services.exe macht probleme ... hohe CPU-Auslastung |
||
---|---|---|
#0
| ||
21.01.2007, 16:44
...neu hier
Beiträge: 8 |
||
|
||
21.01.2007, 17:44
Ehrenmitglied
Beiträge: 29434 |
#2
bugfisch
auf dem rechner ist der Warezov-Wurm http://virus-protect.org/artikel/spyware/warezov_remove.html ------------------------------------------------------------ «« poste dieses log http://virus-protect.org/artikel/tools/combofix.html «« stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html «« Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.01.2007, 17:59
...neu hier
Themenstarter Beiträge: 8 |
#3
COMBOFIX LOGFILE:
Administrator - 07-01-21 17:49:46,68 Service Pack 2 ComboFix 06.10.19 - Running from: "C:\Dokumente und Einstellungen\Administrator\Desktop\Hackertools" ((((((((((((((((((((((((((((((( Files Created from 2006-12-21 to 2007-01-21 )))))))))))))))))))))))))))))))))) 2007-01-21 17:40 89,527 --a------ C:\WINDOWS\system32\wstdactx.exe 2007-01-21 16:53 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-01-19 00:46 53,248 --ah----- C:\WINDOWS\system32\confatm.dll 2007-01-19 00:46 143,360 --ah----- C:\WINDOWS\system32\atmstat.dll 2007-01-19 00:45 40,960 --ah----- C:\WINDOWS\system32\atmperf.exe 2007-01-19 00:45 356,352 --ah----- C:\WINDOWS\system32\atmmgr32.dll 2007-01-19 00:34 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2007-01-16 10:12 53,248 --ah----- C:\WINDOWS\system32\isrprf32.dll 2007-01-16 10:12 49,152 --ah----- C:\WINDOWS\system32\diagisr.dll 2007-01-16 10:12 40,960 --ah----- C:\WINDOWS\system32\isrprov.exe 2007-01-16 10:12 28,672 --a------ C:\WINDOWS\system32\ipxwersv.dll 2007-01-16 10:12 24,576 --a------ C:\WINDOWS\system32\iproplus.dll 2007-01-16 10:12 16,384 --a------ C:\WINDOWS\system32\vp31srsv.exe 2007-01-16 10:12 114,688 --a------ C:\WINDOWS\system32\wstdactx.dll 2007-01-12 17:40 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys 2007-01-11 14:16 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2007-01-01 22:23 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-01-01 22:07 217,088 -ra------ C:\WINDOWS\system32\MafiaSetup.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-21 16:55 -------- d-------- C:\Programme\SUPERAntiSpyware 2007-01-21 16:52 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WholeSecurity 2007-01-21 16:30 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVG7 2007-01-21 16:25 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype 2007-01-19 14:30 -------- d-------- C:\Programme\Java 2007-01-19 00:34 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2007-01-15 22:10 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdcss 2007-01-14 18:50 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Azureus 2007-01-12 17:48 -------- d--h----- C:\Programme\InstallShield Installation Information 2007-01-12 17:48 -------- d-------- C:\Programme\QuickTime 2007-01-12 17:47 -------- d-------- C:\Programme\MUSICMATCH 2007-01-12 17:43 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Apple Computer 2007-01-12 09:26 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\teamspeak2 2007-01-01 22:23 -------- d-------- C:\Programme\Creative 2006-12-14 18:39 -------- d-------- C:\Programme\Internet Explorer 2006-12-14 18:38 -------- d-------- C:\Programme\Outlook Express 2006-12-14 18:38 -------- d-------- C:\Programme\Gemeinsame Dateien\System 2006-12-07 06:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-12-06 21:14 -------- d---s---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft 2006-12-05 23:02 -------- d-------- C:\Programme\Windows Media Player 2006-12-05 22:44 -------- d-------- C:\Programme\MIKSOFT 2006-11-29 23:30 -------- d-------- C:\Programme\Skype 2006-11-23 20:45 720896 --a------ C:\WINDOWS\iun6002ev.exe 2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-01 02:50 4608 --a------ C:\WINDOWS\system32\w95inf32.dll 2006-11-01 02:50 2272 --a------ C:\WINDOWS\system32\w95inf16.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "SUPERAntiSpyware"="C:\\Programme\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" "LDM"="F:\\Programme\\Logitech_Keyboard\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMan"="SOUNDMAN.EXE" "ASUS Probe"="f:\\AsusProbe\\AsusProb.exe" "Logitech Utility"="Logi_MwX.Exe" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="\"nwiz.exe\" /install" "NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "AVG7_CC"="\"F:\\PROGRA~1\\AVGANT~1\\avgcc.exe\" /STARTUP" "T-Online DSL-Manager"="\"C:\\Programme\\T-Online\\DSL-Manager\\TODslMgr.exe\"" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="F:\\PROGRA~1\\AVGANT~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="F:\\PROGRA~1\\AVGANT~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoDrives"=hex:00,00,00,00 "NoSharedDocuments"=hex:00,00,00,00 "NoRecentDocsHistory"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^RC.exe.lnk] "path"="C:\\Dokumente und Einstellungen\\Administrator\\Startmenü\\Programme\\Autostart\\RC.exe.lnk" "backup"="C:\\WINDOWS\\pss\\RC.exe.lnkStartup" "location"="Startup" "command"="F:\\PROGRA~1\\DVB-T\\RC.exe " "item"="RC.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atmdiag] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="atmconf" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\atmconf.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CloneCDTray" "hkey"="HKLM" "command"="\"F:\\Programme\\CloneCD\\CloneCDTray.exe\" /s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dic.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dic" "hkey"="HKLM" "command"="C:\\Dokumente und Einstellungen\\Administrator\\Desktop\\dic.exe s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQLite" "hkey"="HKLM" "command"="\"F:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "DWMRCS"=dword:00000002 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmmgr HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wstdactx [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job Completion time: 07-01-21 17:50:20.98 C:\ComboFix.txt ... 07-01-21 17:50 C:\ComboFix2.txt ... 06-12-14 20:05 C:\ComboFix3.txt ... 06-11-05 14:46 datfind: Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 603C-B2C1 Verzeichnis von C:\WINDOWS\system32 21.01.2007 17:53 43.573 nvapps.xml 21.01.2007 17:40 89.527 wstdactx.exe 21.01.2007 17:35 40.836 perfc009.dat 21.01.2007 17:35 314.508 perfh009.dat 21.01.2007 17:35 49.174 perfc007.dat 21.01.2007 17:35 320.094 perfh007.dat 21.01.2007 17:35 732.342 PerfStringBackup.INI 21.01.2007 14:24 2.206 wpa.dbl 19.01.2007 14:30 9.132 jupdate-1.5.0_10-b03.log 19.01.2007 00:46 143.360 atmstat.dll 19.01.2007 00:46 53.248 confatm.dll 19.01.2007 00:46 356.352 atmmgr32.dll 19.01.2007 00:45 40.960 atmperf.exe 16.01.2007 10:12 40.960 isrprov.exe 16.01.2007 10:12 49.152 diagisr.dll 16.01.2007 10:12 53.248 isrprf32.dll 16.01.2007 10:12 114.688 wstdactx.dll 16.01.2007 10:12 16.384 vp31srsv.exe 16.01.2007 10:12 28.672 ipxwersv.dll 16.01.2007 10:12 24.576 iproplus.dll 03.01.2007 00:19 10.980.776 MRT.exe 07.12.2006 06:29 2.374.472 wmvcore.dll 19.11.2006 21:03 8.891 jupdate-1.5.0_09-b03.log 09.11.2006 15:07 127.078 javaws.exe 09.11.2006 15:07 49.265 jpicpl32.cpl 09.11.2006 13:28 53.346 javaw.exe 09.11.2006 13:28 49.248 java.exe 08.11.2006 06:06 679.424 inetcomm.dll 05.11.2006 18:51 1.936 ikhcore.log 01.11.2006 02:58 16.832 amcompat.tlb 01.11.2006 02:58 23.392 nscompat.tlb 01.11.2006 02:50 2.272 w95inf16.dll 01.11.2006 02:50 4.608 w95inf32.dll Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 603C-B2C1 Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp 11.01.2007 14:16 24.613 IadHide5.dll 17.02.2006 16:55 143.360 SSUPDATE.EXE 2 Datei(en) 167.973 Bytes 0 Verzeichnis(se), 1.877.401.600 Bytes frei Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 603C-B2C1 Verzeichnis von C:\WINDOWS 21.01.2007 17:31 0 0.log 21.01.2007 17:31 1.102.225 WindowsUpdate.log 21.01.2007 17:31 159 wiadebug.log 21.01.2007 17:31 0 wiaservc.log 21.01.2007 17:30 2.048 bootstat.dat 21.01.2007 17:29 32.570 SchedLgU.Txt 21.01.2007 16:52 938.890 setupapi.log 21.01.2007 16:27 227 system.ini 21.01.2007 16:27 862 win.ini 21.01.2007 15:05 155 winamp.ini 21.01.2007 15:03 16 popcinfo.dat 19.01.2007 00:34 2.560 _MSRSTRT.EXE 19.01.2007 00:33 60.416 ALCFDRTM.VER 14.01.2007 19:19 783 eReg.dat 14.01.2007 18:21 635 Rtcw.INI 12.01.2007 17:42 1.409 QTFont.for 12.01.2007 17:42 54.156 QTFont.qfn 12.01.2007 17:42 635 GEARInstall.log 11.01.2007 14:16 179 LDM.log 11.01.2007 14:16 118.784 bwUnin-7.2.0.137-8876480SL.exe 11.01.2007 14:16 86 KE.log 11.01.2007 14:15 215.963 setupact.log 10.01.2007 22:00 347 cdplayer.ini 10.01.2007 15:05 38.583 MedCtrOC.log 10.01.2007 15:05 30.685 ehOCGen.log Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 603C-B2C1 Verzeichnis von C:\WINDOWS\Temp Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 603C-B2C1 Verzeichnis von C:\WINDOWS\Downloaded Program Files 17.01.2007 01:00 9.237 symaveng.cat 17.01.2007 01:00 32 virscant.dat 17.01.2007 01:00 4.033.733 virscan9.dat 17.01.2007 01:00 1.664.913 virscan8.dat 17.01.2007 01:00 6.003.538 virscan7.dat 17.01.2007 01:00 390.197 virscan6.dat 17.01.2007 01:00 2.504 catalog.dat 17.01.2007 01:00 3.200.757 virscan5.dat 17.01.2007 01:00 6.899 ecbootil.vxd 17.01.2007 01:00 320.186 virscan4.dat 17.01.2007 01:00 272.040 ecmsvr32.dll 17.01.2007 01:00 147.584 virscan3.dat 17.01.2007 01:00 570.042 virscan2.dat 17.01.2007 01:00 976.014 virscan1.dat 17.01.2007 01:00 106.244 virscan.inf 17.01.2007 01:00 2.261 v.sig 17.01.2007 01:00 4.778 v.grd 17.01.2007 01:00 124.536 naveng32.dll 17.01.2007 01:00 902.776 navex32a.dll 17.01.2007 01:00 3.072 tscan1hd.dat 17.01.2007 01:00 64.232 tscan1.dat 17.01.2007 01:00 1.957 tinfl.dat 17.01.2007 01:00 97.712 scrauth.dat 17.01.2007 01:00 148 tinfidx.dat 17.01.2007 01:00 453 tinf.dat 17.01.2007 01:00 224 zdone.dat 17.01.2007 01:00 1.061 symaveng.inf 17.01.2007 01:00 188.007 tcdefs.dat 17.01.2007 01:00 1.204.823 tcscan7.dat 17.01.2007 01:00 327.507 tcscan8.dat 17.01.2007 01:00 739.486 tcscan9.dat 02.11.2006 15:21 719.064 NpFv415.dll Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 603C-B2C1 Verzeichnis von C:\ 21.01.2007 17:55 0 sys.txt 21.01.2007 17:55 2.694 down.txt 21.01.2007 17:55 110 tmp.txt 21.01.2007 17:55 11.024 system.txt 21.01.2007 17:55 339 systemtemp.txt 21.01.2007 17:55 103.280 system32.txt 21.01.2007 17:50 11.424 ComboFix.txt 21.01.2007 17:41 13.824 dvb.GRF 21.01.2007 17:30 1.609.945.088 hiberfil.sys 21.01.2007 17:30 1.610.612.736 pagefile.sys 21.01.2007 16:27 389 boot.ini 10.01.2007 20:40 8.192 dvb4.GRF 14.12.2006 20:05 9.453 ComboFix2.txt 05.11.2006 19:01 5.740 avenger.txt 05.11.2006 19:00 1.228 VundoFix.txt 05.11.2006 18:48 40.008 vm404.log 05.11.2006 14:57 5.908 dirdat.txt 05.11.2006 14:46 9.967 ComboFix3.txt |
|
|
||
21.01.2007, 18:23
Ehrenmitglied
Beiträge: 29434 |
#4
bugfisch
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Registry values to replace with dummy:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» berichte, ob die windowsupdates funktionieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.01.2007, 19:05
...neu hier
Themenstarter Beiträge: 8 |
||
|
||
21.01.2007, 19:22
Ehrenmitglied
Beiträge: 29434 |
#6
es muesste wieder alles i.o. sein
loesche das backup vom avenger und leere den papierkorb __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.01.2007, 19:27
...neu hier
Themenstarter Beiträge: 8 |
#7
Bis jetzt ist alles okay ... ich melde mich wenn es nochmal Prtobleme gibt!
hast mir nun schon zum zweiten mal sehr sehr kompetent geholfen ... DANKESCHÖN!!!!!!!!! |
|
|
||
14.04.2007, 14:44
...neu hier
Beiträge: 1 |
#8
Hallo:
Auch ich habe das problem mit der services.exe. Ich habe mir einen Ipod nano gekauft und das seltsame ist: wenn ich ihn an den Pc klemme, geht die services.exe sofort auf 80prozent cpu auslastung hoch. Stecke ich den Ipod wieder ab, bleibt es dabei. Mit avenger habe ich das Problem lösen können (services blieb bei seinen üblichen beinahe 0%), steckte den Ipod wieder ein und sofort war der Wurm wieder da, er wird also irgendwo noch am schlummern sein. Ich werde nun wie in den folgenden Zeilen aufgeführt alles ins Post einfügen und hoffen, dass ihr mir helfen könnt den Fiesling zu besiegen, sonst heissts Windows neu aufspielen.. Vielen Dank schonmal ___________________________________ 1. «« poste dieses log http://virus-protect.org/artikel/tools/combofix.html 2. «« stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 3. «« Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html ___________________________________ 1. "Sankto" - 07-04-14 14:21:58 Service Pack 2 ComboFix 07-04-05.Rev3 - Running from: "E:\Dokumente und Einstellungen\Sankto\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) E:\Programme\install.log ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\Iprip -------\LEGACY_IPRIP ((((((((((((((((((((((((((((((( Files Created from 2007-03-14 to 2007-04-14 )))))))))))))))))))))))))))))))))) 2007-04-14 14:09 <DIR> d-------- E:\avenger 2007-04-14 01:16 <DIR> d-------- E:\DOKUME~1\Sankto\ANWEND~1\iSproggler 2007-04-14 00:01 <DIR> d-------- E:\DOKUME~1\LOCALS~1\ANWEND~1\Adobe 2007-04-13 12:01 <DIR> d-------- E:\Programme\iPod 2007-04-13 12:00 <DIR> d-------- E:\Programme\iTunes 2007-04-13 11:58 <DIR> d-------- E:\Programme\Apple Software Update 2007-04-05 01:00 108,144 --a------ E:\WINDOWS\system32\CmdLineExt.dll 2007-04-05 00:58 68,888 --a------ E:\WINDOWS\system32\xinput1_3.dll 2007-04-05 00:58 62,744 --a------ E:\WINDOWS\system32\xinput1_2.dll 2007-04-05 00:58 3,426,072 --a------ E:\WINDOWS\system32\d3dx9_32.dll 2007-04-05 00:58 251,672 --a------ E:\WINDOWS\system32\xactengine2_5.dll 2007-04-05 00:58 237,848 --a------ E:\WINDOWS\system32\xactengine2_4.dll 2007-04-05 00:58 236,824 --a------ E:\WINDOWS\system32\xactengine2_3.dll 2007-04-05 00:58 2,414,360 --a------ E:\WINDOWS\system32\d3dx9_31.dll 2007-04-05 00:58 2,297,552 --a------ E:\WINDOWS\system32\d3dx9_26.dll 2007-04-05 00:58 15,128 --a------ E:\WINDOWS\system32\x3daudio1_1.dll 2007-03-31 13:01 21,840 --a------ E:\WINDOWS\system32\SIntfNT.dll 2007-03-31 13:01 17,212 --a------ E:\WINDOWS\system32\SIntf32.dll 2007-03-31 13:01 12,067 --a------ E:\WINDOWS\system32\SIntf16.dll 2007-03-25 02:41 <DIR> d-------- E:\DOKUME~1\Sankto\ANWEND~1\dvdcss 2007-03-21 23:43 <DIR> d-------- E:\Meine Musik 2007-03-21 21:24 <DIR> d-------- E:\DOKUME~1\ALLUSE~1\ANWEND~1\Google 2007-03-20 21:51 <DIR> d-------- E:\Programme\hamachi 2007-03-19 00:08 54,784 --a------ E:\WINDOWS\system32\MSVCI70.DLL 2007-03-19 00:08 51,584 --a------ E:\WINDOWS\system32\drivers\i8042prt.sys 2007-03-19 00:08 37,887 --------- E:\WINDOWS\system32\drivers\Lhidusb.sys 2007-03-19 00:08 24,064 --a------ E:\WINDOWS\system32\drivers\kbdclass.sys 2007-03-19 00:08 14,095 --------- E:\WINDOWS\system32\drivers\LCCFLTR.SYS 2007-03-19 00:08 12,953 --a------ E:\WINDOWS\system32\drivers\itchfltr.sys 2007-03-19 00:08 1,060,864 --a------ E:\WINDOWS\system32\MFC71.dll 2007-03-19 00:08 <DIR> d-------- E:\Programme\Logitech 2007-03-19 00:08 <DIR> d-------- E:\Programme\Gemeinsame Dateien\Logitech 2007-03-18 03:13 <DIR> d-------- E:\Programme\EA Games 2007-03-17 02:46 <DIR> d-------- E:\DOKUME~1\Sankto\ANWEND~1\vlc (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-14 14:17 -------- d-------- E:\Programme\mozilla thunderbird 2007-04-14 14:15 -------- d-------- E:\Programme\icq 2007-04-13 12:00 -------- d-------- E:\Programme\quicktime 2007-04-05 01:33 -------- d--h----- E:\Programme\installshield installation information 2007-04-04 10:26 1324 --a------ E:\WINDOWS\system32\d3d9caps.dat 2007-03-25 14:56 48156 --a------ E:\WINDOWS\system32\perfc007.dat 2007-03-25 14:56 316594 --a------ E:\WINDOWS\system32\perfh007.dat 2007-03-18 03:40 992 --a------ E:\WINDOWS\ereg.dat 2007-03-17 02:45 -------- d-------- E:\Programme\vlc 2007-03-16 16:10 152064 --a------ E:\WINDOWS\snap.dat 2007-03-04 23:19 -------- d-------- E:\Programme\java 2007-02-05 02:30 94636 --a------ E:\WINDOWS\dropcpyr.dll 2007-02-05 02:30 73728 --a------ E:\WINDOWS\copyfstq.exe 2007-02-03 19:58 7009 --a------ E:\WINDOWS\mozver.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ICQ Plus"="\"E:\\Programme\\ICQ\\vplus.exe\"" "iSproggler"="\"E:\\Dokumente und Einstellungen\\Sankto\\Desktop\\iSproggler-1.0.1\\iSproggler\\iSproggler.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ"="E:\\Programme\\ICQ\\ICQ.exe -trayboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SunJavaUpdateSched"="\"E:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "BootSkin Startup Jobs"="\"E:\\PROGRA~1\\BootSkin\\BootSkin.exe\" /StartupJobs" "NeroFilterCheck"="E:\\WINDOWS\\system32\\NeroCheck.exe" "avgnt"="\"E:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "Mirabilis ICQ"="E:\\Programme\\ICQ\\ICQNet.exe" "WinampAgent"="E:\\Programme\\Winamp\\winampa.exe" "NvCplDaemon"="RUNDLL32.EXE E:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE E:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit" "Resume copy"="copyfstq.exe /startup" "zBrowser Launcher"="E:\\Programme\\Logitech\\iTouch\\iTouch.exe" "iTunesHelper"="\"E:\\Programme\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96ff2a3e-2ec3-11da-aca9-000c76b619c8}] Shell\AutoRun\command H:\setup.exe Contents of the 'Scheduled Tasks' folder E:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-14 14:25:09 E:\ComboFix-quarantined-files.txt ... 07-04-14 14:25 2. ausgeführt :-) 3. Datentr„ger in Laufwerk E: ist WINDOOF Volumeseriennummer: ACD4-B456 Verzeichnis von E:\WINDOWS\system32 14.04.2007 14:09 81.193 nvapps.xml 14.04.2007 14:09 291.357 ikhcore.log 09.04.2007 13:15 2.262 wpa.dbl 05.04.2007 01:00 108.144 CmdLineExt.dll 04.04.2007 10:26 1.324 d3d9caps.dat 31.03.2007 13:01 21.840 SIntfNT.dll 31.03.2007 13:01 17.212 SIntf32.dll 31.03.2007 13:01 12.067 SIntf16.dll 25.03.2007 14:56 48.156 perfc007.dat 25.03.2007 14:56 39.992 perfc009.dat 25.03.2007 14:56 316.594 perfh007.dat 25.03.2007 14:56 311.604 perfh009.dat 25.03.2007 14:56 723.744 PerfStringBackup.INI 04.03.2007 23:19 9.857 jupdate-1.5.0_11-b03.log 16.02.2007 10:54 65.536 QuickTimeVR.qtx 16.02.2007 10:54 49.152 QuickTime.qts 08.01.2007 09:45 9.132 jupdate-1.5.0_10-b03.log Datentr„ger in Laufwerk E: ist WINDOOF Volumeseriennummer: ACD4-B456 Verzeichnis von E:\DOKUME~1\Sankto\LOKALE~1\Temp Datentr„ger in Laufwerk E: ist WINDOOF Volumeseriennummer: ACD4-B456 Verzeichnis von E:\WINDOWS 14.04.2007 14:09 0 0.log 14.04.2007 14:09 1.654.539 WindowsUpdate.log 14.04.2007 14:09 159 wiadebug.log 14.04.2007 14:09 0 wiaservc.log 14.04.2007 14:09 2.048 bootstat.dat 14.04.2007 14:08 32.560 SchedLgU.Txt 14.04.2007 11:24 177.199 setupact.log 13.04.2007 14:41 719.185 setupapi.log 07.04.2007 13:24 556.305 DirectX.log 29.03.2007 18:57 116 NeroDigital.ini 18.03.2007 03:40 992 eReg.dat 16.03.2007 16:46 1.774 win.ini 16.03.2007 16:21 31.210 wmsetup.log 16.03.2007 16:10 152.064 snap.dat 05.02.2007 02:30 94.636 dropcpyr.dll 05.02.2007 02:30 73.728 copyfstq.exe 03.02.2007 19:58 7.009 mozver.dat 01.02.2007 21:15 32 WININIT.INI Datentr„ger in Laufwerk E: ist WINDOOF Volumeseriennummer: ACD4-B456 Verzeichnis von E:\WINDOWS\Temp Datentr„ger in Laufwerk E: ist WINDOOF Volumeseriennummer: ACD4-B456 Verzeichnis von E:\WINDOWS\Downloaded Program Files Datentr„ger in Laufwerk E: ist WINDOOF Volumeseriennummer: ACD4-B456 Verzeichnis von E:\ 14.04.2007 14:40 0 sys.txt 14.04.2007 14:39 640 down.txt 14.04.2007 14:38 283 tmp.txt 14.04.2007 14:38 5.710 system.txt 14.04.2007 14:38 128 systemtemp.txt 14.04.2007 14:36 104.451 system32.txt 14.04.2007 14:28 7.503 ComboFix.txt 14.04.2007 14:25 592 ComboFix-quarantined-files.txt 14.04.2007 14:09 7.794 avenger.txt 14.04.2007 14:09 805.306.368 pagefile.sys 13.04.2007 17:47 29.768 nvlhocuf.txt Dieser Beitrag wurde am 14.04.2007 um 15:09 Uhr von Gannijyet editiert.
|
|
|
||
Folgendes:
Mein PC spinnt 2 Tage nun schon, in umbestimmten Zeitabständen wird mein PC sehr langsam, dann mache ich den TaskManager auf und sehe das der Task: "services.exe" eine CPU Auslstung von ca. 80% verursacht, gliechzeitig sehe ich in meinem T-Online Speedmanager, das wie wild der upload und der download läuft (obwohl ich kein Programm anhabe, welche Bandbreite nutzen würde)
Es regt tierisch auf, heir schonmal vorab den hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 16:44:41, on 21.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\AVGANT~1\avgamsvr.exe
F:\PROGRA~1\AVGANT~1\avgemc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
F:\Programme\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
F:\Programme\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
F:\AsusProbe\AsusProb.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
F:\PROGRA~1\AVGANT~1\avgcc.exe
C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
F:\Programme\Logitech_Keyboard\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
F:\Programme\Miranda IM\miranda32.exe
F:\PROGRA~1\AVGANT~1\avgwb.dat
F:\Programme\DVB-T\RC.exe
C:\WINDOWS\System32\wstdactx.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Administrator\Desktop\Hackertools\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.l-taun.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.l-taun.de
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ftp.maxdata.de/t_index.asp?info=/info/Belinea_Treiber_Driver
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explodierer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Probe] f:\AsusProbe\AsusProb.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] "F:\PROGRA~1\AVGANT~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LDM] F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Programme\Logitech_Keyboard\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O18 - Protocol: bw+0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {41ADE7ED-9497-4ED4-98BA-EB3F5A1A8D84} - F:\Programme\Logitech_Keyboard\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ipxwersv.dll e1.dll diagisr.dll confatm.dll atmstat.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: atmmgr - C:\WINDOWS\SYSTEM32\atmmgr32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: wstdactx - C:\WINDOWS\system32\wstdactx.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\AVGANT~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\AVGANT~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Programme\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - F:\Programme\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: WMI-Leistungsadapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
bitte um schnell und gute antworten ... danke im vorraus