Home » Viren, Trojaner & Malware Forum » services.exe datei kommt jeden Tag wieder... » Themenansicht
services.exe datei kommt jeden Tag wieder... |
||
|---|---|---|
| #0
| ||
|
11.02.2007, 08:55
Member
Beiträge: 86 |
||
 
|
|
|
|
11.02.2007, 16:47
Ehrenmitglied
 Beiträge: 29434 |
#2
Saitek
«« Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\«« poste dieses log http://virus-protect.org/artikel/tools/combofix.html »» poste dieses log http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
11.02.2007, 18:25
Member
Themenstarter Beiträge: 86 |
#3
bei der bat datei , steht das ich die nit öffnen kann >.<
Log von Combofix : "Besitzer" - 07-02-11 18:17:56 Service Pack 2 ComboFix 07-02-11 - Running from: "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien" ((((((((((((((((((((((((((((((( Files Created from 2007-01-11 to 2007-02-11 )))))))))))))))))))))))))))))))))) 2007-02-09 17:24 <DIR> d-------- C:\Programme\ArtMoney 2007-02-09 17:13 <DIR> d-------- C:\Programme\EA SPORTS 2007-02-08 16:49 <DIR> d-------- C:\Programme\Soldier of Fortune II - Double Helix GOLD 2007-02-03 18:28 <DIR> d-------- C:\WINDOWS\system32\quicktime 2007-02-03 18:28 <DIR> d-------- C:\Programme\MP4 Video Player 2007-02-03 18:20 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-02-03 18:20 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-02-03 18:20 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-02-03 18:20 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-02-03 18:20 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-02-03 18:16 <DIR> d-------- C:\Programme\GustoSoft 2007-01-20 14:31 <DIR> d-------- C:\Programme\ffdshow 2007-01-14 19:26 <DIR> d-------- C:\Programme\TrackMania 2007-01-12 19:08 <DIR> d-------- C:\WINDOWS\ie7updates (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-02-10 18:38 -------- d-------- C:\DOKUME~1\Besitzer\Anwendungsdaten\temp 2007-02-09 17:33 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll 2007-02-09 17:20 -------- d--h----- C:\Programme\installshield installation information 2007-02-09 15:02 -------- d-------- C:\Programme\silkroad 2007-02-08 16:47 -------- d-------- C:\Programme\hlsw 2007-01-22 14:13 -------- d-------- C:\Programme\google 2007-01-22 14:11 -------- d-------- C:\DOKUME~1\Besitzer\Anwendungsdaten\google 2007-01-19 18:39 -------- d-------- C:\Programme\windows media connect 2 2007-01-12 21:10 -------- d-------- C:\DOKUME~1\Besitzer\Anwendungsdaten\skype 2006-12-27 21:15 -------- d-------- C:\Programme\anno 1701 2006-12-27 17:08 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2006-12-27 17:08 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2006-12-18 16:47 -------- dr-h----- C:\DOKUME~1\Besitzer\Anwendungsdaten\securom 2006-12-05 17:22 1748 --a------ C:\WINDOWS\system32\tmp.reg 2006-12-01 15:11 503808 --a------ C:\WINDOWS\system32\xreglib.dll 2006-12-01 14:43 1177 --a------ C:\WINDOWS\mozver.dat 2006-12-01 05:20 79360 --a------ C:\WINDOWS\system32\swxcacls.exe 2006-11-29 18:41 0 --a------ C:\WINDOWS\nsreg.dat 2006-11-17 14:29 533 --a------ C:\WINDOWS\ereg.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "Steam"="\"c:\\valve\\steam\\steam.exe\" -silent" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="cskew.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 ******************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-02-11 18:19:13 Winpfind : WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 7.0.5730.11 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... UPX! 9/19/2006 4:58:12 PM 205093 C:\WINDOWS\SYSTEM32\cftmon.exe aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll aspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll aspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll aspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll PEC2 8/4/2004 1:00:00 PM 41118 C:\WINDOWS\SYSTEM32\dfrg.msc UPX! 9/19/2006 4:57:58 PM 221101 C:\WINDOWS\SYSTEM32\mhUpdate.exe PECompact2 1/3/2007 12:19:44 AM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe aspack 1/3/2007 12:19:44 AM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe aspack 8/4/2004 1:00:00 PM 733696 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 8/4/2004 1:00:00 PM 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 4/27/2006 4:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe UPX! 8/29/2006 6:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe UPX! 1/9/2006 9:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe UPX! 12/1/2006 5:20:34 AM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe winsync 8/4/2004 1:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu PEC2 11/3/2006 10:02:58 AM 8282112 C:\WINDOWS\SYSTEM32\wmploc.dll Checking %System%\Drivers folder and sub-folders... Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 2/11/2007 8:46:16 AM S 2048 C:\WINDOWS\bootstat.dat 12/22/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat 2/11/2007 6:19:16 PM H 81920 C:\WINDOWS\system32\config\default.LOG 2/11/2007 8:46:20 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG 2/11/2007 12:01:40 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 2/11/2007 6:19:16 PM H 290816 C:\WINDOWS\system32\config\software.LOG 2/11/2007 6:19:04 PM H 266240 C:\WINDOWS\system32\config\system.LOG 1/12/2007 7:08:54 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 1/31/2007 1:22:10 PM S 1039 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 1/31/2007 1:22:10 PM S 126 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 1/4/2007 10:02:14 AM H 0 C:\WINDOWS\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf 12/29/2006 8:30:18 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\c383f7f3-b560-4a39-8d9e-712f15297274 12/29/2006 8:30:18 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred 1/1/2007 10:25:24 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\aa31284a-0c4d-4336-8980-a7322845b078 1/1/2007 10:25:24 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 2/11/2007 8:46:20 AM H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... 