Your Computer is infected! |
||
---|---|---|
#0
| ||
09.11.2005, 18:58
...neu hier
Beiträge: 3 |
||
|
||
10.11.2005, 15:23
Ehrenmitglied
Beiträge: 29434 |
#2
lynx-123
CCleaner http://www.ccleaner.com/ccdownload.asp lösche alle temp-Dateien kopiere hier die 4 Logs http://virus-protect.org/datfindbat.html kopiere hier das Log vom winpfind http://virus-protect.org/winpfind.html Download f-secure-Beta Trial http://www.f-secure.com/blacklight/ doppelklick: blbeta.exe nach dem Check klicke -- next nun findet man eine Textdatei auf dem Desktop: kopiere sie in deinen Thread -------------------------------------------- Info:st3_dll + C:\WINDOWS\adsldpbc.dll http://virus-protect.org/artikel/spyware/st3_dll.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.11.2005, 10:26
...neu hier
Themenstarter Beiträge: 3 |
#3
Ich hab gerade mehrmals versucht die Logs zu posten irgendwie schneidet er dauernt etwas ab. und ich weiß grad nicht was ich jetzt machen soll. Kann ich dir die ganzen logs per mail zukommen lassen ?
|
|
|
||
11.11.2005, 10:31
Ehrenmitglied
Beiträge: 29434 |
#4
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll (file missing) O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O15 - Trusted Zone: *.coolwebsearch.com O15 - Trusted Zone: *.searchmeup.com O18 - Protocol: bw+0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: gg - C:\WINDOWS\adsldpbd.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing) PC neustarten kopiere hier die 4 Logs http://virus-protect.org/datfindbat.html beginne damit, dann sehen wir weiter __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.11.2005, 10:37
...neu hier
Themenstarter Beiträge: 3 |
#5
Sabina der System32 log wird dauernt gekürzt. Kann ich dir schnell die TXT files per mail zukommen lassen? Die Sachen mit HJT hab ich entfernt
|
|
|
||
11.11.2005, 10:41
Ehrenmitglied
Beiträge: 29434 |
#6
du brauchst mir nur die Daten bis September zu schicken...die Daten von 1995 will ich nicht sehen....
unter den PM (private message) kannst du mir die message per mail zukommen lassen. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.11.2005, 14:23
Ehrenmitglied
Beiträge: 29434 |
#7
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 0441-6C3F Verzeichnis von C:\WINDOWS\system32 11.11.2005 10:13 39.992 perfc009.dat 11.11.2005 10:13 311.604 perfh009.dat 11.11.2005 09:37 63.288 LVCOMSX.LOG 11.11.2005 09:37 2.206 wpa.dbl 08.11.2005 19:10 102.400 svchosts.dll 01.11.2005 17:16 316.594 perfh007.dat 01.11.2005 17:16 48.156 perfc007.dat 01.11.2005 17:16 723.744 PerfStringBackup.INI 25.09.2005 14:03 2.266 qtplugin.log 25.09.2005 14:03 380 QuickTime.qtp 18.09.2005 13:47 21.840 SIntfNT.dll 18.09.2005 13:47 17.212 SIntf32.dll 18.09.2005 13:47 12.067 SIntf16.dll 18.09.2005 13:17 43.520 CmdLineExt03.dll 15.04.2005 12:55 23.392 nscompat.tlb 15.04.2005 12:55 16.832 amcompat.tlb 06.04.2005 12:15 110.992 FNTCACHE.DAT 11.03.2005 23:48 56.832 pxcpya64.exe 11.03.2005 23:48 56.320 pxinsa64.exe 11.03.2005 23:48 109.568 pxinsi64.exe 11.03.2005 23:48 61.440 pxhpinst.exe 11.03.2005 23:48 108.544 pxcpyi64.exe 11.03.2005 23:28 151.552 pxwma.dll 11.03.2005 23:28 339.968 pxwave.dll 11.03.2005 23:28 28.672 vxblock.dll 11.03.2005 23:28 172.032 pxmas.dll 11.03.2005 23:28 405.504 pxdrv.dll 11.03.2005 23:28 339.968 px.dll 10.02.2005 21:08 1.103 lvcoinst.log 28.01.2005 14:23 9.216 asferror.dll 28.01.2005 14:23 228.352 wmerror.dll 28.01.2005 14:23 86.016 wmpshell.dll 28.01.2005 14:23 3.407.872 wmploc.dll 28.01.2005 14:23 486.400 Audiodev.dll 28.01.2005 14:23 316.416 MSWMDM.dll 28.01.2005 12:32 895.736 wmvdmod.dll 28.01.2005 12:32 2.370.296 wmvcore.dll 28.01.2005 12:32 1.218.808 wmvadvd.dll 28.01.2005 12:32 774.904 wmsdmod.dll 28.01.2005 12:32 396.528 wmadmod.dll 28.01.2005 12:32 364.784 MSSCP.dll 28.01.2005 12:32 413.944 wmspdmod.dll 28.01.2005 12:32 258.296 drmclien.dll 28.01.2005 07:53 290.816 WMDRMNet.dll 28.01.2005 07:53 335.872 WMDRMdev.dll 28.01.2005 07:53 502.272 drmv2clt.dll 28.01.2005 07:53 294.912 blackbox.dll 28.01.2005 07:53 96.768 drmstor.dll 28.01.2005 07:53 221.184 qasf.dll 28.01.2005 07:53 142.336 msnetobj.dll 28.01.2005 07:53 135.168 wmpasf.dll 28.01.2005 07:53 1.512.448 WMVADVE.DLL 28.01.2005 07:53 28.160 WMDMLOG.dll 28.01.2005 07:53 164.864 