Virusbusters -was mit dem Logfile des HijackThis anzufangen? |
||
---|---|---|
#0
| ||
05.11.2006, 22:21
...neu hier
Beiträge: 6 |
||
|
||
05.11.2006, 22:48
Ehrenmitglied
Beiträge: 29434 |
#2
Neuvis
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb «« scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html ** scanne mit Nolop http://virus-protect.org/artikel/tools/nolop.html ___________________________________________________________ öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Programme\iVideoCodec\isaddon.dll (file missing) __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 05.11.2006 um 22:56 Uhr von Sabina editiert.
|
|
|
||
06.11.2006, 09:02
...neu hier
Themenstarter Beiträge: 6 |
#3
danke,danke und nochmals danke...hab gestern 4 stunden lang mit einem guten kumpel von mir am pc rumexperementiert und konnte nichts fixen und du schaffst es in Bruchteil einer sekunde...
hier noch die logs: avenger.txt: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ppdjlukh ******************* Script file located at: \??\C:\Program Files\jsbmnoeh.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\okkmtv.dll deleted successfully. Folder C:\Programme\VirusBursters not found! Deletion of folder C:\Programme\VirusBursters failed! Could not process line: C:\Programme\VirusBursters Status: 0xc0000034 Folder C:\Programme\iVideoCodec not found! Deletion of folder C:\Programme\iVideoCodec failed! Could not process line: C:\Programme\iVideoCodec Status: 0xc0000034 Folder C:\Programme\NetPumper deleted successfully. Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|bonspells deleted successfully. Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} deleted successfully. Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|wininet.dll Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|wininet.dll failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|VirusBursters Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|VirusBursters failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4375DC-9EB6-068E-24F1-A3F5CB3A1BF9} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4375DC-9EB6-068E-24F1-A3F5CB3A1BF9} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecsSoftwarePackage.chl not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecsSoftwarePackage.chl failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVZipEnchancer.Chl not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVZipEnchancer.Chl failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBursters not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBursters failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusbursters.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusbursters.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBursters not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBursters failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Rapport.txt: SmitFraudFix v2.119 Scan done at 8:41:46,85, 06.11.2006 Run from C:\Temp\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Notlop.log: NoLop! Log by Skate_Punk_21 Fix running from: C:\Temp [06.11.2006] [08:45:54] ---Infection Files Found/Removed--- NO INFECTION FILES FOUND - Cleaning Aborted. ---Listing AppData sub directories--- C:\Dokumente und Einstellungen\Eugen\Application Data\Microsoft wenn da noch was schlimmes rumschwirrt, dann wäre ich dnkbar, darüber bescheid zu wissen... nochmals tausenddank! |
|
|
||
06.11.2006, 10:31
Ehrenmitglied
Beiträge: 29434 |
#4
ich wuerde gern noch nach dem Swizzor-Trojaner graben, den du zusammen mit dem netpumper geladen hast look.zip laden - entpacken - look.bat - doppeltklicken - kopiere den Text ab, der erscheint http://virus-protect.org/zip/look.zip __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.11.2006, 20:13
...neu hier
Themenstarter Beiträge: 6 |
#5
hier ist es...
Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8C4A-3DD9 Verzeichnis von C:\Dokumente und Einstellungen\Eugen\Anwendungsdaten 24.07.2006 16:06 <DIR> Adobe 16.09.2006 16:11 <DIR> Ahead 07.10.2006 11:00 <DIR> Ashampoo 12.09.2006 18:04 <DIR> Babylon 03.10.2006 20:40 <DIR> CONVER~1 ConvertTemp 24.07.2006 23:50 <DIR> CORELP~1 Corel Photo Album 11.08.2006 10:53 <DIR> CYBERL~1 CyberLink 03.10.2006 02:34 <DIR> EACHHE~1 EachHeckBin 03.11.2006 08:52 37.992 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT 23.08.2006 16:17 <DIR> Help 07.08.2006 16:58 <DIR> ICQLite 18.08.2004 13:23 <DIR> IDENTI~1 Identities 18.07.2006 23:17 <DIR> Intel 24.07.2006 15:56 <DIR> LEADER~1 Leadertech 29.10.2006 17:05 <DIR> Locktime 07.08.2006 14:43 <DIR> MACROM~1 Macromedia 21.10.2006 23:11 <DIR> MAHJON~1 MahJong Suite 24.07.2006 23:09 <DIR> MCAFEE~1.COM McAfee.com Personal Firewall 24.07.2006 23:44 <DIR> MEDIAP~1 Media Player Classic 31.10.2006 17:44 <DIR> Mozilla 22.09.2006 15:27 <DIR> MYGAME~1 My Games 01.09.2006 02:00 <DIR> NETPUM~1 NetPumper 30.10.2006 10:59 <DIR> OPENOF~1.ORG OpenOffice.org2 07.08.2006 15:17 <DIR> Opera 03.10.2006 02:34 <DIR> PLUSCH~1 PlusChicWipe 03.10.2006 20:40 <DIR> Samsung 02.10.2006 21:48 <DIR> SolSuite 24.07.2006 23:51 <DIR> Sonic 18.07.2006 23:12 <DIR> Sun 24.07.2006 23:12 <DIR> Template 03.10.2006 20:40 <DIR> TEMPOR~1 Temporary 03.10.2006 20:40 <DIR> TRANSR~1 TransRender 05.11.2006 22:30 <DIR> uTorrent 1 Datei(en) 37.992 Bytes 32 Verzeichnis(se), 19.742.728.192 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8C4A-3DD9 Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten 07.08.2006 14:16 <DIR> ADISOF~1 adisoft AG 18.07.2006 23:21 <DIR> Adobe 07.10.2006 11:00 <DIR> ashampoo 11.08.2006 10:51 <DIR> CYBERL~1 CyberLink 18.07.2006 23:22 <DIR> INSTAL~1 InstallShield 18.07.2006 23:16 <DIR> Intel 03.10.2006 20:38 0 LAUNCH~1.DT LauncherAccess.dt 29.10.2006 17:00 <DIR> Locktime 18.07.2006 23:28 <DIR> McAfee 12.10.2006 05:48 <DIR> PROJEC~1 PROject MT 18.08.2004 13:27 <DIR> SBSI 18.07.2006 23:17 <DIR> Sonic 07.08.2006 16:16 <DIR> SPYBOT~1 Spybot - Search & Destroy 13.08.2006 18:07 <DIR> Trymedia 25.10.2006 13:13 <DIR> Web.de 25.10.2006 12:47 <DIR> WINDOW~1 Windows Genuine Advantage 1 Datei(en) 0 Bytes 15 Verzeichnis(se), 19.742.728.192 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8C4A-3DD9 Verzeichnis von C:\WINDOWS\tasks 04.08.2004 14:00 65 desktop.ini 06.11.2006 18:49 6 SA.DAT 2 Datei(en) 71 Bytes 0 Verzeichnis(se), 19.742.728.192 Bytes frei und,ist was???(hab jetzt schon wieder angst ) |
|
|
||
06.11.2006, 23:51
Ehrenmitglied
Beiträge: 29434 |
#6
ist der Swizzor-Trojaner, zusammen mit Netpumper geladen..............
Avenger Zitat Folders to delete:** scanne, stelle nach dem scan alles auf "remove" und poste den report http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
kann mir da jemand helfen?
hier ist mein logfile:
Logfile of HijackThis v1.99.1
Scan saved at 22:11:49, on 05.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe
C:\Programme\NetLimiter 2 Pro\nlsvc.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\stsystra.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Dell\Media Experience\DMXLauncher.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Dell\QuickSet\quickset.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\Opera\Opera.exe
C:\Temp\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de/hws/sb/dell-row/de/side.html?channel=de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.web.de/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.web.de/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.de/hws/sb/dell-row/de/side.html?channel=de
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Programme\iVideoCodec\isaddon.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8A4375DC-9EB6-068E-24F1-A3F5CB3A1BF9} - C:\DOKUME~1\Eugen\ANWEND~1\EACHHE~1\lies copy.exe (file missing)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Programme\PRMT7\PRMTIE\prmtie.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Programme\iVideoCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT7\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT7\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT7\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT7\PRMTIE\options.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS\system32\okkmtv.dll
O23 - Service: Web.de Browser Update (AdminSVC) - hablamax - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\adminsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programme\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe