Popups von DriveCleaner, Winantivirus 2006, Sicherheitscenter, Search the Web un

#0
20.05.2007, 12:41
Member

Beiträge: 3716
#16 jetzt brauch ich nur noch filelist und combofixlog
Seitenanfang Seitenende
20.05.2007, 12:47
Member

Beiträge: 17
#17 Hab ich gerade oben editiert...konnte leider nicht auf meinen eigenen Beitrag antworten...
Seitenanfang Seitenende
20.05.2007, 13:42
Member

Beiträge: 3716
#18 hi, öffne arbeitsplatz,extras,ordneroptionen,ansicht dort einstellen:
- dateinamenerweiterungen bei bekannten dateitypen ausblenden off,
- geschützte systemdateien ausblenden off
- inhalte von systemordnern einblenden on
- versteckte dateien und ordner alle einblenden on
lad folgende dateien hier hoch, poste gesammtes ergebnss:
http://www.virustotal.com/en/indexf.html

C:\s25g
C:\WINDOWS\system32\blacori.dll
C:\DOKUME~1\MARTIN~1\LOKALE~1\Temp\ tmp1.tmp.exe
tmp2.tmp.exe
tmp1.tmp.dll
DelUS.bat
Seitenanfang Seitenende
20.05.2007, 16:14
Member

Beiträge: 17
#19 Hier das Ergebnis:

STATUS: FINISHEDComplete scanning result of "s25g", received in VirusTotal at 05.20.2007, 15:30:41 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.16.1 05.18.2007 no virus found
AntiVir 7.4.0.23 05.18.2007 no virus found
Authentium 4.93.8 05.18.2007 no virus found
Avast 4.7.997.0 05.18.2007 no virus found
AVG 7.5.0.467 05.20.2007 no virus found
BitDefender 7.2 05.20.2007 no virus found
CAT-QuickHeal 9.00 05.18.2007 no virus found
ClamAV devel-20070416 05.20.2007 no virus found
DrWeb 4.33 05.20.2007 no virus found
eSafe 7.0.15.0 05.20.2007 no virus found
eTrust-Vet 30.7.3644 05.19.2007 no virus found
Ewido 4.0 05.20.2007 no virus found
FileAdvisor 1 05.20.2007 no virus found
Fortinet 2.85.0.0 05.20.2007 no virus found
F-Prot 4.3.2.48 05.18.2007 no virus found
F-Secure 6.70.13030.0 05.18.2007 no virus found
Ikarus T3.1.1.7 05.20.2007 no virus found
Kaspersky 4.0.2.24 05.20.2007 no virus found
McAfee 5034 05.18.2007 no virus found
Microsoft 1.2503 05.20.2007 no virus found
NOD32v2 2278 05.20.2007 no virus found
Norman 5.80.02 05.18.2007 no virus found
Panda 9.0.0.4 05.20.2007 no virus found
Prevx1 V2 05.20.2007 no virus found
Sophos 4.17.0 05.20.2007 no virus found
Sunbelt 2.2.907.0 05.17.2007 no virus found
Symantec 10 05.20.2007 no virus found
TheHacker 6.1.6.118 05.18.2007 no virus found
VBA32 3.12.0 05.20.2007 no virus found
VirusBuster 4.3.7:9 05.20.2007 no virus found
Webwasher-Gateway 6.0.1 05.18.2007 no virus found


Aditional Information
File size: 510 bytes
MD5: f1abedab957be909f3f8b4bb000cf96e


STATUS: FINISHEDComplete scanning result of "blacori.dll", received in VirusTotal at 05.20.2007, 15:35:47 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.16.1 05.18.2007 no virus found
AntiVir 7.4.0.23 05.18.2007 TR/Agent.AUQ
Authentium 4.93.8 05.18.2007 no virus found
Avast 4.7.997.0 05.18.2007 no virus found
AVG 7.5.0.467 05.20.2007 Downloader.Generic4.KSQ
BitDefender 7.2 05.20.2007 Trojan.Agent.AUQ
CAT-QuickHeal 9.00 05.18.2007 no virus found
ClamAV devel-20070416 05.20.2007 no virus found
DrWeb 4.33 05.20.2007 no virus found
eSafe 7.0.15.0 05.20.2007 Win32.ConHook.bf
eTrust-Vet 30.7.3644 05.19.2007 no virus found
Ewido 4.0 05.20.2007 Downloader.ConHook.bf
FileAdvisor 1 05.20.2007 no virus found
Fortinet 2.85.0.0 05.20.2007 W32/ConHook.BF!tr.dldr
F-Prot 4.3.2.48 05.18.2007 no virus found
F-Secure 6.70.13030.0 05.18.2007 Trojan-Downloader.Win32.ConHook.bf
Ikarus T3.1.1.7 05.20.2007 Trojan-Spy.Win32.Bancos.ha
Kaspersky 4.0.2.24 05.20.2007 Trojan-Downloader.Win32.ConHook.bf
McAfee 5034 05.18.2007 Vundo
Microsoft 1.2503 05.20.2007 VirTool:Win32/Obfuscator.C
NOD32v2 2278 05.20.2007 Win32/TrojanDownloader.ConHook.BF
Norman 5.80.02 05.18.2007 W32/Suspicious_U.gen
Panda 9.0.0.4 05.20.2007 Trj/Downloader.OHT
Prevx1 V2 05.20.2007 Dropper.Payload
Sophos 4.17.0 05.20.2007 Troj/ConHook-AD
Sunbelt 2.2.907.0 05.17.2007 VIPRE.Suspicious
Symantec 10 05.20.2007 Trojan Horse
TheHacker 6.1.6.118 05.18.2007 no virus found
VBA32 3.12.0 05.20.2007 Trojan-Downloader.Win32.ConHook.bf
VirusBuster 4.3.7:9 05.20.2007 Packed/Upack
Webwasher-Gateway 6.0.1 05.18.2007 Trojan.Agent.AUQ


Aditional Information
File size: 21895 bytes
MD5: 49a183b3dff5c25f662c4ff4f9d490f9
SHA1: 9bcc3a2bf8ce225f3fd75484d2526fc952cd14d6
packers: UPack
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=e9ae93303371
Sunbelt info: VIPRE.Suspicious is a generic detection for potential Thread that are deemed suspicious through heuristics.

STATUS: FINISHEDComplete scanning result of "tmp1.tmp.exe", received in VirusTotal at 05.20.2007, 15:43:46 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.16.1 05.18.2007 no virus found
AntiVir 7.4.0.23 05.18.2007 TR/Dldr.Agent.40960.3
Authentium 4.93.8 05.18.2007 W32/Trojan.ABBB
Avast 4.7.997.0 05.18.2007 no virus found
AVG 7.5.0.467 05.20.2007 Downloader.Agent.KGR
BitDefender 7.2 05.20.2007 Trojan.Downloader.Agent.AMM
CAT-QuickHeal 9.00 05.18.2007 TrojanDownloader.Agent.bjk
ClamAV devel-20070416 05.20.2007 Trojan.Downloader-5631
DrWeb 4.33 05.20.2007 Trojan.DownLoader.19433
eSafe 7.0.15.0 05.20.2007 Win32.Agent.bjk
eTrust-Vet 30.7.3644 05.19.2007 Win32/SillyDl.CPH
Ewido 4.0 05.20.2007 Downloader.Agent.bjk
FileAdvisor 1 05.20.2007 High Thread detected
Fortinet 2.85.0.0 05.20.2007 W32/Dloader.EPU!tr
F-Prot 4.3.2.48 05.18.2007 W32/Trojan.ABBB
F-Secure 6.70.13030.0 05.18.2007 Trojan-Downloader.Win32.Agent.bjk
Ikarus T3.1.1.7 05.20.2007 Trojan-Downloader.Win32.Agent.bjk
Kaspersky 4.0.2.24 05.20.2007 Trojan-Downloader.Win32.Agent.bjk
McAfee 5034 05.18.2007 Generic Downloader.ab
Microsoft 1.2503 05.20.2007 TrojanDownloader:Win32/Agent!9C03
NOD32v2 2278 05.20.2007 Win32/TrojanDownloader.Agent.BJK
Norman 5.80.02 05.18.2007 W32/Agent.BMEY
Panda 9.0.0.4 05.20.2007 Trj/Downloader.NZR
Prevx1 V2 05.20.2007 Spyware.Lineage
Sophos 4.17.0 05.20.2007 Troj/Agent-EKY
Sunbelt 2.2.907.0 05.17.2007 Trojan-Downloader.Win32.Agent.amm
Symantec 10 05.20.2007 Downloader
TheHacker 6.1.6.118 05.18.2007 no virus found
VBA32 3.12.0 05.20.2007 Trojan.DownLoader.19433
VirusBuster 4.3.7:9 05.20.2007 Trojan.DL.Agent.GSW
Webwasher-Gateway 6.0.1 05.18.2007 Trojan.Dldr.Agent.40960.3


Aditional Information
File size: 40960 bytes
MD5: 6110244770bc56d24ec11559c4a31ac4
SHA1: 185128bac57df077ec855a452c2e9e3d9faabd6d
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=6110244770bc56d24ec11559c4a31ac4
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=6e4579802179


STATUS: FINISHEDComplete scanning result of "tmp2.tmp.exe", received in VirusTotal at 05.20.2007, 15:51:21 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.16.1 05.18.2007 no virus found
AntiVir 7.4.0.23 05.18.2007 no virus found
Authentium 4.93.8 05.18.2007 no virus found
Avast 4.7.997.0 05.18.2007 no virus found
AVG 7.5.0.467 05.20.2007 no virus found
BitDefender 7.2 05.20.2007 no virus found
CAT-QuickHeal 9.00 05.18.2007 (Suspicious) - DNAScan
ClamAV devel-20070416 05.20.2007 no virus found
DrWeb 4.33 05.20.2007 Trojan.Packed.49
eSafe 7.0.15.0 05.20.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3644 05.19.2007 no virus found
Ewido 4.0 05.20.2007 no virus found
FileAdvisor 1 05.20.2007 no virus found
Fortinet 2.85.0.0 05.20.2007 suspicious
F-Prot 4.3.2.48 05.18.2007 no virus found
F-Secure 6.70.13030.0 05.18.2007 no virus found
Ikarus T3.1.1.7 05.20.2007 Trojan-Downloader.Win32.Zlob.and
Kaspersky 4.0.2.24 05.20.2007 no virus found
McAfee 5034 05.18.2007 New Malware.aj
Microsoft 1.2503 05.20.2007 no virus found
NOD32v2 2278 05.20.2007 no virus found
Norman 5.80.02 05.18.2007 W32/Suspicious_U.gen
Panda 9.0.0.4 05.20.2007 Suspicious file
Prevx1 V2 05.20.2007 no virus found
Sophos 4.17.0 05.20.2007 no virus found
Sunbelt 2.2.907.0 05.17.2007 no virus found
Symantec 10 05.20.2007 no virus found
TheHacker 6.1.6.118 05.18.2007 no virus found
VBA32 3.12.0 05.20.2007 no virus found
VirusBuster 4.3.7:9 05.20.2007 no virus found
Webwasher-Gateway 6.0.1 05.18.2007 Win32.Malware.gen (suspicious)


Aditional Information
File size: 233071 bytes
MD5: eebb59e2c342aea2901fc7b4ba65b365
SHA1: f96b446bf6c6c792bc9034c63477a561c2899c00


STATUS: FINISHEDComplete scanning result of "tmp1.tmp.dll", received in VirusTotal at 05.20.2007, 16:02:49 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.16.1 05.18.2007 no virus found
AntiVir 7.4.0.23 05.18.2007 TR/Dldr.ConHook.Gen
Authentium 4.93.8 05.18.2007 no virus found
Avast 4.7.997.0 05.18.2007 no virus found
AVG 7.5.0.467 05.20.2007 no virus found
BitDefender 7.2 05.20.2007 no virus found
CAT-QuickHeal 9.00 05.18.2007 no virus found
ClamAV devel-20070416 05.20.2007 no virus found
DrWeb 4.33 05.20.2007 no virus found
eSafe 7.0.15.0 05.20.2007 no virus found
eTrust-Vet 30.7.3644 05.19.2007 no virus found
Ewido 4.0 05.20.2007 no virus found
FileAdvisor 1 05.20.2007 no virus found
Fortinet 2.85.0.0 05.20.2007 suspicious
F-Prot 4.3.2.48 05.18.2007 no virus found
F-Secure 6.70.13030.0 05.18.2007 no virus found
Ikarus T3.1.1.7 05.20.2007 Trojan-Spy.Win32.Bancos.ha
Kaspersky 4.0.2.24 05.20.2007 no virus found
McAfee 5034 05.18.2007 no virus found
Microsoft 1.2503 05.20.2007 VirTool:Win32/Obfuscator.C
NOD32v2 2278 05.20.2007 no virus found
Norman 5.80.02 05.18.2007 W32/Suspicious_U.gen
Panda 9.0.0.4 05.20.2007 Suspicious file
Prevx1 V2 05.20.2007 Polynomial.Code.Exploit
Sophos 4.17.0 05.20.2007 Mal/Packer
Sunbelt 2.2.907.0 05.17.2007 VIPRE.Suspicious
Symantec 10 05.20.2007 no virus found
TheHacker 6.1.6.118 05.18.2007 no virus found
VBA32 3.12.0 05.20.2007 no virus found
VirusBuster 4.3.7:9 05.20.2007 Packed/Upack
Webwasher-Gateway 6.0.1 05.18.2007 Trojan.Dldr.ConHook.Gen


Aditional Information
File size: 38126 bytes
MD5: 7812e73212e66953fca094de428cebf8
SHA1: d46725f6cfcf764053904ad12e076b22fdf2e6e1
packers: UPack
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=9ecd96136078
Sunbelt info: VIPRE.Suspicious is a generic detection for potential Thread that are deemed suspicious through heuristics.


STATUS: FINISHEDComplete scanning result of "DelUS.bat", received in VirusTotal at 05.20.2007, 16:10:03 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.16.1 05.18.2007 no virus found
AntiVir 7.4.0.23 05.18.2007 no virus found
Authentium 4.93.8 05.18.2007 no virus found
Avast 4.7.997.0 05.18.2007 no virus found
AVG 7.5.0.467 05.20.2007 no virus found
BitDefender 7.2 05.20.2007 no virus found
CAT-QuickHeal 9.00 05.18.2007 no virus found
ClamAV devel-20070416 05.20.2007 no virus found
DrWeb 4.33 05.20.2007 no virus found
eSafe 7.0.15.0 05.20.2007 no virus found
eTrust-Vet 30.7.3644 05.19.2007 no virus found
Ewido 4.0 05.20.2007 no virus found
FileAdvisor 1 05.20.2007 no virus found
Fortinet 2.85.0.0 05.20.2007 no virus found
F-Prot 4.3.2.48 05.18.2007 no virus found
F-Secure 6.70.13030.0 05.18.2007 no virus found
Ikarus T3.1.1.7 05.20.2007 no virus found
Kaspersky 4.0.2.24 05.20.2007 no virus found
McAfee 5034 05.18.2007 no virus found
Microsoft 1.2503 05.20.2007 no virus found
NOD32v2 2278 05.20.2007 no virus found
Norman 5.80.02 05.18.2007 no virus found
Panda 9.0.0.4 05.20.2007 no virus found
Prevx1 V2 05.20.2007 no virus found
Sophos 4.17.0 05.20.2007 no virus found
Sunbelt 2.2.907.0 05.17.2007 no virus found
Symantec 10 05.20.2007 no virus found
TheHacker 6.1.6.118 05.18.2007 no virus found
VBA32 3.12.0 05.20.2007 no virus found
VirusBuster 4.3.7:9 05.20.2007 no virus found
Webwasher-Gateway 6.0.1 05.18.2007 no virus found


Aditional Information
File size: 516 bytes
MD5: 972846f1137ac1dfced424d559c31b6f
SHA1: 32fe53bc52bf36111244cccc8b6da085c88a8942


und nun?

LG, Heike
Seitenanfang Seitenende
28.05.2007, 11:13
Member

Beiträge: 17
#20 Huhu Virenfinder,
ich hänge hier noch. Hoffe, Du bist nicht im Urlaub... ;-) ...

Liebe Grüsse
Heike
Seitenanfang Seitenende
28.05.2007, 11:17
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#21 Er faengt anscheinend Viren
Tag Heike
Wenn du willst Starten wir neu!
__________
MfG Argus
Seitenanfang Seitenende
28.05.2007, 11:20
Member

Beiträge: 17
#22 Bin hier für jede Hilfe dankbar. Hab doch null Ahnung...*kopfkratz*.
Danke für Dein Angebot, Arnold. Das nehme ich gerne an.
Seitenanfang Seitenende
28.05.2007, 11:24
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#23 Also,Entferne ComboFix von dein Rechner,danach Papierkorb lehren

Jetzt wieder wie angegeben wieder Installieren
Download ComboFix zum Desktop
Doppelklick combofix.exe
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile(combofix.txt).
Poste nachher den logfile C:\combofix.txt in dein folgender Bericht zuzammen mit ein log von HijackThis
__________
MfG Argus
Seitenanfang Seitenende
28.05.2007, 12:16
Member

Beiträge: 17
#24 Hallo Arnold,

hier die Meldung von Comofix:

"C:\WINDOWS\system32\tmp4.tmp.dll"
"C:\WINDOWS\system32\tmp71.tmp.dll"

bzw. das File von ComboFix-quarantined-files.txt

Code

1998-12-02 09:11      143360    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vbuzip10.dll.vir
2001-08-18 14:00      1015477    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\esentprf.ini.vir
2005-09-26 18:34      1407    --a------    C:\Qoobox\Quarantine\C\INSTALL.LOG.vir
2007-03-23 20:08      37193    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\lsasss.exe.vir
2007-03-25 14:16      919772    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\PerfStringBackup.INI.vir
2007-05-18 21:29      38122    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp1.tmp.dll.vir
2007-05-20 22:33      38144    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp71.tmp.dll.vir
2007-05-22 19:57      38154    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp4.tmp.dll.vir


Auflistung der Ordnerpfade fr Volume BOOT
Volumenummer: 0C6F-2D65
C:\QOOBOX
\---Quarantine
    +---C
    |   |   INSTALL.LOG.vir
    |   |  
    |   \---WINDOWS
    |       \---system32
    |               esentprf.ini.vir
    |               lsasss.exe.vir
    |               PerfStringBackup.INI.vir
    |               tmp1.tmp.dll.vir
    |               tmp4.tmp.dll.vir
    |               tmp71.tmp.dll.vir
    |               vbuzip10.dll.vir
    |              
    \---Registry_backups
Jetzt noch das HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:17:25, on 28.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\PC Tools Firewall Plus\PCTFW.exe
C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam10\QuickCam10.exe
C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\DOKUME~1\MARTIN~1\LOKALE~1\Temp\tmp1.tmp.exe
C:\Programme\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\UltimateZip 2.7\uzqkst.exe
C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Martin Ströbele\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8P0PEFGX\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3b117fbc-0420-44af-8e14-af70dc3e69a9} - C:\WINDOWS\system32\blacori.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HotKeys\Ikeymain.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [wlconfig] C:\Programme\WLAN Monitor\wlconfig.exe -autostart
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ALDI_SUED_FotoSuite_Download] "C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCTools FW] C:\Programme\PC Tools Firewall Plus\PCTFW.exe /s
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSetup] G:\Setup\Setup.exe /start /restart /l:deu
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SysRestore] "C:\DOKUME~1\MARTIN~1\LOKALE~1\Temp\tmp1.tmp.exe"
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programme\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Programme\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?5e737ea4fefa47e8b9cdddf6e6bbd6d2
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?5e737ea4fefa47e8b9cdddf6e6bbd6d2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{723AB3B7-E5DB-4867-950A-9BD614A545EA}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol: bw+0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: blacori - C:\WINDOWS\SYSTEM32\blacori.dll
O23 - Service: AccSys WiFi Server (AccWLSvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Programme\Sygate\SPF\Smc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Sptisrv.exe
Seitenanfang Seitenende
28.05.2007, 12:19
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#25 Kopiere den Inhalt des Berichts C:\ combofix.txt
__________
MfG Argus
Seitenanfang Seitenende
28.05.2007, 12:28
Member

Beiträge: 17
#26 Hallo Arnold,

mehr hab ich leider nicht. Nur das Quarantäne-File...Muss ich das jetzt noch einmal machen???
Seitenanfang Seitenende
28.05.2007, 12:30
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#27 Benutze mal Start>Suchen gib ein: combofix.txt
__________
MfG Argus
Seitenanfang Seitenende
28.05.2007, 12:31
Member

Beiträge: 17
#28 Lach - hab ich gerade gemacht und bin fündig geworden....sorry

"Martin Str”bele" - 2007-05-28 11:36:15 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Dokumente und Einstellungen\Martin Str”bele\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\tmp4.tmp.dll"
"C:\WINDOWS\system32\tmp71.tmp.dll"


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 ))))))))))))))))))))))))))))))))))


2007-05-27 22:16 106,401 --a------ C:\WINDOWS\ddbxxw.dll
2007-05-20 09:55 106,476 --a------ C:\WINDOWS\urpnnl.dll
2007-05-12 12:44 <DIR> d-------- C:\MAUSJAGD
2007-05-07 21:58 <DIR> d-------- C:\DOKUME~1\MARTIN~1\ANWEND~1\Ringjacker
2007-05-05 12:06 <DIR> d-------- C:\DOKUME~1\MARTIN~1\ANWEND~1\skySpace
2007-05-05 11:38 <DIR> d-------- C:\Programme\ElsterFormular
2007-05-04 20:42 21,895 --------- C:\WINDOWS\system32\blacori.dll
2007-05-03 18:10 933,536 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2007-05-03 18:10 7,734 -ra------ C:\WINDOWS\system32\Repository.reg
2007-05-03 18:10 527,136 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2007-05-03 18:10 40,352 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-05-03 18:10 348,160 -ra------ C:\WINDOWS\system\msvcr71.dll
2007-05-03 18:10 264,992 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2007-05-03 18:10 211,744 -ra------ C:\WINDOWS\system32\LVUI2.dll
2007-05-03 18:10 13,344 -ra------ C:\WINDOWS\system32\drivers\lv302af.sys
2007-05-03 18:10 121,632 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2007-05-03 17:57 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-05-03 17:52 <DIR> d-------- C:\Programme\Logitech
2007-05-03 17:52 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Logitech
2007-05-03 17:52 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Logishrd
2007-05-03 17:52 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Logitech
2007-05-03 17:44 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-05-03 17:39 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-05-02 21:21 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype
2007-05-02 21:21 <DIR> d-------- C:\DOKUME~1\MARTIN~1\ANWEND~1\Skype
2007-05-02 21:21 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Skype
2007-05-02 21:20 <DIR> d-------- C:\Programme\Skype


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-28 09:02:20 -------- d-----w C:\Programme\WLAN Monitor
2007-05-27 15:14:39 -------- d-----w C:\Programme\HotKeys
2007-05-21 20:27:55 -------- d-----w C:\Programme\StarMoney 5.0
2007-05-12 10:45:21 -------- d-----w C:\Programme\QuickTime
2007-05-07 16:55:33 -------- d-----w C:\Programme\AVPersonal
2007-05-07 16:28:59 -------- d--h--w C:\Programme\WindowsUpdate
2007-05-07 16:28:55 -------- d-----w C:\Programme\StarMoney 4.0 S-Edition
2007-05-07 16:28:52 -------- d-----w C:\Programme\StarMoney 3.0 S-Edition
2007-05-07 16:28:43 -------- d-----w C:\Programme\MSN Messenger
2007-05-07 16:28:37 -------- d-----w C:\Programme\Homebanking mit AOL und StarMoney
2007-05-07 16:28:33 -------- d-----w C:\Programme\Gemeinsame Dateien\aol
2007-05-07 16:27:51 -------- d-----w C:\DOKUME~1\MARTIN~1\ANWEND~1\AOL
2007-05-07 16:18:22 -------- d-----w C:\Programme\Windows Live Toolbar
2007-05-05 09:38:44 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-04-04 16:07:26 -------- d-----w C:\Programme\PC Tools Firewall Plus
2007-04-04 16:06:58 37,376 ----a-w C:\WINDOWS\system32\drivers\pctfw.sys
2007-04-04 16:06:57 77,312 ----a-w C:\WINDOWS\system32\drivers\pctfw1.sys
2007-03-25 12:16:34 68,096 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-03-25 12:16:34 398,334 ----a-w C:\WINDOWS\system32\perfh007.dat
2004-08-03 22:58:10 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
2004-08-03 22:57:38 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-03 22:57:30 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2001-08-18 12:00:00 94,800 -csh--w C:\WINDOWS\twain.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{3b117fbc-0420-44af-8e14-af70dc3e69a9}=C:\WINDOWS\system32\blacori.dll [2007-05-04 20:42]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Programme\Windows Live Toolbar\msntb.dll [2006-09-27 18:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" []
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" []
"Share-to-Web Namespace Daemon"="C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" []
"nwiz"="nwiz.exe" [2002-03-09 10:53 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="NvQTwk" []
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" []
"LWBMOUSE"="C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" []
"iKeyWorks"="C:\PROGRA~1\HotKeys\Ikeymain.exe" []
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" []
"RealTray"="C:\Programme\Real\RealPlayer\RealPlay.exe" []
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_05\bin\jusched.exe" []
"wlconfig"="C:\Programme\WLAN Monitor\wlconfig.exe" []
"AVGCtrl"="C:\Programme\AVPersonal\AVGNT.exe" [2007-03-23 20:08]
"ALDI_SUED_FotoSuite_Download"="C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" [2007-03-23 20:08]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-03-23 20:08]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-03-23 20:08]
"PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 20:08]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2007-03-23 20:08]
"PCTools FW"="C:\Programme\PC Tools Firewall Plus\PCTFW.exe" [2007-01-22 10:26]
"LogitechCommunicationsManager"="C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03]
"LogitechQuickCamRibbon"="C:\Programme\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58]
"LVCOMSX"="C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" [2007-03-23 20:08]
"PcSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-23 20:08]
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-03-30 13:34]
"LogitechSetup"="G:\Setup\Setup.exe" []
"LDM"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-03 17:57]
"SysRestore"="C:\DOKUME~1\MARTIN~1\LOKALE~1\Temp\tmp1.tmp.exe" [2007-05-27 17:14]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\blacori]
blacori.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=


Contents of the 'Scheduled Tasks' folder
2007-05-28 09:31:00 C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-28 12:06:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************

Completion time: 2007-05-28 12:09:01
C:\ComboFix-quarantined-files.txt ... 2007-05-28 12:08

--- E O F ---
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\tmp4.tmp.dll"
"C:\WINDOWS\system32\tmp71.tmp.dll"


((((((((((((((((((((((((((((((( Files Created from 28.0-01-07 to 28.05.2007 ))))))))))))))))))))))))))))))))))
Seitenanfang Seitenende
28.05.2007, 12:45
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#29 Wie steht das bei dir im Rechner
C:\DOKUME~1\MARTIN~1\LOKALE~1\Temp\tmp1.tmp.exe
__________
MfG Argus
Seitenanfang Seitenende
28.05.2007, 12:47
Member

Beiträge: 17
#30 Was meinst du? Ich verstehe die Frage nicht...

Die genaue Bezeichnung lautet:

C:\Dokumente und Einstellungen\Martin Ströbele\Lokale Einstellungen\Tmp\tmp1.temp.exe

Meinst Du das?
Dieser Beitrag wurde am 28.05.2007 um 12:55 Uhr von milkalover editiert.
Seitenanfang Seitenende