cewmdm.dll 28.01.2005 07:53 33.792 WMDMPS.dll 28.01.2005 07:53 282.624 wmpdxm.dll 28.01.2005 07:53 25.088 MsPMSNSv.dll 28.01.2005 07:53 173.568 MsPMSP.dll 28.01.2005 07:53 940.544 wmspdmoe.dll 28.01.2005 07:53 1.119.744 wmsdmoe2.dll 28.01.2005 07:53 1.594.880 wmpencen.dll 28.01.2005 07:53 716.288 wmadmoe.dll 28.01.2005 07:53 175.104 wmpsrcwp.dll 28.01.2005 07:53 1.003.008 wmvdmoe2.dll 28.01.2005 07:53 6.656 laprxy.dll 28.01.2005 07:53 224.768 wmasf.dll 28.01.2005 07:53 1.027.072 wmnetmgr.dll 28.01.2005 07:53 5.525.504 wmp.dll 28.01.2005 07:53 150.016 wmidx.dll 28.01.2005 07:52 20.480 wmpcore.dll 28.01.2005 07:52 20.480 wmp.ocx 28.01.2005 07:52 20.480 wmpcd.dll 28.01.2005 07:52 20.480 wmpui.dll 28.01.2005 00:36 38.912 wpd_ci.dll 28.01.2005 00:36 331.264 wpdsp.dll 28.01.2005 00:36 331.776 wpdmtpdr.dll 28.01.2005 00:36 114.176 wpdmtp.dll 28.01.2005 00:36 66.560 wpdmtpus.dll 28.01.2005 00:36 61.952 wpdconns.dll 28.01.2005 00:36 10.752 wpdtrace.dll 28.01.2005 00:36 47.104 uwdf.exe 28.01.2005 00:36 38.912 wdfmgr.exe 28.01.2005 00:35 15.872 wdfapi.dll 28.01.2005 00:26 360.448 l3codecp.acm 28.01.2005 00:21 96.768 logagent.exe Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 0441-6C3F Verzeichnis von C:\DOKUME~1\Patrick\LOKALE~1\Temp 28.09.2001 17:00 164.864 GLB1A2B.EXE 1 Datei(en) 164.864 Bytes 0 Verzeichnis(se), 12.144.705.536 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 0441-6C3F Verzeichnis von C:\WINDOWS 11.11.2005 09:43 455.651 WindowsUpdate.log 11.11.2005 09:37 159 wiadebug.log 11.11.2005 09:37 50 wiaservc.log 11.11.2005 09:37 2.048 bootstat.dat 09.11.2005 22:27 32.616 SchedLgU.Txt 08.11.2005 19:34 70.656 adsldpbd.dll 08.11.2005 18:30 227 system.ini 08.11.2005 18:30 604 win.ini 07.11.2005 17:44 116 NeroDigital.ini 24.10.2005 19:21 192 winamp.ini 01.10.2005 13:33 99.970 UninstallFirefox.exe 01.10.2005 13:33 4.627 mozver.dat 29.09.2005 12:50 98.795 War3Unin.dat 20.04.2005 16:02 188 mousom.ini 15.04.2005 12:55 316.640 WMSysPr9.prx 03.04.2005 12:17 403 ODBC.INI 03.04.2005 12:17 59 vbaddin.ini 02.03.2005 20:51 118.784 bwUnin-7.2.0.137-8876480SL.exe 28.01.2005 16:07 804 _delis32.ini 28.01.2005 16:07 81.920 bwUnin-6.1.4.68-8876480L.exe Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 0441-6C3F Verzeichnis von C:\ 11.11.2005 10:38 0 sys.txt 11.11.2005 10:38 4.164 system.txt 11.11.2005 10:38 294 systemtemp.txt 11.11.2005 10:38 98.255 system32.txt 11.11.2005 10:24 53.150 system32-teil.txt 11.11.2005 09:37 1.610.612.736 pagefile.sys 09.11.2005 17:31 998 smitfiles.txt 08.11.2005 18:30 194 boot.ini 09.02.2005 17:42 56 scriptpack.ini 28.01.2005 16:07 183 LogiSetup.log 11/11/05 09:59:29 [Info]: BlackLight Engine 1.0.25 initialized 11/11/05 09:59:29 [Info]: OS: 5.1 build 2600 (Service Pack 1) 11/11/05 09:59:29 [Note]: 4019 4 11/11/05 09:59:29 [Note]: 4005 0 11/11/05 09:59:32 [Note]: 4006 0 11/11/05 09:59:32 [Note]: 4011 1720 11/11/05 09:59:32 [Note]: FSRAW library version 1.7.1013 11/11/05 09:59:56 [Note]: 4006 0 11/11/05 09:59:56 [Note]: 4011 1720 11/11/05 09:59:56 [Note]: FSRAW library version 1.7.1013 11/11/05 10:00:10 [Note]: 4007 0 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.11.2005, 14:23
Ehrenmitglied
Beiträge: 29434 |
#8
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600 Internet Explorer Version: 6.0.2800.1106 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... UPX! 08.11.2005 19:34:22 70656 C:\WINDOWS\adsldpbd.dll UPX! 22.08.2004 17:04:56 69120 C:\WINDOWS\daemon.dll Checking %System% folder... UPX! 19.07.2002 17:05:08 269312 C:\WINDOWS\SYSTEM32\devil.dll PEC2 18.08.2001 20:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc UPX! 19.07.2002 17:06:02 27648 C:\WINDOWS\SYSTEM32\ilu.dll UPX! 19.07.2002 17:06:42 16384 C:\WINDOWS\SYSTEM32\ilut.dll Umonitor 29.08.2002 02:43:28 660480 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 18.08.2001 20:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 11.11.2005 09:37:24 S 2048 C:\WINDOWS\bootstat.dat 11.11.2005 09:50:08 H 1024 C:\WINDOWS\system32\config\default.LOG 11.11.2005 09:37:26 H 1024 C:\WINDOWS\system32\config\SAM.LOG 11.11.2005 09:47:32 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 11.11.2005 09:53:46 H 1024 C:\WINDOWS\system32\config\software.LOG 11.11.2005 09:54:58 H 32768 C:\WINDOWS\system32\config\system.LOG 17.09.2005 13:49:28 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\8ee3d30b-153f-4bad-9be6-52d3af80df30 17.09.2005 13:49:28 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 11.11.2005 09:37:26 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 18.08.2001 20:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 29.08.2002 02:43:42 583680 C:\WINDOWS\SYSTEM32\appwiz.cpl Logitech Inc. 01.06.2004 11:02:30 282624 C:\WINDOWS\SYSTEM32\CamCpl.cpl Microsoft Corporation 29.08.2002 02:43:42 132096 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 18.08.2001 20:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 29.08.2002 02:43:42 293376 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 29.08.2002 02:43:42 125440 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 18.08.2001 04:55:10 48640 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 29.08.2002 03:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 19.12.2004 02:51:26 49262 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 18.08.2001 20:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 18.08.2001 20:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 18.08.2001 20:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 18.08.2001 20:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 18.08.2001 20:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 18.08.2001 20:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 18.08.2001 20:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl Apple Computer, Inc. 23.09.2004 18:57:40 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl Microsoft Corporation 29.08.2002 02:43:42 272896 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 18.08.2001 20:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 18.08.2001 20:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 03.08.2004 13:59:08 168216 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 18.08.2001 20:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 29.08.2002 02:43:42 583680 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl Microsoft Corporation 29.08.2002 02:43:42 132096 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl Microsoft Corporation 18.08.2001 20:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 29.08.2002 02:43:42 293376 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 29.08.2002 02:43:42 125440 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl Microsoft Corporation 29.08.2002 03:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation 18.08.2001 20:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 18.08.2001 20:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation 18.08.2001 20:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 18.08.2001 20:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 18.08.2001 20:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation 18.08.2001 20:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 18.08.2001 20:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation 29.08.2002 02:43:42 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl Microsoft Corporation 29.08.2002 02:43:42 272896 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl Microsoft Corporation 18.08.2001 20:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 18.08.2001 20:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 03.12.2004 19:36:24 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini 28.01.2005 16:07:30 1857 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 04.12.2004 02:23:46 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini Checking files in %USERPROFILE%\Startup folder... 03.12.2004 19:36:24 HS 84 C:\Dokumente und Einstellungen\Patrick\Startmenü\Programme\Autostart\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 22.01.2005 17:39:52 871 C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\AdobeDLM.log 04.12.2004 02:23:46 HS 62 C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\desktop.ini 22.01.2005 17:39:52 0 C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\dm.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AntiVir/Win {a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQMenu {f802f260-519b-11d1-bb5d-0060974c6013} = C:\Programme\ICQ\ICQShExt.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win {a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQMenu {f802f260-519b-11d1-bb5d-0060974c6013} = C:\Programme\ICQ\ICQShExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{826B2228-BC09-49F2-B5F8-42CE26B1B711} C:\WINDOWS\adsldpbd.dll = C:\WINDOWS\adsldpbd.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll {8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0\bin\npjpi150.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6224f700-cba3-4071-b251-47cb894244cd} ButtonText = ICQ Pro : C:\PROGRA~1\ICQ\ICQ.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9} ButtonText = ICQ Lite : C:\Programme\ICQLite\ICQLite.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} ButtonText = eBay - Homepage : C:\Programme\IrfanView\Ebay\Ebay.htm [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} Media Band = %SystemRoot%\System32\browseui.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] NVMixerTray "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" LogitechVideoRepair C:\Programme\Logitech\Video\ISStart.exe LVCOMSX C:\WINDOWS\System32\LVCOMSX.EXE LogitechVideoTray C:\Programme\Logitech\Video\LogiTray.exe Logitech Utility Logi_MwX.Exe AVGCtrl C:\Programme\AVPersonal\AVGNT.EXE /min [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] LogitechSoftwareUpdate C:\Programme\Logitech\Video\ManifestEngine.exe boot LDM \Program\ SpybotSD TeaTimer C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup location Common Startup command C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE item Adobe Gamma Loader path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup location Common Startup command C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE item Adobe Gamma Loader HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup location Common Startup command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE item Adobe Reader - Schnellstart path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup location Common Startup command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE item Adobe Reader - Schnellstart HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Kodak EasyShare Software.lnk path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kodak EasyShare Software.lnk backup C:\WINDOWS\pss\Kodak EasyShare Software.lnkCommon Startup location Common Startup command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h item Kodak EasyShare Software path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kodak EasyShare Software.lnk backup C:\WINDOWS\pss\Kodak EasyShare Software.lnkCommon Startup location Common Startup command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h item Kodak EasyShare Software HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^KODAK Software Updater.lnk path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\KODAK Software Updater.lnk backup C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup location Common Startup command C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\BACKWE~1.EXE item KODAK Software Updater path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\KODAK Software Updater.lnk backup C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup location Common Startup command C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\BACKWE~1.EXE item KODAK Software Updater HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk backup C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup location Common Startup command C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start item Logitech Desktop Messenger path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk backup C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup location Common Startup command C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start item Logitech Desktop Messenger HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup location Common Startup command C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l item Microsoft Office path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup location Common Startup command C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l item Microsoft Office HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^Patrick^Startmenü^Programme^Autostart^Mousometer.lnk path C:\Dokumente und Einstellungen\Patrick\Startmenü\Programme\Autostart\Mousometer.lnk backup C:\WINDOWS\pss\Mousometer.lnkStartup location Startup command C:\PROGRA~1\MOUSOM~1\MOUSOM~1.EXE item Mousometer path C:\Dokumente und Einstellungen\Patrick\Startmenü\Programme\Autostart\Mousometer.lnk backup C:\WINDOWS\pss\Mousometer.lnkStartup location Startup command C:\PROGRA~1\MOUSOM~1\MOUSOM~1.EXE item Mousometer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item atiptaxx hkey HKLM command C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item atiptaxx hkey HKLM command C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item CloneCDTray hkey HKLM command "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item CloneCDTray hkey HKLM command "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ctfmon hkey HKCU command C:\WINDOWS\System32\ctfmon.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ctfmon hkey HKCU command C:\WINDOWS\System32\ctfmon.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools-1033 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item daemon hkey HKLM command "C:\Programme\D-Tools\daemon.exe" -lang 1033 inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item daemon hkey HKLM command "C:\Programme\D-Tools\daemon.exe" -lang 1033 inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ Lite key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ICQLite hkey HKLM command C:\Programme\ICQLite\ICQLite.exe -minimize inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ICQLite hkey HKLM command C:\Programme\ICQLite\ICQLite.exe -minimize inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LDM key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item BackWeb-8876480 hkey HKCU command C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item BackWeb-8876480 hkey HKCU command C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Utility key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Logi_MwX hkey HKLM command Logi_MwX.Exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Logi_MwX hkey HKLM command Logi_MwX.Exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnappau key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item msnappau hkey HKLM command "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe" inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item msnappau hkey HKLM command "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe" inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MsnMsgr hkey HKCU command "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MsnMsgr hkey HKCU command "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NeroCheck hkey HKLM command C:\WINDOWS\system32\NeroCheck.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NeroCheck hkey HKLM command C:\WINDOWS\system32\NeroCheck.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Programme\QuickTime\qttask.exe" -atboottime inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Programme\QuickTime\qttask.exe" -atboottime inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Steam hkey HKCU command D:\Steam\\Steam.exe -silent inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Steam hkey HKCU command D:\Steam\\Steam.exe -silent inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item jusched hkey HKLM command C:\Programme\Java\jre1.5.0\bin\jusched.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item jusched hkey HKLM command C:\Programme\Java\jre1.5.0\bin\jusched.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item winampa hkey HKLM command C:\Programme\Winamp\winampa.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item winampa hkey HKLM command C:\Programme\Winamp\winampa.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 DisableTaskMgr 0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop NoChangingWallPaper 0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 NoActiveDesktop 0 NoSaveSettings 0 ClassicShell 0 NoThemesTab 0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System DisableTaskMgr 0 NoColorChoice 0 NoSizeChoice 0 NoDispScrSavPage 0 NoDispCPL 0 NoVisualStyleChoice 0 NoDispSettingsPage 0 NoDispAppearancePage 0 NoDispBackgroundPage 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent = Ati2evxx.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gg = C:\WINDOWS\adsldpbd.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\st3 = C:\WINDOWS\system32\st3.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 11.11.2005 09:55:03 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.11.2005, 14:57
Ehrenmitglied
Beiträge: 29434 |
#9
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: C:\WINDOWS\system32\svchosts.dll C:\WINDOWS\system32\st3.dll C:\WINDOWS\adsldpbd.dll und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" PC neustarten Fixe mit dem HijackTHis: O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll (file missing) O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O15 - Trusted Zone: *.coolwebsearch.com O15 - Trusted Zone: *.searchmeup.com O20 - Winlogon Notify: gg - C:\WINDOWS\adsldpbd.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing) PC neustarten counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.11.2005, 17:47
Ehrenmitglied
Beiträge: 29434 |
#10
Zitat Dawid postetewenn du weiter doppeltpostest, werden deinen Anfragen nicht mehr beantwortet http://board.protecus.de/t19313-lastpage.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.11.2005, 20:36
...neu hier
Beiträge: 2 |
#11
Servus, bin neu im Board, vll. lern ich ja noch was. Aber ich denk mal zu diesen Forum folgendes... Man kann ja auch 1000km laufen, wenn der weg 5 km weit weg ist. Was ich damit meine ist folgendes. Hab genau den gleich shit auf dem rechner gehabt, was mich am meisten geärgert hat, ist die zuverlässigkeit vom antivir. Ein Kumpel lachte mich noch aus, weil er Norton benutzt, das ja angeblich besser sei.... Aber schwups, hat er genau den gleichen dreck. Wir sind grad dabei herrauszufinden, was wir gleiches am Pc treiben vl. sind es doch die schönen seiten im netz :-P ne Joke, aber folgendes. ...
Ich hab einfach Systemwiederherstellung gemacht, und bin Clean wie noch nie ... Postet bitte wenn ihr irgendetwas daran auszusetzten habt, vl. ist das ja nur ein großer fehler den ich da gemacht hab.. Aufjeden fall ist das ding weg, und ich muss mir nicht jede 2 minuten anhören:"'Your Cmputer is Infecdet, please use Antispy Software... bla bla bla"... Bis dann |
|
|
||
21.11.2005, 21:18
Ehrenmitglied
Beiträge: 29434 |
#12
Hallo@palm-bistro
ich schau mal nach ...interessiert mich kopiere hier die 4 Textdateien http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.11.2005, 22:02
...neu hier
Beiträge: 2 |
#13
Hallo Sabina ...
kenn dieses hijack nicht. Hab mich noch nie mit sowas beschäfftigt. mal ne frage... was machst du beruflich, weil du scheinst brutal begabt zu sein... Ich denke selber nicht dass ich den Virus vollständig damit vernichtet hab, bin aber aufjedenfall weiter als jeder andere hier in diesem forum.- manchmal liegt die antwort näher als man denkt sag ich mir immer mail back thx |
|
|
||
22.11.2005, 00:20
Ehrenmitglied
Beiträge: 29434 |
#14
Zitat kenn dieses hijack nichtdie datfindbat ist kein HijackThis, sondern zeigt mir was alles so auf dem PC versammelt ist Verzeichnis von C:\WINDOWS\system32 Verzeichnis von C:\DOKUME~1\Username\LOKALE~1\Temp Verzeichnis von C:\WINDOWS Verzeichnis von C:\ http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.11.2005, 18:17
...neu hier
Beiträge: 4 |
#15
das mistviech scheint extremst umzugehen, oder?
ich hab das auch bekommen. sitz hier schon paar h am rechner und versuch das teil runterzuschmeissen... hab wohl nur ad-aware und regcleaner. reicht das? |
|
|
||
Ich hoffe ihr könnt mir helfen
Hier mal der Log:
Logfile of HijackThis v1.99.1
Scan saved at 18:52:41, on 09.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\Patrick\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll (file missing)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102866605750
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/sv/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: bw+0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D769EEE5-714B-44A9-AB93-D30A24DC0DB2} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: gg - C:\WINDOWS\adsldpbd.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE