TR/Vundo.Gen Ich bekomme es nicht weg |
||
|---|---|---|
| #0
| ||
|
16.09.2006, 13:07
...neu hier
Beiträge: 8 |
||
 
|
|
|
|
16.09.2006, 15:33
Ehrenmitglied
 Beiträge: 29434 |
#2
poste ausser dem HijackThis hier folgende logs
http://board.protecus.de/t23188.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.09.2006, 03:31
...neu hier
Themenstarter Beiträge: 8 |
#3
ComboFix 06.09.14 - Running from: C:\Dokumente und Einstellungen\theQuAkE\Desktop\HiJackThis
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Programme\Gemeinsame Dateien\Y1123OU.exe ((((((((((((((((((((((((((((((( Files Created from 2006-08-17 to 2006-09-17 )))))))))))))))))))))))))))))))))) 2006-09-17 03:23 358 --a------ C:\Combo.bat (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-17 03:23 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-09-17 02:24 -------- d-------- C:\Programme\CleanUp! 2006-09-17 02:22 -------- d-------- C:\Programme\Save 2006-09-14 21:13 1163684 ---hs---- C:\WINDOWS\system32\hjllm.bak2 2006-09-14 17:46 -------- d-------- C:\Programme\ArcorOnline 2006-08-01 23:26 -------- d-------- C:\Programme\Rock 2006-07-15 14:58 57384 --a------ C:\WINDOWS\system32\AVSDA.DLL 2006-07-09 13:42 42920 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll 2006-07-02 18:47 569396 --------- C:\WINDOWS\system32\mlljh.dll 2006-07-01 14:56 39437 ---hs---- C:\WINDOWS\system32\ljjihee.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "LDM"="E:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "WhenUSave"="\"C:\\Programme\\Save\\Save.exe\"" "Arcor Online"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active] "PcSync"="E:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" "Steam"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HTpatch"="C:\\WINDOWS\\htpatch.exe" "SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "WinampAgent"="E:\\Programme\\Winamp\\winampa.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit" "DisableEHCI"="C:\\WINDOWS\\S4TSR.EXE" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe" "AnyDVD"="E:\\Programme\\AnyDVD\\AnyDVD.exe" "Arcor Online"="" "RemoteControl"="\"E:\\Programme\\PowerDVD 6\\PDVDServ.exe\"" "Zone Labs Client"="\"E:\\Programme\\ZoneAlarm\\zlclient.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active] "PSPVideo9"="E:\\Programme\\PSP9Video\\pspVideo9.exe -t" "MMTray"="C:\\Programme\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe" "PCSuiteTrayApplication"="E:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljh HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windwu32 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Completion time: 17.09.2006 3:26:13.74 ComboFix.txt ComboFix2.txt |
|
|
|
|
|
|
17.09.2006, 14:20
Ehrenmitglied
Beiträge: 29434 |
#4
Ahab
dich muss man um alles einzeln bitten..  , so kommen wir nie zur Reinigung der link, den ich dir gegeben hatte http://board.protecus.de/t23188.htm beinhaltet auch: + stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html + Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html ich hoffe, diesmal postest du alles, ansonsten artet meine Arbeit schon in spammen aus, immer wieder muss ich darauf hinweisen: poste das, poste jenes, ... und da ich meine Glaskugel gerade nicht zur hand habe - bin ich auf alle logs angewiesen, ich sitze nicht vor deinem Rechner , kann also nicht nachsehen.__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.09.2006, 21:43
...neu hier
Themenstarter Beiträge: 8 |
#5
Boar gibt es denn kein freeware programm dass das machen kann??? oder ne andere möglichkeit???
|
|
|
|
|
|
|
17.09.2006, 21:53
Ehrenmitglied
Beiträge: 29434 |
#6
wieso freeware ? ich sehe die Viren (wenn du mir die logs schickst), packe sie in den Avenger, ein Click und alles ist sauber
 Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
23.09.2006, 11:46
...neu hier
Themenstarter Beiträge: 8 |
#7
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04AB-D703 Verzeichnis von C:\WINDOWS\system32 23.09.2006 11:38 2.026 hjllm.ini 23.09.2006 03:20 87 ssprs.tgz 23.09.2006 03:20 73 ssprs.dll 23.09.2006 03:20 219 lsprst7.tgz 23.09.2006 03:20 205 lsprst7.dll 22.09.2006 23:18 54.111 vsconfig.xml 22.09.2006 23:17 29.204 nvapps.xml 19.09.2006 16:54 2.184 wpa.dbl 14.09.2006 21:13 1.163.684 hjllm.bak2 31.07.2006 13:41 4.212 zllictbl.dat 22.07.2006 15:25 139.648 FNTCACHE.DAT 15.07.2006 14:58 57.384 AVSDA.DLL 09.07.2006 13:42 42.920 vsutil_loc0407.dll 09.07.2006 13:42 392.824 vsdatant.sys 09.07.2006 13:42 71.672 zlcommdb.dll 09.07.2006 13:42 83.960 zlcomm.dll 09.07.2006 13:42 59.384 vswmi.dll 09.07.2006 13:42 100.344 vsxml.dll 09.07.2006 13:42 71.672 vsregexp.dll 09.07.2006 13:42 440.312 vsutil.dll 09.07.2006 13:42 104.440 vsmonapi.dll 09.07.2006 13:42 268.280 vspubapi.dll 09.07.2006 13:42 157.688 vsinit.dll 09.07.2006 13:42 83.960 vsdata.dll 06.07.2006 17:33 143 mcrh.tmp 02.07.2006 18:47 569.396 mlljh.dll 01.07.2006 14:56 39.437 ljjihee.dll 20.06.2006 23:32 796.584 libeay32_0.9.6l.dll 01.06.2006 16:10 98.304 CmdLineExt.dll 24.05.2006 15:39 157.696 rmoc3260.dll 24.05.2006 15:39 25.088 prefscpl.cpl 24.05.2006 15:39 5.632 pndx5032.dll 24.05.2006 15:39 6.656 pndx5016.dll 24.05.2006 15:39 278.528 pncrt.dll 13.05.2006 16:02 34.064 lhacm.acm Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 04AB-D703 Verzeichnis von C:\DOKUME~1\theQuAkE\LOKALE~1\Temp 23.09.2006 11:31 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}12133.html 23.09.2006 11:08 0 aax2DE.tmp 23.09.2006 11:08 0 aax2DD.tmp 23.09.2006 11:08 0 aax2DC.tmp 23.09.2006 11:06 0 aax2D8.tmp 23.09.2006 11:06 0 aax2D7.tmp 23.09.2006 10:30 0 aax2D3.tmp 23.09.2006 10:29 0 aax2CE.tmp 23.09.2006 10:29 0 aax2CD.tmp 23.09.2006 03:17 46.080 ~e5d141.tmp 22.09.2006 23:19 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}29577.html 22.09.2006 23:19 16.384 ~DF899D.tmp 22.09.2006 23:19 512 ~DF71A4.tmp 22.09.2006 23:19 16.384 ~DF7164.tmp 22.09.2006 23:14 2.085 mmreg.log 22.09.2006 23:12 16.384 ~DF54E3.tmp 22.09.2006 18:10 16.384 ~DFF1B5.tmp 20.09.2006 18:52 90.112 ~170.tmp 20.09.2006 18:18 16.384 Perflib_Perfdata_580.dat 20.09.2006 18:17 16.384 ~DFBA39.tmp 20.09.2006 18:17 512 ~DFB190.tmp 20.09.2006 18:17 16.384 ~DFB0A0.tmp 20.09.2006 18:17 16.384 ~DF9210.tmp 19.09.2006 22:00 16.384 ~DF9B69.tmp 19.09.2006 22:00 16.384 ~DF9480.tmp 19.09.2006 17:04 0 aax3.tmp 18.09.2006 18:14 16.384 ~DF48DA.tmp 18.09.2006 18:14 16.384 ~DF4470.tmp 18.09.2006 15:01 0 fla67.tmp 18.09.2006 15:00 0 fla64.tmp 18.09.2006 14:58 0 fla5C.tmp 18.09.2006 14:49 0 fla50.tmp 18.09.2006 14:48 0 fla4A.tmp 17.09.2006 08:23 238 1F1205F7.TMP 31.05.2006 22:56 24.613 IadHide5.dll 35 Datei(en) 362.721 Bytes 0 Verzeichnis(se), 4.311.756.800 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 04AB-D703 Verzeichnis von C:\WINDOWS 23.09.2006 11:05 116 NeroDigital.ini 23.09.2006 02:38 76 VUI.pref 22.09.2006 23:18 0 0.log 22.09.2006 23:17 159 wiadebug.log 22.09.2006 23:17 50 wiaservc.log 22.09.2006 23:17 2.048 bootstat.dat 22.09.2006 23:15 32.638 SchedLgU.Txt 15.09.2006 12:39 601.279 setupapi.log 01.08.2006 20:33 290.146 dp2_log.txt 01.07.2006 14:16 634 win.ini 06.06.2006 10:26 594 oleco.ini 02.06.2006 15:09 313.403 DirectX.log 31.05.2006 22:56 118.784 bwUnin-7.2.0.157-8876480SL.exe 28.05.2006 19:55 194.380 wmsetup.log 26.05.2006 13:52 114 oleco.ple 24.05.2006 16:45 2 msoffice.ini 24.05.2006 15:40 725 aolback.exe.lnk 24.05.2006 15:40 316.640 WMSysPr9.prx 24.05.2006 15:37 335 nsreg.dat 21.05.2006 14:32 237 IE4 Error Log.txt 21.05.2006 14:21 171.905 setupact.log 13.05.2006 21:54 754 WORDPAD.INI Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 04AB-D703 Verzeichnis von C:\ 23.09.2006 11:43 0 sys.txt 23.09.2006 11:43 5.696 windows.txt 23.09.2006 11:42 5.696 system.txt 23.09.2006 11:40 2.048 systemtemp.txt 23.09.2006 11:38 97.209 system32.txt 22.09.2006 23:17 805.306.368 pagefile.sys 17.09.2006 03:26 6.127 ComboFix.txt 17.09.2006 03:23 6.199 ComboFix2.txt 24.05.2006 15:40 758 IPH.PH 13.03.2006 17:46 0 MSDOS.SYS 13.03.2006 17:46 0 IO.SYS 13.03.2006 17:46 0 CONFIG.SYS 13.03.2006 17:46 0 AUTOEXEC.BAT 13.03.2006 17:39 194 boot.ini 18.08.2001 14:00 4.952 bootfont.bin 18.08.2001 14:00 45.124 NTDETECT.COM 18.08.2001 14:00 224.032 ntldr 17 Datei(en) 805.704.403 Bytes 0 Verzeichnis(se), 4.311.695.360 Bytes frei Hmmm....ich weiß echt nicht wie man da was sehen soll:-P (deshalb hab ich den virus auch noch). Aber egal ich hoffe das ist das Richtige. Ich hoffe man kann mir jetzt helfen. MFG Tobi |
|
|
|
|
|
|
23.09.2006, 11:55
Ehrenmitglied
Beiträge: 29434 |
#8
Ahab
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten nach dem neustart erscheint ein Log vom Avenger, kopiere es ab und hier rein --------------------------------------------------------- öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mousesports.comPC neustarten ** scanne mit vundofix http://virus-protect.org/artikel/tools/vundofixx.html ** poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
23.09.2006, 12:27
...neu hier
Themenstarter Beiträge: 8 |
#9
Boar danke!!!!
Das ging ja mal richtig schnell:-D Ich würd ja nen Orden verleien wenn ich einen hätte aber ich habe keinen also tut es auch ein imaginärer feuchtwarmer Händedruck;-). Ich meld mich noch mal wenn alles gut gegangen ist. |
|
|
|
|
|
|
23.09.2006, 12:31
Ehrenmitglied
Beiträge: 29434 |
#10
buegel noch mit diesem Proggie drueber und kopiere hier den scanreport
http://virus-protect.org/artikel/tools/superantispyware.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
23.09.2006, 12:58
...neu hier
Themenstarter Beiträge: 8 |
#11
Tadaaaa
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\prhjangs ******************* Script file located at: \??\C:\Program Files\dxdepblu.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\hjllm.ini deleted successfully. File C:\WINDOWS\system32\hjllm.bak2 deleted successfully. File C:\WINDOWS\system32\mcrh.tmp deleted successfully. File C:\WINDOWS\system32\mlljh.dll deleted successfully. File C:\WINDOWS\system32\ljjihee.dll deleted successfully. Folder C:\Programme\Save deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljh deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windwu32 deleted successfully. Completed script processing. ******************* Finished! Terminate. Das war der erste Streich und der zweit folgt so gleich Zweite Streich O20 - Winlogon Notify: mlljh - C:\WINDOWS\System32\mlljh.dll O20 - Winlogon Notify: windwu32 - windwu32.dll (file missing) Diese Zeilen hat mein Hijackthis nicht mehr angezeigt:-( habs tortzdem mal gemacht. Bei vundofix kommt die Meldung das er keine infizierten Dateien gefunden hat. Hie is mal der neue Log von HiJackThis Logfile of HijackThis v1.99.1 Scan saved at 13:26:12, on 23.09.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\htpatch.exe E:\Programme\Winamp\winampa.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\S4TSR.EXE C:\WINDOWS\System32\RunDll32.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe E:\Programme\AnyDVD\AnyDVD.exe E:\Programme\PowerDVD 6\PDVDServ.exe E:\Programme\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe E:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe E:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\Programme\Mozilla Firefox\firefox.exe E:\Programme\Opera\Opera.exe C:\Dokumente und Einstellungen\theQuAkE\Desktop\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Arcor R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] E:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [AnyDVD] E:\Programme\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [RemoteControl] "E:\Programme\PowerDVD 6\PDVDServ.exe" O4 - HKLM\..\Run: [Zone Labs Client] "E:\Programme\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LDM] E:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Word Pro. 2003\Office\OSA9.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8E9A81C5-535B-414F-9D5E-AB7E8AB4FD79}: NameServer = 213.20.220.67 193.189.244.205 O18 - Protocol: bw+0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Fs_eenrvebst - AVM GmbH - (no file) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Also jetzt muss ich noch bügeln. Macht das was aus wenn ich schon Antivir installiert hab??? Jetzt hab ich gebügelt^^ und das is mein Log. SUPERAntiSpyware Scan Log Generated 09/23/2006 at 03:07 PM Core Rules Database Version : 3090 Trace Rules Database Version: 1119 Memory threats detected : 0 Registry threats detected : 123 File threats detected : 36 Adware.Tracking Cookie C:\Dokumente und Einstellungen\theQuAkE\Cookies\thequake@rambler[2].txt C:\Dokumente und Einstellungen\theQuAkE\Cookies\thequake@indexstats[1].txt C:\Dokumente und Einstellungen\theQuAkE\Cookies\thequake@media.fastclick[1].txt C:\Dokumente und Einstellungen\theQuAkE\Cookies\thequake@ads.beamfile[1].txt C:\Dokumente und Einstellungen\theQuAkE\Cookies\thequake@cgi-bin[2].txt C:\Dokumente und Einstellungen\theQuAkE\Cookies\thequake@fastclick[2].txt C:\Dokumente und Einstellungen\theQuAkE\Cookies\thequake@winantivirus[2].txt C:\Dokumente und Einstellungen\theQuAkE\Cookies\thequake@de.winantivirus[2].txt C:\Dokumente und Einstellungen\theQuAkE\Cookies\thequake@doubleclick[1].txt C:\Dokumente und Einstellungen\theQuAkE\Cookies\thequake@as-eu.falkag[2].txt C:\Dokumente und Einstellungen\theQuAkE\Cookies\thequake@atwola[1].txt C:\Dokumente und Einstellungen\theQuAkE\Cookies\thequake@stats1.reliablestats[1].txt C:\Dokumente und Einstellungen\theQuAkE\Cookies\thequake@as1.falkag[2].txt Adware.WhenU HKCR\WUSN.1 HKCR\WUSN.1#WUSN_Id HKCR\ACM.ACMFactory HKCR\ACM.ACMFactory\CLSID HKCR\ACM.ACMFactory\CurVer HKCR\ACM.ACMFactory.1 HKCR\ACM.ACMFactory.1\CLSID HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID HKCR\AppId\ACM.DLL HKCR\AppId\ACM.DLL#AppID HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0 HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version HKLM\Software\WhenUSave HKLM\Software\WhenUSave#db_script_update HKLM\Software\WhenUSave#InstallDir HKLM\Software\WhenUSave#pats_url HKLM\Software\WhenUSave#pat_chunks_url HKLM\Software\WhenUSave#script_url HKLM\Software\WhenUSave#update_url HKLM\Software\WhenUSave#ver_url HKLM\Software\WhenUSave#Version HKLM\Software\WhenUSave#extra_url HKLM\Software\WhenUSave#extraver_url HKLM\Software\WhenUSave#ziptomsa_url HKLM\Software\WhenUSave#InstallTime HKLM\Software\WhenUSave#LastPartner HKLM\Software\WhenUSave#TotalPartner HKLM\Software\WhenUSave#newuser_rs HKLM\Software\WhenUSave#Partner HKLM\Software\WhenUSave#PartnerB HKLM\Software\WhenUSave#PartnerDesc HKLM\Software\WhenUSave#FullDBTime HKLM\Software\WhenUSave#HeartbeatTime HKLM\Software\WhenUSave#city HKLM\Software\WhenUSave#country HKLM\Software\WhenUSave#brandskin_url HKLM\Software\WhenUSave#brandstrip_rs HKLM\Software\WhenUSave#brandstrip_url HKLM\Software\WhenUSave#bstat_rs HKLM\Software\WhenUSave#himp_url HKLM\Software\WhenUSave#iptomsa_url HKLM\Software\WhenUSave#maxPopups_rs HKLM\Software\WhenUSave#redir3p_url HKLM\Software\WhenUSave#timedDBUpdate_rs HKLM\Software\WhenUSave#uninstalltag_rs HKLM\Software\WhenUSave#db_stamp_rs HKLM\Software\WhenUSave#db_server_update HKLM\Software\WhenUSave#MSA HKLM\Software\WhenUSave#db_local_update HKLM\Software\WhenUSave#SystemParam_rs HKLM\Software\WhenUSave#zip HKLM\Software\WhenUSave#UpdateTime HKLM\Software\WhenUSave#acm_rs HKLM\Software\WhenUSave#TotalPopup HKLM\Software\WhenUSave#HeartbeatCount HKLM\Software\WhenUSave#uninst_rs HKLM\Software\WhenUSave#uninstall_cmd_rs HKLM\Software\WhenUSave#fword_rs HKLM\Software\WhenUSave#dbc_chunks_rs HKLM\Software\WhenUSave#src_url HKLM\Software\WhenUSave#IPToMsaTime_rs HKLM\Software\WhenUSave#country_old_rs HKLM\Software\WhenUSave#city_old_rs HKLM\Software\WhenUSave#db_fail_cnt HKLM\Software\WhenUSave#UrlChangeCount HKLM\Software\WhenUSave#db_ver_update HKLM\Software\WhenUSave\Partners HKLM\Software\WhenUSave\Partners\EEPE HKLM\Software\WhenUSave\Partners\EEPE#Partner HKLM\Software\WhenUSave\Partners\EEPE#InstallTime HKLM\Software\WhenUSave\Partners\EEPE#PartnerDesc HKLM\Software\WhenUSave\Partners\EEPE#PartnerFile HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#HelpLink HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#UrlInfoAbout HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#UninstallString HKU\S-1-5-21-1214440339-261478967-725345543-1004\Software\WhenU C:\Dokumente und Einstellungen\theQuAkE\Startmenü\Programme\WhenU\Learn More About Save!.url C:\Dokumente und Einstellungen\theQuAkE\Startmenü\Programme\WhenU\Learn More About SaveNow.url C:\Dokumente und Einstellungen\theQuAkE\Startmenü\Programme\WhenU\Learn More About WhenU Save.url C:\Dokumente und Einstellungen\theQuAkE\Startmenü\Programme\WhenU\Learn More About WhenU SaveNow.url C:\Dokumente und Einstellungen\theQuAkE\Startmenü\Programme\WhenU\Uninstall.lnk C:\Dokumente und Einstellungen\theQuAkE\Startmenü\Programme\WhenU\WhenU Help Desk.lnk C:\Dokumente und Einstellungen\theQuAkE\Startmenü\Programme\WhenU\WhenU.com Website.url C:\Dokumente und Einstellungen\theQuAkE\Startmenü\Programme\WhenU C:\System Volume Information\_restore{5038E13F-235E-4FA3-86C7-D8CF94AFDCC5}\RP149\A0063254.exe C:\System Volume Information\_restore{5038E13F-235E-4FA3-86C7-D8CF94AFDCC5}\RP149\A0063255.exe C:\System Volume Information\_restore{5038E13F-235E-4FA3-86C7-D8CF94AFDCC5}\RP149\A0063256.exe C:\System Volume Information\_restore{5038E13F-235E-4FA3-86C7-D8CF94AFDCC5}\RP155\A0085916.exe C:\System Volume Information\_restore{5038E13F-235E-4FA3-86C7-D8CF94AFDCC5}\RP155\A0085917.exe C:\System Volume Information\_restore{5038E13F-235E-4FA3-86C7-D8CF94AFDCC5}\RP155\A0085918.exe E:\System Volume Information\_restore{E69C6E08-A39F-4B7A-90E8-5112C542B64C}\RP22\A0029980.exe Trojan.Unknown Origin HKLM\SOFTWARE\Microsoft\MSSMGR HKLM\SOFTWARE\Microsoft\MSSMGR#Data HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST HKLM\SOFTWARE\Microsoft\MSSMGR#PID HKLM\SOFTWARE\Microsoft\MSSMGR#Rid HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV HKLM\SOFTWARE\Microsoft\MSSMGR#LID HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR BearShare File Sharing Client E:\Programme\Bearshare\BearShare.exe C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BearShare.lnk C:\Dokumente und Einstellungen\theQuAkE\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk C:\Dokumente und Einstellungen\theQuAkE\Desktop\BearShare.lnk C:\System Volume Information\_restore{5038E13F-235E-4FA3-86C7-D8CF94AFDCC5}\RP156\A0085966.lnk C:\WINDOWS\Prefetch\BEARSHARE.EXE-0286C56D.pf Adware.Vundo Variant C:\System Volume Information\_restore{5038E13F-235E-4FA3-86C7-D8CF94AFDCC5}\RP155\A0085914.dll Unclassified.Unknown Origin E:\Programme\Logitech\Desktop Messenger\8876480\7.2.0.157-8876480SL\Program\Restart.exe Vielen Dank für die Hilfe Dieser Beitrag wurde am 23.09.2006 um 15:21 Uhr von Ahab editiert.
|
|
|
|
|
|
|
23.09.2006, 20:58
Ehrenmitglied
Beiträge: 29434 |
#12
fixe mit dem HijackThis, damit es aus dem Start kommt:..hat dort nichts verloren
Zitat O4 - HKCU\..\Run: [LDM] E:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exePC neustarten ** poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.09.2006, 02:39
...neu hier
Themenstarter Beiträge: 8 |
#13
Logfile of HijackThis v1.99.1
Scan saved at 02:39:16, on 24.09.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\htpatch.exe E:\Programme\Winamp\winampa.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\S4TSR.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe E:\Programme\AnyDVD\AnyDVD.exe E:\Programme\PowerDVD 6\PDVDServ.exe E:\Programme\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe E:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\Dokumente und Einstellungen\theQuAkE\Desktop\HiJackThis\HijackThis.exe E:\Programme\ICQLite\ICQLite.exe C:\Programme\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Arcor R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] E:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [AnyDVD] E:\Programme\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [RemoteControl] "E:\Programme\PowerDVD 6\PDVDServ.exe" O4 - HKLM\..\Run: [Zone Labs Client] "E:\Programme\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Word Pro. 2003\Office\OSA9.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{8E9A81C5-535B-414F-9D5E-AB7E8AB4FD79}: NameServer = 213.20.220.67 193.189.244.205 O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Fs_eenrvebst - AVM GmbH - (no file) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
|
|
24.09.2006, 13:04
Ehrenmitglied
Beiträge: 29434 |
#14
Ahab
das log sieht gut aus, falls es noch probleme geben sollte, melde dich __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.09.2006, 18:16
...neu hier
Themenstarter Beiträge: 8 |
#15
Danke
Werd mich auf jeden fall melden wenn noch was ist:-D |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Wenn ich meinen PC hochfahre dann kommen gleich mehrere Wahrnungen von Antivir (C:\WINDOWS\System32\mlljh.dll). Wenn ich dann "Löschen" Bestätige funktioniert bei mir nichts mehr. Bedeutet: ich kann keine Programme mehr öffnen oder meinen PC runterfahren.:-(
Ich hoffe ihr könnt mir helfen oder mir sagen woran man bei Hijack This erkännt was gelöscht werden muss.
Vielen, vielen dank im Voraus:-)
Logfile of HijackThis v1.99.1
Scan saved at 12:57:56, on 16.09.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\htpatch.exe
E:\Programme\Winamp\winampa.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\S4TSR.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
E:\Programme\AnyDVD\AnyDVD.exe
E:\Programme\PowerDVD 6\PDVDServ.exe
E:\Programme\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
E:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Save\Save.exe
E:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Dokumente und Einstellungen\theQuAkE\Desktop\HiJackThis\HijackThis.exe
C:\Programme\AntiVir PersonalEdition Classic\GUARDGUI.EXE
E:\Programme\Opera\Opera.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\theQuAkE\Desktop\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mousesports.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.mousesports.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.mousesports.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.mousesports.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.mousesports.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Arcor
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C1887926-DAC1-474B-9605-45CCA3AD3D55} - C:\WINDOWS\System32\mlljh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] E:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AnyDVD] E:\Programme\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Programme\PowerDVD 6\PDVDServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Programme\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] E:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Word Pro. 2003\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E9A81C5-535B-414F-9D5E-AB7E8AB4FD79}: NameServer = 213.20.220.67 193.189.244.205
O18 - Protocol: bw+0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8A3956AF-63A5-4DDF-9870-AF83288339EA} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: mlljh - C:\WINDOWS\System32\mlljh.dll
O20 - Winlogon Notify: windwu32 - windwu32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe