Cia Trojaner endgeckt

#1 hilfe hi ich hab den ciadoor irgent was drauf also cia trojaner. mein antivier hats jetz das dritte mal angezeigt. hab immer auf löschen geklickt doch nichts is besser geworden. wie bekomm ich den Schei... runter von mein rechner. !ohne formatieren! ich brauch den rechner jeden tag. der trojaner is vor drei tagen das erste mal auf getaucht. wo ich den mir eingefangen hab ? kp bis jetz hab ich noch keine probleme gehabt aber ich hab angst wegen mein steam acc und der rest

#2 Wenn das wirklich ein CIAdoor ist, werden wir einiges an Probleme bekommen, was das Verhalten des Systems angeht, da der doch recht stark in der Registrierung wuetet.

Poste bitte die Infos aus Punkt 2 und 3 http://board.protecus.de/t23188.htm
__________
MfG Ralf
SEO-Spam Hunter

#3 "333.sDk" - 2007-05-27 18:49:45 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Dokumente und Einstellungen\333.sDk\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-27 to 2007-05-27 ))))))))))))))))))))))))))))))))))


2007-05-27 18:44 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-26 20:26 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2007-05-24 15:21 <DIR> d-------- C:\WINDOWS\Icon_Patcher
2007-05-20 12:47 <DIR> d-------- C:\Programme\Elaborate Bytes
2007-05-20 00:50 302,592 --a------ C:\WINDOWS\unin0407.exe
2007-05-20 00:49 <DIR> d-------- C:\Dokumente und Einstellungen\333.sDk\WINDOWS
2007-05-20 00:49 <DIR> d-------- C:\DOKUME~1\333.sDk\WINDOWS
2007-05-18 18:13 <DIR> d-------- C:\Programme\AlienGUIse
2007-05-07 17:29 <DIR> d-------- C:\DOKUME~1\333.sDk\ANWEND~1\Media Player Classic
2007-05-07 17:26 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-07 17:26 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-05-07 17:26 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-05-07 17:26 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-07 17:26 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-05-07 17:26 <DIR> d-------- C:\Programme\K-Lite Codec Pack
2007-05-06 20:36 <DIR> d-------- C:\DOKUME~1\333.sDk\ANWEND~1\Opera
2007-05-06 19:52 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe Systems
2007-05-06 19:45 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared
2007-05-06 19:37 <DIR> d-------- C:\Programme\Photoshop CS2
2007-05-04 14:53 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Ubisoft
2007-05-03 21:24 <DIR> d-------- C:\Programme\ICQLite
2007-05-03 21:19 <DIR> d-------- C:\DOKUME~1\333.sDk\ANWEND~1\ICQ


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-27 16:48:57 63,580 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-05-27 16:48:57 391,000 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-05-27 16:46:40 -------- d-----w C:\Programme\ICQToolbar
2007-05-24 13:07:55 -------- d-----w C:\Programme\Windows NT
2007-05-20 10:45:29 -------- d-----w C:\Programme\Ahead
2007-05-18 20:08:50 887,808 ----a-w C:\WINDOWS\system32\shdoclc.dll
2007-05-18 20:07:05 132,096 ----a-w C:\WINDOWS\system32\mycomput.dll
2007-05-18 20:07:04 1,113,600 ----a-w C:\WINDOWS\system32\setupapi.dll
2007-05-18 20:07:03 73,728 ----a-w C:\WINDOWS\system32\winchat.exe
2007-05-18 20:07:03 151,552 ----a-w C:\WINDOWS\system32\wscript.exe
2007-05-18 20:07:03 123,392 ----a-w C:\WINDOWS\system32\winmine.exe
2007-05-18 20:07:02 53,248 ----a-w C:\WINDOWS\system32\utilman.exe
2007-05-18 20:07:02 52,224 ----a-w C:\WINDOWS\system32\syncapp.exe
2007-05-18 20:07:02 496,128 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
2007-05-18 20:07:01 1,979,904 ----a-w C:\WINDOWS\system32\spider.exe
2007-05-18 20:07:01 1,404,416 ----a-w C:\WINDOWS\system32\cards.dll
2007-05-18 20:07:00 442,368 ----a-w C:\WINDOWS\system32\sol.exe
2007-05-18 20:06:59 80,384 ----a-w C:\WINDOWS\system32\rtcshare.exe
2007-05-18 20:06:59 261,632 ----a-w C:\WINDOWS\system32\sndrec32.exe
2007-05-18 20:06:59 159,744 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-05-18 20:06:58 71,680 ----a-w C:\WINDOWS\notepad.exe
2007-05-18 20:06:58 45,056 ----a-w C:\WINDOWS\system32\rcimlby.exe
2007-05-18 20:06:58 293,888 ----a-w C:\WINDOWS\system32\osk.exe
2007-05-18 20:06:57 739,328 ----a-w C:\WINDOWS\system32\mstsc.exe
2007-05-18 20:06:57 58,368 ----a-w C:\WINDOWS\system32\narrator.exe
2007-05-18 20:06:57 365,056 ----a-w C:\WINDOWS\system32\mspaint.exe
2007-05-18 20:06:56 76,288 ----a-w C:\WINDOWS\system32\magnify.exe
2007-05-18 20:06:56 155,648 ----a-w C:\WINDOWS\system32\irftp.exe
2007-05-18 20:06:56 131,584 ----a-w C:\WINDOWS\system32\mshearts.exe
2007-05-18 20:06:55 83,968 ----a-w C:\WINDOWS\system32\charmap.exe
2007-05-18 20:06:55 404,480 ----a-w C:\WINDOWS\system32\cmd.exe
2007-05-18 20:06:54 477,184 ----a-w C:\WINDOWS\system32\zipfldr.dll
2007-05-18 20:06:54 191,488 ----a-w C:\WINDOWS\system32\accwiz.exe
2007-05-18 20:06:54 117,760 ----a-w C:\WINDOWS\system32\calc.exe
2007-05-18 20:06:53 754,176 ----a-w C:\WINDOWS\system32\wiashext.dll
2007-05-18 20:06:53 225,792 ----a-w C:\WINDOWS\system32\syncui.dll
2007-05-18 20:06:52 589,312 ----a-w C:\WINDOWS\system32\shimgvw.dll
2007-05-18 20:06:52 4,493,824 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2007-05-18 20:06:51 2,283,008 ----a-w C:\WINDOWS\system32\netshell.dll
2007-05-18 20:06:51 139,776 ----a-w C:\WINDOWS\system32\stobject.dll
2007-05-18 20:06:50 81,408 ----a-w C:\WINDOWS\system32\mydocs.dll
2007-05-18 20:06:49 336,896 ----a-w C:\WINDOWS\system32\mstask.dll
2007-05-18 20:06:49 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe
2007-05-18 20:06:49 128,512 ----a-w C:\WINDOWS\system32\msiexec.exe
2007-05-18 20:06:48 8,704 ----a-w C:\WINDOWS\system32\wpabaln.exe
2007-05-18 20:06:48 67,584 ----a-w C:\WINDOWS\system32\batmeter.dll
2007-05-18 20:06:48 200,192 ----a-w C:\WINDOWS\system32\moricons.dll
2007-05-18 20:06:48 1,485,312 ----a-w C:\WINDOWS\system32\msgina.dll
2007-05-18 20:06:47 440,832 ----a-w C:\WINDOWS\system32\freecell.exe
2007-05-18 20:06:47 126,232 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-05-18 20:06:47 101,376 ----a-w C:\WINDOWS\system32\ahui.exe
2007-05-18 20:06:46 92,672 ----a-w C:\WINDOWS\system32\cabview.dll
2007-05-18 20:06:46 83,968 ----a-w C:\WINDOWS\system32\dfrgres.dll
2007-05-18 20:06:46 56,320 ----a-w C:\WINDOWS\system32\migpwd.exe
2007-05-18 20:06:45 169,472 ----a-w C:\WINDOWS\system32\mobsync.exe
2007-05-18 20:06:40 406,528 ----a-w C:\WINDOWS\system32\fontext.dll
2007-05-18 20:06:40 231,424 ----a-w C:\WINDOWS\regedit.exe
2007-05-18 20:06:39 1,659,392 ----a-w C:\WINDOWS\explorer.exe
2007-05-18 20:06:38 189,952 ----a-w C:\WINDOWS\system32\photowiz.dll
2007-05-18 20:06:37 393,728 ----a-w C:\WINDOWS\system32\themeui.dll
2007-05-18 20:06:37 347,136 ----a-w C:\WINDOWS\system32\tourstart.exe
2007-05-18 20:06:37 31,744 ----a-w C:\WINDOWS\system32\stimon.exe
2007-05-18 20:06:36 59,904 ----a-w C:\WINDOWS\system32\sendmail.dll
2007-05-18 20:06:36 104,448 ----a-w C:\WINDOWS\system32\shrpubw.exe
2007-05-18 20:06:35 81,408 ----a-w C:\WINDOWS\system32\icmui.dll
2007-05-18 20:06:35 167,936 ----a-w C:\WINDOWS\system32\netid.dll
2007-05-18 20:06:35 133,632 ----a-w C:\WINDOWS\system32\hotplug.dll
2007-05-18 20:06:34 430,360 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-05-18 20:06:34 117,760 ----a-w C:\WINDOWS\system32\cleanmgr.exe
2007-05-18 20:06:33 869,376 ----a-w C:\WINDOWS\system32\rasdlg.dll
2007-05-18 20:06:33 224,256 ----a-w C:\WINDOWS\system32\taskmgr.exe
2007-05-18 20:06:32 744,448 ----a-w C:\WINDOWS\system32\comctl32.dll
2007-05-18 20:06:32 510,976 ----a-w C:\WINDOWS\system32\cmdial32.dll
2007-05-18 20:06:32 191,488 ----a-w C:\WINDOWS\system32\credui.dll
2007-05-18 20:06:31 32,768 ----a-w C:\WINDOWS\hh.exe
2007-05-18 20:03:23 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-05-18 20:03:18 1,949,696 ----a-w C:\WINDOWS\system32\logonui.exe
2007-04-21 14:18:43 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-19 18:01:19 1,261 ----a-w C:\WINDOWS\mozver.dat
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi(2).dll
2007-04-17 20:20:35 -------- d-----w C:\Programme\DynGate
2007-04-17 17:23:00 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-12 20:57:32 -------- d-----w C:\DOKUME~1\333.sDk\ANWEND~1\Apple Computer
2007-04-12 20:52:46 -------- d-----w C:\Programme\QuickTime
2007-04-12 20:51:53 -------- d-----w C:\Programme\Apple Software Update
2007-04-11 14:06:51 -------- d-----w C:\DOKUME~1\333.sDk\ANWEND~1\Ahead
2007-04-09 19:50:13 -------- d-----w C:\DOKUME~1\333.sDk\ANWEND~1\SecuROM
2007-04-09 19:23:50 -------- d-----w C:\DOKUME~1\333.sDk\ANWEND~1\InstallShield
2007-04-07 20:38:05 -------- d-----w C:\DOKUME~1\333.sDk\ANWEND~1\InterVideo
2007-04-07 20:36:51 -------- d-----w C:\Programme\InterVideo
2007-04-04 19:32:57 -------- d-----w C:\DOKUME~1\333.sDk\ANWEND~1\teamspeak2
2007-04-04 11:51:33 -------- d-----w C:\DOKUME~1\333.sDk\ANWEND~1\ICQLite
2007-04-01 20:09:42 -------- d-----w C:\Programme\eMule
2007-04-01 12:30:43 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2007-03-30 12:03:58 -------- d-----w C:\Programme\ZyAIR G-200
2007-03-29 16:50:54 456 ----a-w C:\WINDOWS\system32\pthsp.dat
2007-03-28 12:23:11 -------- d-----w C:\DOKUME~1\333.sDk\ANWEND~1\Help
2007-03-27 15:20:13 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-03-27 13:40:50 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-27 11:50:39 -------- d-----w C:\Programme\Save
2007-03-24 13:34:21 21,422 ----a-w C:\WINDOWS\system32\shsvcs32.dll
2007-03-24 13:31:06 137,216 ----a-w C:\WINDOWS\epuninstall.exe
2007-03-24 12:29:59 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-03-24 11:38:01 0 --sha-r C:\MSDOS.SYS
2007-03-24 11:38:01 0 --sha-r C:\IO.SYS
2007-03-24 11:38:01 0 ----a-w C:\CONFIG.SYS
2007-03-24 11:38:01 0 ----a-w C:\AUTOEXEC.BAT
2007-03-24 11:37:38 1,536 ----a-w C:\WINDOWS\system32\TrueSoft.dat
2007-03-24 11:34:40 21,740 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll []
{055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40]
{1999AA45-290B-42F0-8540-0BC1763927E9}=C:\WINDOWS\system32\shsvcs32.dll [2007-03-24 15:34]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-21 15:16]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-09-01 15:57]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"CloneCDElbyCDFL"="C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 14:09]
"CloneCDTray"="C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 10:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"LDM"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-03 18:01]
"Steam"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programme\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\valve\steam\steam.exe" -silent

*Newly Created Service* -PROCEXP90

Contents of the 'Scheduled Tasks' folder
2007-04-12 20:51:55 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-27 18:50:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-27 18:50:53

--- E O F ---
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^das war von Combo Fix !!
ich hoff das is das was du woltest in sowas bin ich voll der noob. hab das noch niee gemacht


Logfile of HijackThis v1.99.1
Scan saved at 18:53:33, on 27.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\ZyAIR G-200\OdHost.exe
C:\Programme\ZyAIR G-200\WLUSBCfg.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\ComboFix\9158.cfexe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\333.sDk\Desktop\Neuer Ordner\HijackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {1999AA45-290B-42F0-8540-0BC1763927E9} - C:\WINDOWS\system32\shsvcs32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: ZyAIR G-200 Wireless LAN Utility.lnk = C:\Programme\ZyAIR G-200\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174751750156
O18 - Protocol: bw+0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
und das von hijackthis

#4 Wo meldet Antivir diesen Backdoor genau?
__________
MfG Ralf
SEO-Spam Hunter

#5 em beim scannen sagt er nichts ...aber also heut früh hat er es gemeldet da war der. C:/System Volume Information weiter weis ich nich mehr.

wen es noch mal anzeigt werd ich es mir voll aufschreiben

#6 Deaktiviere die Systemwiederherstellung und aktiviere sie wieder. Sollte danach nochmal die Meldung auftauchen sag bescheid...
__________
MfG Ralf
SEO-Spam Hunter

#7 wie geht n das ?sag an und ich machs

#8 Aaarghh, Link vergessen. Sorry: http://www.bsi.bund.de/av/texte/wiederher.htm
__________
MfG Ralf
SEO-Spam Hunter

#9 Sh*t, auch ein Problem uebersehen:
2007-03-24 13:34:21 21,422 ----a-w C:\WINDOWS\system32\shsvcs32.dll

Also diesen eintrag in Hijackthis anhaken und fix checked druecken:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {1999AA45-290B-42F0-8540-0BC1763927E9} - C:\WINDOWS\system32\shsvcs32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

Dann bitte noch nachsehen, was sich in diesem Ordner befindet: c:\programme\save
__________
MfG Ralf
SEO-Spam Hunter

#10 Logfile of HijackThis v1.99.1
Scan saved at 21:34:47, on 27.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\ZyAIR G-200\OdHost.exe
C:\Programme\ZyAIR G-200\WLUSBCfg.exe
C:\ComboFix\9158.cfexe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\eMule\eMule.exe
C:\Programme\internet explorer\iexplore.exe
C:\Dokumente und Einstellungen\333.sDk\Desktop\Neuer Ordner\HijackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: ZyAIR G-200 Wireless LAN Utility.lnk = C:\Programme\ZyAIR G-200\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174751750156
O18 - Protocol: bw+0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {711999D9-9494-42EF-BD9C-AAE5D51DCF46} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

richtg so ?

#11 Ja, das sieht besser aus und sollte passen !
__________
MfG Ralf
SEO-Spam Hunter

#12 ok dan bedank ich mich mal jetz!. das du mir geholfen hast ich glaub nich das der noch mal angezeigt wird kp hab einfach so das gefühl ^^ also schöne tage noch