8/19/2003 8:20:04 AM 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 70656 C:\WINDOWS\SYSTEM32\access.cpl Realtek Semiconductor Corp. 9/21/2005 3:25:50 AM R 299008 C:\WINDOWS\SYSTEM32\ALSndMgr.Cpl Microsoft Corporation 8/4/2004 1:00:00 PM 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 138240 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 10/17/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 133120 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 381440 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 69632 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 11/10/2005 12:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl 10/10/2005 2:49:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl Realtek Semiconductor Corp. 1/10/2006 6:58:40 AM R 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.Cpl Microsoft Corporation 8/4/2004 1:00:00 PM 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 5/26/2005 3:16:22 AM 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 70656 C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 555008 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 138240 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 157184 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 10/17/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 133120 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 69632 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 625152 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 260096 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 117248 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 159744 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 303104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl Microsoft Corporation 8/4/2004 1:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl Microsoft Corporation 5/26/2005 3:16:22 AM 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 5/27/2006 11:21:44 AM HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini 5/28/2006 4:44:02 PM 1857 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk 5/28/2006 4:42:32 PM 1610 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 6/27/2006 9:16:58 PM 305 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html 5/27/2006 12:13:54 PM HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini Checking files in %USERPROFILE%\Startup folder... 5/27/2006 11:21:44 AM HS 84 C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 5/27/2006 12:13:54 PM HS 62 C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\desktop.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} SSVHelper Class = C:\Programme\Java\jre1.5.0_06\bin\ssv.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} Windows Live Sign-in Helper = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\system32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9} ButtonText = ICQ Lite : C:\Programme\ICQLite\ICQLite.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-Band = %SystemRoot%\system32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = : {EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar : {855F3B16-6D32-4FE6-8A56-BBB695989046} = : {96EBBE6A-2864-4345-B32B-26EE9BE524B5} = : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] nwiz nwiz.exe /install NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit RTHDCPL RTHDCPL.EXE Alcmtr ALCMTR.EXE NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe SunJavaUpdateSched C:\Programme\Java\jre1.5.0_06\bin\jusched.exe ICQ Lite "C:\Programme\ICQLite\ICQLite.exe" -minimize avgnt "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] LDM C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe MsnMsgr "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background MSMSGS "C:\Programme\Messenger\msmsgs.exe" /background Steam "c:\valve\steam\steam.exe" -silent ctfmon.exe C:\WINDOWS\system32\ctfmon.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] ICQ Lite C:\Programme\ICQLite\ICQLite.exe -trayboot [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll WPDShServiceObj {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = cskew.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 2/11/2007 6:24:23 PM |
|
|
|
|
|
|
11.02.2007, 18:55
Ehrenmitglied
Beiträge: 29434 |
#4
Saitek
virustotal Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen http://www.virustotal.com/flash/index_en.html C:\WINDOWS\SYSTEM32\mhUpdate.exe C:\WINDOWS\SYSTEM32\cftmon.exe poste die reporte ----------------------------------------------------------- 1. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken Zitat REGEDIT42. öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" Zitat F2 - REG:system.ini: Shell=explorer.exe C:\RECYCLER\services.exe3. Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ---------------------------- »» scanne und poste den scanreport http://virus-protect.org/artikel/tools/fixwareout.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
12.02.2007, 13:21
Member
Themenstarter Beiträge: 86 |
#5
Das mit Virustotal will irgendwie nicht zeigt mir die ganze Zeit an das die Website nicht gefunden werden konnte .
