Bitte um Log-PrüfungThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
23.09.2006, 03:24
Member
Beiträge: 56 |
||
|
||
23.09.2006, 09:50
Member
Beiträge: 130 |
#2
Ich hoffe mal das war alles was du posten musst:
stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html « Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html edit (MOD) |
|
|
||
23.09.2006, 12:16
Ehrenmitglied
Beiträge: 29434 |
#3
magic2912
ich werde mehr oder weniger das hier abarbeiten, poste also alle Logs, die ich benoetige + was Terementor schon vorgearbeitet hat http://virus-protect.org/artikel/spyware/winmediacodec_remove.html 1. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was nach neustart erscheint -------------------------------------------------------------------------- 2. Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) {202a961f-23ae-42b1-9505-ffe3c818d717} {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} WinMediaCodec in edit und klicke "Ok". Notepad wird sich oeffnen - poste den TXT 3. poste das log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.09.2006, 13:20
Member
Themenstarter Beiträge: 56 |
#4
Hallo,
clean up habe ich ausgeführt. Hier zunächst die Logs: Verzeichnis von C:\WINDOWS\system32 23.09.2006 13:23 20.919 FFASTLOG.TXT 23.09.2006 13:22 2.206 wpa.dbl 15.09.2006 22:04 48.816 S32EVNT1.DLL 11.09.2006 19:37 8.960.936 MRT.exe 21.08.2006 14:26 16.896 fltlib.dll 21.08.2006 11:14 23.040 fltmc.exe 20.08.2006 02:46 375.542 perfh009.dat 20.08.2006 02:46 51.340 perfc009.dat 20.08.2006 02:46 386.058 perfh007.dat 20.08.2006 02:46 62.166 perfc007.dat 20.08.2006 02:46 882.678 PerfStringBackup.INI 07.08.2006 16:02 534.208 SymNeti.dll 07.08.2006 16:02 161.472 SymRedir.dll 28.07.2006 13:28 3.075.072 mshtml.dll 27.07.2006 15:25 679.424 inetcomm.dll 25.07.2006 22:33 615.936 urlmon.dll 21.07.2006 10:29 72.704 hlink.dll 16.07.2006 11:02 315.560 FNTCACHE.DAT 14.07.2006 17:38 332.288 netapi32.dll 14.07.2006 17:25 546.304 hhctrl.ocx 13.07.2006 15:34 8.494.592 shell32.dll 05.07.2006 12:55 1.057.792 kernel32.dll 26.06.2006 19:40 148.480 dnsapi.dll 26.06.2006 19:40 8.192 rasadhlp.dll 23.06.2006 13:10 664.576 wininet.dll 23.06.2006 13:10 1.494.016 shdocvw.dll 23.06.2006 13:10 474.624 shlwapi.dll 23.06.2006 13:10 39.424 pngfilt.dll 23.06.2006 13:10 146.432 msrating.dll 23.06.2006 13:10 532.480 mstime.dll 23.06.2006 13:10 448.512 mshtmled.dll 23.06.2006 13:10 96.768 inseng.dll 23.06.2006 13:10 1.056.256 danim.dll 23.06.2006 13:10 357.888 dxtmsft.dll 23.06.2006 13:10 16.384 jsproxy.dll 23.06.2006 13:10 1.022.976 browseui.dll 23.06.2006 13:10 205.312 dxtrans.dll 23.06.2006 13:10 251.392 iepeers.dll 23.06.2006 13:10 152.064 cdfview.dll 23.06.2006 13:10 55.808 extmgr.dll 23.06.2006 10:53 27.136 xpsp3res.dll Verzeichnis von C:\DOKUME~1\WOLFGA~1\LOKALE~1\Temp 23.09.2006 13:24 691 dfupdate.ini 23.09.2006 13:22 16.384 ~DF4643.tmp 23.09.2006 13:19 16.384 ~DF3726.tmp Verzeichnis von C:\WINDOWS 23.09.2006 13:23 702.907 setupapi.log 23.09.2006 13:20 7.680 Thumbs.db 23.09.2006 13:20 116 NeroDigital.ini 23.09.2006 13:18 6.104 ModemLog_Bluetooth DUN Modem.txt 23.09.2006 13:18 0 0.log 23.09.2006 13:18 3.846 ModemLog_Creatix V.92 Data Fax Modem.txt 23.09.2006 13:18 2.020 ModemLog_Bluetooth Fax Modem.txt 23.09.2006 13:18 159 wiadebug.log 23.09.2006 13:18 1.268.852 WindowsUpdate.log 23.09.2006 13:18 50 wiaservc.log 23.09.2006 13:17 2.048 bootstat.dat 23.09.2006 13:16 32.610 SchedLgU.Txt 23.09.2006 12:55 609 lexstat.ini 23.09.2006 12:54 262.144 offitems.log 22.09.2006 23:53 211 uno.ini 15.09.2006 00:47 139.850 comsetup.log 15.09.2006 00:47 70.068 iis6.log 15.09.2006 00:47 86.895 ntdtcsetup.log 15.09.2006 00:47 1.374 imsins.log 15.09.2006 00:47 23.877 ocmsn.log 15.09.2006 00:47 177.771 tsoc.log 15.09.2006 00:47 13.074 KB920685.log 15.09.2006 00:47 220.709 ocgen.log 15.09.2006 00:47 21.982 msgsocm.log 15.09.2006 00:47 421.523 FaxSetup.log 15.09.2006 00:47 1.374 imsins.BAK 15.09.2006 00:47 14.921 KB920872.log 15.09.2006 00:47 13.222 KB919007.log 15.09.2006 00:47 9.319 KB922582.log 15.09.2006 00:47 26.941 updspapi.log 07.09.2006 23:17 946 wininit.ini 03.09.2006 22:53 235 WISO.INI 03.09.2006 22:51 219 BUHL.INI 02.09.2006 00:10 939 win.ini 18.08.2006 20:47 18.329 KB920214.log 18.08.2006 20:47 18.044 KB921883.log 18.08.2006 20:47 17.895 KB922616.log 18.08.2006 20:47 18.295 KB921398.log 18.08.2006 20:46 21.233 KB918899.log 18.08.2006 20:46 12.117 KB920670.log 18.08.2006 20:46 12.275 KB917422.log 18.08.2006 20:46 12.525 KB920683.log 24.07.2006 01:17 262.144 outlook.pst 13.07.2006 11:11 11.835 KB917159.log 13.07.2006 11:11 12.381 KB914388.log 13.07.2006 11:11 10.497 KB916595.log 11.07.2006 23:28 118.784 bwUnin-7.2.0.157-8876480SL.exe 03.07.2006 01:26 46.018 wmsetup.log 27.06.2006 20:37 8.860 WgaNotify.log Verzeichnis von C:\ 23.09.2006 13:27 0 sys.txt 23.09.2006 13:26 10.235 system.txt 23.09.2006 13:26 385 systemtemp.txt 23.09.2006 13:24 110.180 system32.txt 23.09.2006 13:17 1.073.270.784 hiberfil.sys 23.09.2006 13:17 1.610.612.736 pagefile.sys 23.09.2006 13:07 240 datFind.zip 23.09.2006 13:06 127.378 avenger.zip 23.09.2006 03:11 212.849 hijackthis.zip 23.09.2006 00:37 4.917 ffastun.ffa 23.09.2006 00:37 1.093.632 ffastun.ffo 23.09.2006 00:37 892.928 ffastun.ffl 23.09.2006 00:37 2.068.480 ffastun0.ffx 01.09.2006 02:03 0 ToCaclLE.txt 01.09.2006 02:03 377 ToCaclLD.txt 16.07.2006 23:41 13.736.064 GoogleEarthWin.exe Und jetzt????? |
|
|
||
23.09.2006, 16:05
Ehrenmitglied
Beiträge: 29434 |
#5
magic2912
+ wende den avenger an, poste dann nach neustart den report + wende Registry Search an, wie ich angewiesen hatte + smitfraudfix anwenden (option1 und 2 , poste die reporte) http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.09.2006, 17:51
Member
Themenstarter Beiträge: 56 |
#6
Sorry, aber ich weiß nicht, was ich in den Avenger kopiren soll und auch nicht wohin. Da läßt sich doch nur Dateien öffen???
Und was soll das mir sagen...? registry keys to delete: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1559e6c1-7e5e-4461-9457-6a2dea85eb9f} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717} Files to delete: C:\WINDOWS\system32\titiau.dll Folders to delete: C:\Programme\WinMediaCodec C:\Programme\VirusBurst C:\Programme\Virus-Burst Bitte für einen Laien erklären... Danke! |
|
|
||
23.09.2006, 17:59
Member
Beiträge: 17 |
#7
im avanger die letzte option wählen:
Input manually scirpt dann rechts auf das lupen symbol klicken und das oben genannte einfügen: Zitat registry keys to delete:und dann auf die ampel klicken! |
|
|
||
23.09.2006, 20:12
Member
Themenstarter Beiträge: 56 |
#8
@Rene09
Danke, das hat mir geholfen: Das LOG: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\clpxvfnc ******************* Script file located at: \??\C:\kdmewnyl.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\titiau.dll not found! Deletion of file C:\WINDOWS\system32\titiau.dll failed! Could not process line: C:\WINDOWS\system32\titiau.dll Status: 0xc0000034 Folder C:\Programme\WinMediaCodec deleted successfully. Folder C:\Programme\VirusBurst not found! Deletion of folder C:\Programme\VirusBurst failed! Could not process line: C:\Programme\VirusBurst Status: 0xc0000034 Folder C:\Programme\Virus-Burst not found! Deletion of folder C:\Programme\Virus-Burst failed! Could not process line: C:\Programme\Virus-Burst Status: 0xc0000034 Warning --- HKLM\Software did not load within MAX_WAIT_ITERATIONS Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1559e6c1-7e5e-4461-9457-6a2dea85eb9f} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1559e6c1-7e5e-4461-9457-6a2dea85eb9f} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
23.09.2006, 20:21
Ehrenmitglied
Beiträge: 29434 |
#9
**
auf der Seite vom Avenger ist nicht nur der Download, sondern auch ein Beispiel der Anwendung + alle moegliche Bildchen zum Verstaendnis..man muss nur lesen ** smitfraudfix anwenden (option1 und 2 , poste die reporte) http://virus-protect.org/artikel/tools/smitfrautfix.html __________ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.09.2006, 20:26
Member
Themenstarter Beiträge: 56 |
#10
@Sabrina
wer lesen kann, ist klar im Vorteil: smitfraudfix mache ich gleich... Jetzt habe ich erst noch das hier: ComboFix 06.09.23.2 - Running from: "C:\" ((((((((((((((((((((((((((((((( Files Created from 2006-08-23 to 2006-09-23 )))))))))))))))))))))))))))))))))) 2006-09-23 20:28 276,406 --a------ C:\combofix.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-23 20:15 -------- d-------- C:\Programme\eMule.de 2006-09-23 18:47 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared 2006-09-23 13:08 -------- d-------- C:\Programme\CleanUp! 2006-09-23 10:18 -------- d-------- C:\Dokumente und Einstellungen\Wolfgang Diehl\Anwendungsdaten\Skype 2006-09-23 02:33 17408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS 2006-09-23 02:29 -------- d-------- C:\Programme\Symantec 2006-09-23 02:03 -------- d-------- C:\Programme\vb 2006-09-22 22:49 -------- d-------- C:\Programme\Norton Personal Firewall 2006-09-18 02:44 -------- d-------- C:\Programme\Deluxe Ski Jump 3 2006-09-17 19:43 -------- d-------- C:\Dokumente und Einstellungen\Wolfgang Diehl\Anwendungsdaten\Google 2006-09-17 02:29 -------- d-------- C:\Programme\Google 2006-09-15 22:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2006-09-01 02:01 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-21 01:10 10820 --a------ C:\Dokumente und Einstellungen\Wolfgang Diehl\Anwendungsdaten\wklnhst.dat 2006-08-18 20:46 -------- d-------- C:\Programme\Internet Explorer 2006-08-09 14:54 16000 --a------ C:\WINDOWS\system32\drivers\SipIMNDI.sys 2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll 2006-08-07 16:02 31936 --a------ C:\WINDOWS\system32\drivers\symids.sys 2006-08-07 16:02 28352 --a------ C:\WINDOWS\system32\drivers\symndis.sys 2006-08-07 16:02 24768 --a------ C:\WINDOWS\system32\drivers\symredrv.sys 2006-08-07 16:02 195776 --a------ C:\WINDOWS\system32\drivers\symtdi.sys 2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll 2006-08-07 16:02 110784 --a------ C:\WINDOWS\system32\drivers\symfw.sys 2006-08-07 16:01 12992 --a------ C:\WINDOWS\system32\drivers\symdns.sys 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-16 23:41 13736064 --a------ C:\GoogleEarthWin.exe 2006-07-11 23:28 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "WebCamRT.exe"="" "T-Online_Software_6\\WLAN-Access Finder"="C:\\Programme\\T-Online\\WLAN-Access Finder\\ToWLaAcF.exe /StartMinimized" "swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe" "eMuleAutoStart"="C:\\Programme\\eMule.de\\emule.exe -AutoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "AGRSMMSG"="AGRSMMSG.exe" "Keyboard Status"="C:\\PROGRA~1\\Medion\\KeyStat\\KeyStat.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\"" "LVCOMS"="C:\\Programme\\Gemeinsame Dateien\\Logitech\\QCDriver3\\LVCOMS.EXE" "LogitechGalleryRepair"="C:\\Programme\\Logitech\\ImageStudio\\ISStart.exe" "LogitechImageStudioTray"="C:\\Programme\\Logitech\\ImageStudio\\LogiTray.exe" "ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\"" "T-Online Dialerschutz-Software"="\"C:\\Programme\\T-Online\\Dialerschutz-Software\\defender.exe\"" "Lexmark X6100 Series"="\"C:\\Programme\\Lexmark X6100 Series\\lxbfbmgr.exe\"" "ToADiMon.exe"="C:\\Programme\\T-Online\\T-Online_Software_6\\Basis-Software\\Basis1\\ToADiMon.exe -TOnlineAutodialStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" |
|
|
||
23.09.2006, 20:39
Ehrenmitglied
Beiträge: 29434 |
#11
kopiere in den avenger
Zitat Folders to delete:dann wende smitfraudfix an __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.09.2006, 23:18
Member
Themenstarter Beiträge: 56 |
#12
So, Avenger und smitfraudfix angewendet. Hier die Logs:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\sftplfvm ******************* Script file located at: \??\C:\pudfrtwj.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Folder C:\Programme\vb deleted successfully. Completed script processing. ******************* Finished! Terminate. SmitFraudFix v2.99 Scan done at 23:23:14,56, 23.09.2006 Run from C:\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Wolfgang Diehl\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\WOLFGA~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme C:\Programme\eMedia Codec\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
||
24.09.2006, 01:14
Ehrenmitglied
Beiträge: 29434 |
#13
nun musst du auch Option 2 anwenden, dass es nicht nur gefunden, sondern auch geloescht wird
dann loesche das Backup vom Avenger unter c:\Avenger\backup.zip und dann sollte wieder alles o.k. sein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.09.2006, 01:35
Member
Themenstarter Beiträge: 56 |
#14
So, Option 2 auch ausgeführt und c:\Avenger\backup.zip gelöscht.
Log von SmitFraudFix v2.99 Scan done at 1:37:06,01, 24.09.2006 Run from C:\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
||
24.09.2006, 12:18
Ehrenmitglied
Beiträge: 29434 |
||
|
||
Logfile of HijackThis v1.99.1
Scan saved at 03:21:55, on 23.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\WinMediaCodec\pmsngr.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\WinMediaCodec\pmmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
C:\Programme\Logitech\ImageStudio\LogiTray.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Programme\eMule.de\emule.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programme\Lexmark X6100 Series\lxbfbmon.exe
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\STK013\STK013M.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
C:\Programme\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\DOKUME~1\WOLFGA~1\LOKALE~1\Temp\Temporäres Verzeichnis 5 für hijackthis.zip\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lang=2&prtr=4408001&ctry=00000407&os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Programme\WinMediaCodec\iesplugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\defender.exe"
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\eMule.de\emule.exe -AutoStart
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: STK013 PNP Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B51CC54-F369-460B-9184-22D51ABCF807} (empfaenger Element) - http://www.privat-akt.com/download/empfaengerProj1.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106843944468
O18 - Protocol: bw+0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C3AD1BFA-30E0-414B-A79A-4EAFD8889537} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Dialerschutz Dienst (DFSVC) - Unknown owner - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - T-Online International AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe