88
Hallo mira_
«« otmoveIt klicken: CleanUp! button « ja, scanne noch mal mit dem Onlinescanner Scanner im abgesicherte Modus, (kann auch im normalmodus sein) dann starte den Messi neu + berichte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.03.2008, 15:00
...neu hier
Beiträge: 8 |
#89
als ich im otmovelIt das file removed habe, hat er die meldung gegeben dass es successfully war. ich mag mich nicht mehr erinnern ob ich denn das clean up gemacht habe aber wenn ich jetzt das file wieder eingebe findet das programm das file natuerlich nicht mehr. und wenn ich das clean up button druecke kommt eine ganz andere liste im linken teil...ich denke nicht dass ich damit etwas machen muss...oder? wichtig ist dass das file weg ist...nicht?
lg mira |
|
|
||
26.03.2008, 15:03
Ehrenmitglied
Beiträge: 29434 |
#90
klicken: CleanUp! button
cleanup.txt wird vom Internet geladen (von Firewall zulassen!) Begin cleanup process? klicke: Yes. - "Do you want to reboot?" klicke Yes so wird von OTMoveIt2 automatisch alles an Tools entfernt, die zur Virenreinigung geladen wurden. - inklusive die Backups + Virus __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:40:19, on 26.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
E:\bitdefender\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\bitdefender\bdagent.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Uniblue\PowerSuite\PowerSuite.exe
D:\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
E:\P800 P900\Mobile\audevicemgr.exe
D:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
e:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\P800P9~1\Mobile\CONNEC~1\CONNMN~1.EXE
E:\P800P9~1\Mobile\CONNEC~1\CapMan.exe
E:\P800P9~1\Mobile\CONNEC~1\ElogErr.exe
E:\P800P9~1\Mobile\CONNEC~1\BROADC~1.EXE
E:\P800P9~1\Mobile\CONNEC~1\SCRFS.exe
E:\P800P9~1\Mobile\AUFILE~1.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
E:\P800P9~1\Mobile\CONNEC~1\Ecfmserv.exe
D:\SpeedUpMyPC 3\SpeedUpMyPC.exe
D:\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\msn.com
E:\bitdefender\seccenter.exe
E:\bitdefender\uiscan.exe
E:\bitdefender\uiscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mira\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - E:\bitdefender\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "E:\bitdefender\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "E:\bitdefender\bdagent.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [Uniblue PowerSuite] D:\Uniblue\PowerSuite\PowerSuite.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] D:\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0990 -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0990 -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Phone Connection Monitor.lnk = E:\P800 P900\Mobile\audevicemgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178804291750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178870033218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = develop.local
O17 - HKLM\Software\..\Telephony: DomainName = develop.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{86019400-0F03-4824-A5A2-5B49E7652396}: NameServer = 10.0.0.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = develop.local
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - E:\bitdefender\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 11567 bytes
ich waere um eine hilfe sehr froh...bitte
merci viel mal
mira