Das mit Avenger hat wohl geklappt , nach dem Neustart kam nix wo sich die Datei öffnen will also is se wohl weg  Fixwareout lässt sich nit öffnen zeigt mir nur fehler an ... Soll ich nochmal nen Log von HijackThis posten oder is die Datei 100% weg? MfG |
|
|
|
|
|
|
12.02.2007, 13:41
Ehrenmitglied
Beiträge: 29434 |
#6
ja, poste das neue log vom Hijackthis
+ das neue log von winpfind __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
12.02.2007, 16:20
Member
Themenstarter Beiträge: 86 |
#7
Logfile of HijackThis v1.99.1
Scan saved at 16:15:24, on 12.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\SetPoint\KEM.exe C:\Programme\Logitech\SetPoint\KHALMNPR.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://silkroad-center.planet-multiplayer.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [fpagclmg] C:\cblywovn.bat O4 - HKLM\..\Run: [kxjfdjjj] C:\ycdrdlvg.bat O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O18 - Protocol: bw+0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Winpfind WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 7.0.5730.11 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... UPX! 19.09.2006 16:58:12 205093 C:\WINDOWS\SYSTEM32\cftmon.exe aspack 18.03.2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll aspack 26.05.2005 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll aspack 22.07.2005 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll aspack 05.12.2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll aspack 03.02.2006 08:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll aspack 31.03.2006 12:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll PEC2 04.08.2004 13:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc UPX! 19.09.2006 16:57:58 221101 C:\WINDOWS\SYSTEM32\mhUpdate.exe PECompact2 03.01.2007 00:19:44 10980776 C:\WINDOWS\SYSTEM32\MRT.exe aspack 03.01.2007 00:19:44 10980776 C:\WINDOWS\SYSTEM32\MRT.exe aspack 04.08.2004 13:00:00 733696 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 04.08.2004 13:00:00 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 27.04.2006 16:49:30 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe UPX! 29.08.2006 18:43:54 135168 C:\WINDOWS\SYSTEM32\swreg.exe UPX! 09.01.2006 09:36:06 40960 C:\WINDOWS\SYSTEM32\swsc.exe UPX! 01.12.2006 05:20:34 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe winsync 04.08.2004 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu PEC2 03.11.2006 10:02:58 8282112 C:\WINDOWS\SYSTEM32\wmploc.dll Checking %System%\Drivers folder and sub-folders... Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 12.02.2007 13:17:50 S 2048 C:\WINDOWS\bootstat.dat 22.12.2006 11:53:02 S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat 12.02.2007 13:19:18 H 1024 C:\WINDOWS\system32\config\default.LOG 12.02.2007 13:17:52 H 1024 C:\WINDOWS\system32\config\SAM.LOG 12.02.2007 13:28:10 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 12.02.2007 16:19:18 H 1024 C:\WINDOWS\system32\config\software.LOG 12.02.2007 16:15:18 H 1024 C:\WINDOWS\system32\config\system.LOG 12.01.2007 19:08:54 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 31.01.2007 13:22:10 S 1039 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 31.01.2007 13:22:10 S 126 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 04.01.2007 10:02:14 H 0 C:\WINDOWS\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf 29.12.2006 20:30:18 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\c383f7f3-b560-4a39-8d9e-712f15297274 29.12.2006 20:30:18 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred 01.01.2007 22:25:24 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\aa31284a-0c4d-4336-8980-a7322845b078 01.01.2007 22:25:24 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 12.02.2007 13:17:52 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... 19.08.2003 08:20:04 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl Microsoft Corporation 04.08.2004 13:00:00 70656 C:\WINDOWS\SYSTEM32\access.cpl Realtek Semiconductor Corp. 21.09.2005 03:25:50 R 299008 C:\WINDOWS\SYSTEM32\ALSndMgr.Cpl Microsoft Corporation 04.08.2004 13:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 04.08.2004 13:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 04.08.2004 13:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 04.08.2004 13:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 04.08.2004 13:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 17.10.2006 12:05:48 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 04.08.2004 13:00:00 133120 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 04.08.2004 13:00:00 381440 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 04.08.2004 13:00:00 69632 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 10.11.2005 12:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 04.08.2004 13:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 04.08.2004 13:00:00 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 04.08.2004 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 04.08.2004 13:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 04.08.2004 13:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl 10.10.2005 14:49:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 04.08.2004 13:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 04.08.2004 13:00:00 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl Realtek Semiconductor Corp. 10.01.2006 06:58:40 R 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.Cpl Microsoft Corporation 04.08.2004 13:00:00 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 04.08.2004 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 04.08.2004 13:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 04.08.2004 13:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26.05.2005 03:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 04.08.2004 13:00:00 70656 C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 04.08.2004 13:00:00 555008 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl Microsoft Corporation 04.08.2004 13:00:00 138240 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl Microsoft Corporation 04.08.2004 13:00:00 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl Microsoft Corporation 04.08.2004 13:00:00 157184 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 17.10.2006 12:05:48 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 04.08.2004 13:00:00 133120 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl Microsoft Corporation 04.08.2004 13:00:00 69632 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation 04.08.2004 13:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 04.08.2004 13:00:00 625152 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation 04.08.2004 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 04.08.2004 13:00:00 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl Microsoft Corporation 04.08.2004 13:00:00 260096 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 04.08.2004 13:00:00 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 04.08.2004 13:00:00 117248 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation 04.08.2004 13:00:00 159744 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl Microsoft Corporation 04.08.2004 13:00:00 303104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl Microsoft Corporation 04.08.2004 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 04.08.2004 13:00:00 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl Microsoft Corporation 04.08.2004 13:00:00 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl Microsoft Corporation 26.05.2005 03:16:22 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 27.05.2006 11:21:44 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini 28.05.2006 16:44:02 1857 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk 28.05.2006 16:42:32 1610 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 27.06.2006 21:16:58 305 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html 27.05.2006 12:13:54 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini Checking files in %USERPROFILE%\Startup folder... 27.05.2006 11:21:44 HS 84 C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 27.05.2006 12:13:54 HS 62 C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\desktop.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} SSVHelper Class = C:\Programme\Java\jre1.5.0_06\bin\ssv.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} Windows Live Sign-in Helper = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\system32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9} ButtonText = ICQ Lite : C:\Programme\ICQLite\ICQLite.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-Band = %SystemRoot%\system32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = : {EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar : {855F3B16-6D32-4FE6-8A56-BBB695989046} = : {96EBBE6A-2864-4345-B32B-26EE9BE524B5} = : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] nwiz nwiz.exe /install NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit RTHDCPL RTHDCPL.EXE Alcmtr ALCMTR.EXE NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe SunJavaUpdateSched C:\Programme\Java\jre1.5.0_06\bin\jusched.exe ICQ Lite "C:\Programme\ICQLite\ICQLite.exe" -minimize avgnt "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup fpagclmg C:\cblywovn.bat kxjfdjjj C:\ycdrdlvg.bat [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] LDM C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe MsnMsgr "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background MSMSGS "C:\Programme\Messenger\msmsgs.exe" /background Steam "c:\valve\steam\steam.exe" -silent ctfmon.exe C:\WINDOWS\system32\ctfmon.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] ICQ Lite C:\Programme\ICQLite\ICQLite.exe -trayboot [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll WPDShServiceObj {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 12.02.2007 16:19:24 |
|
|
|
|
|
|
12.02.2007, 16:34
Ehrenmitglied
Beiträge: 29434 |
#8
die logs sind i.o.
 scanne mit kaspersky und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
hab da seid 2 Tagen ne Datei drauf die jedesmal nach dem Hochfahren des PC´s sich ausführen will .... Aber hab se noch nicht ausgeführt immer auf Abbrechen gedrückt .
Die Datei ist in C:\Recycler aber ich find da nix ^^
Hier Log:
Logfile of HijackThis v1.99.1
Scan saved at 08:51, on 07-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\SetPoint\KEM.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://silkroad-center.planet-multiplayer.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=explorer.exe C:\RECYCLER\services.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O18 - Protocol: bw+0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D4153DC1-D82A-4ECA-AF90-8A4CB963FE62} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe