fservice exe fehler |
||
---|---|---|
#0
| ||
20.01.2008, 16:07
Member
Beiträge: 12 |
||
|
||
20.01.2008, 16:31
Ehrenmitglied
Beiträge: 1441 |
#2
thomasio
1. lade fixwareout (noch nicht anwenden) http://www.virus-protect.org/artikel/tools/fixwareout.html 2. HijackThis Schliesse alle Fenster und starte Hijack This Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked Zitat R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)3. wende fixwareout an 4. pc wird automatisch neustarten, falls nicht, starte du neu 5. poste hier den report von fixwareout 6. wende Combofix an - poste hier den Report http://www.virus-protect.org/artikel/tools/combofix.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
20.01.2008, 20:12
Member
Themenstarter Beiträge: 12 |
#3
so hier is der fixwareout report
mfg thomasio Username "Hilu" - 20.01.2008 19:55:27 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{287D6F3B-66EB-400E-8B00-E8450C554DD9} "DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{AA6CC07A-813A-4AE6-B43E-44F795AA7A35} "DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FAEF5795-5B18-439C-82C5-80C7FE45BE0A} "DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared. Der DNS-Auflösungscache wurde geleert. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "Dit"="Dit.exe" "CHotkey"="mHotkey.exe" "ledpointer"="CNYHKey.exe" "Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe" "Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "HotKey"="C:\\WINDOWS\\Twain_32\\SlimU2TA\\HotKey.exe" "PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\"" "RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "HostManager"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1165609237\\ee\\AOLSoftware.exe" "PCDefender"="C:\\Programme\\E-Press\\PC Defender\\bin\\ClamTray.exe --logon" "QuickTime Task"="\"E:\\qttask.exe\" -atboottime" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_03\\bin\\jusched.exe\"" "Sony Ericsson PC Suite"="\"C:\\Programme\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "LifeCam"="\"C:\\Programme\\Microsoft LifeCam\\LifeExp.exe\"" "VX1000"="C:\\WINDOWS\\vVX1000.exe" "DAEMON Tools"="\"D:\\DAEMON Tools\\daemon.exe\" -lang 1033" "cFosSpeed"="D:\\cFosSpeed.exe" "PTBSync"="D:\\PTBSync\\PTBSync.exe /Start" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "AntiSpyware"="D:\\AntiSpywareApp\\AntiSpyware.exe -boot" "AOL Fast Start"="\"C:\\Programme\\AOL 9.0 VRa\\AOL.EXE\" -b" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ |
|
|
||
20.01.2008, 20:14
Ehrenmitglied
Beiträge: 1441 |
#4
o.k.
nun poste das log von Combofix __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
20.01.2008, 21:20
Member
Themenstarter Beiträge: 12 |
#5
leider ist der log von combofix nicht erschienen sondern das fenster hat sich einfach geschlossen obwohl ich den anweisungen exakt gefolgt bin
mfg thomasio |
|
|
||
20.01.2008, 21:44
Ehrenmitglied
Beiträge: 1441 |
#6
poste alle logs von complet.bat
http://www.virus-protect.org/completbat.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
21.01.2008, 09:38
Member
Themenstarter Beiträge: 12 |
#7
hier sind die logs
Datenträger in Laufwerk C: ist BOOT Volumeseriennummer: 2496-AFED Verzeichnis von C:\ 2006-01-27 21:39 0 afile.txt 2006-01-27 21:39 0 aperf.txt 2006-01-27 21:39 0 asize.txt 2004-02-03 19:34 0 AUTOEXEC.BAT 2006-04-26 18:13 211 boot.ini 2002-08-29 13:00 4,952 bootfont.bin 2004-02-03 19:34 0 CONFIG.SYS 2008-01-21 09:32 0 DC.txt 2005-12-01 14:42 2,877 debugInstaller.txt 2005-07-06 13:29 411,136 DOKUM2 2004-09-01 13:49 1,165,312 Druckstudio.exe 2006-11-17 15:33 190 drwtsn32.log 2006-12-24 17:41 1 DXOkay.bin 1997-09-12 17:41 63,488 eztw32.dll 2004-12-26 12:10 38 FantasyDruckstudio.isu 2008-01-21 09:20 536,399,872 hiberfil.sys 2007-07-04 16:34 230,424 img2-001.raw 2007-07-03 17:18 230,424 img2-002.raw 2006-02-12 17:09 1,178 INSTALL.LOG 2004-02-03 19:34 0 IO.SYS 2004-02-03 19:34 0 MSDOS.SYS 2006-04-26 18:05 47,564 NTDETECT.COM 2006-04-26 18:05 251,184 ntldr 2008-01-21 09:20 805,306,368 pagefile.sys 2000-05-02 05:17 212,480 PCDLIB32.DLL 2006-02-04 17:43 4,884 PRISM.log 2006-02-04 17:43 5,824 RNDIS.log 2004-12-12 15:56 0 s3uc 2007-03-16 13:20 58 TESTFILE 2001-05-24 12:59 162,304 UNWISE.EXE 2006-02-04 17:43 26,835 XPWIFI.log 2007-01-25 20:56 146 YServer.txt 103 Datei(en) 1,357,983,622 Bytes 0 Verzeichnis(se), 56,070,295,552 Bytes frei Datenträger in Laufwerk C: ist BOOT Volumeseriennummer: 2496-AFED Verzeichnis von C:\ 2006-06-08 11:48 <DIR> CL 2008-01-20 21:14 <DIR> ComboFix 2005-05-27 15:46 <DIR> DigibibDALit 2007-05-22 06:00 <DIR> Dokumente und Einstellungen 2008-01-20 20:06 <DIR> fixwareout 2006-09-10 11:28 <DIR> Games 2004-12-24 21:09 <DIR> Help 2004-12-12 15:55 <DIR> iEntertainment Network 2004-12-24 21:09 <DIR> Interf 2007-07-18 16:28 <DIR> LEMMINGS 2006-04-18 21:37 <DIR> Medion 2004-09-04 20:05 <DIR> MWASPI 2004-02-04 08:21 <DIR> My Music 2005-09-11 12:06 <DIR> pc-bib 2007-10-19 09:28 <DIR> Phenomedia AG 2004-12-24 21:09 <DIR> Plugins 2005-07-15 13:16 <DIR> pointsoft 2007-04-13 10:02 <DIR> Program Files 2008-01-07 21:41 <DIR> Programme 2008-01-20 21:13 <DIR> QooBox 2005-09-05 16:31 <DIR> RECYCLER 2004-05-09 14:15 <DIR> Software 2007-01-10 17:28 <DIR> Sun 2008-01-20 20:13 <DIR> System Volume Information 2007-12-04 16:29 <DIR> temp 2008-01-21 09:21 <DIR> WINDOWS 0 Datei(en) 0 Bytes 26 Verzeichnis(se), 56,070,287,360 Bytes frei Datenträger in Laufwerk C: ist BOOT Volumeseriennummer: 2496-AFED Verzeichnis von C:\Programme Datenträger in Laufwerk C: ist BOOT Volumeseriennummer: 2496-AFED Verzeichnis von C:\Programme 2008-01-07 21:41 <DIR> . 2008-01-07 21:41 <DIR> .. 2005-12-16 20:11 <DIR> Adobe 2006-02-04 19:13 <DIR> Ahead 2007-09-27 18:27 <DIR> AOL 2007-05-20 11:23 <DIR> AOL 9.0 2006-12-22 17:57 <DIR> AOL 9.0 VR 2007-12-27 22:56 <DIR> AOL 9.0 VRa 2007-05-14 18:15 <DIR> AOL 9.0a 2004-02-04 01:11 <DIR> ATI Technologies 2006-07-08 08:33 <DIR> Bertelsmann 2006-02-22 12:03 <DIR> bhv 2006-11-21 20:30 <DIR> BitTornado 2005-09-11 10:17 <DIR> Brockhaus Multimedia 2007-04-13 09:57 <DIR> C-Media 3D Audio 2004-03-29 19:39 <DIR> CA 2006-12-23 23:15 <DIR> CCleaner 2005-06-12 12:56 <DIR> Changes 2004-02-07 15:59 <DIR> Common Files 2004-02-03 19:32 <DIR> ComPlus Applications 2006-03-18 19:18 <DIR> CyberLink 2008-01-02 09:38 <DIR> DaemonTools_WhenUSave_Installer 2005-03-12 17:55 <DIR> DATA BECKER 2008-01-19 09:13 <DIR> Defenza 2005-07-03 05:47 <DIR> directx 2004-02-04 18:20 <DIR> DivX 2006-12-15 15:11 <DIR> E-Press 2007-12-09 15:00 <DIR> EA SPORTS 2007-01-09 15:26 <DIR> EasyAntivirus 2007-12-21 19:34 <DIR> Elcomsoft 2008-01-08 17:11 <DIR> ErrorSmart 2007-01-11 00:21 <DIR> ESTsoft 2006-06-11 12:14 <DIR> Fargus 2006-03-04 17:05 <DIR> FRITZ!Box 2007-04-08 14:06 <DIR> Gemeinsame Dateien 2007-12-09 15:19 <DIR> Google 2007-03-16 13:36 <DIR> greenstreet 2006-03-18 23:47 <DIR> Home Cinema 2007-11-06 12:03 <DIR> ICQ6 2008-01-19 20:38 <DIR> ICQToolbar 2008-01-02 12:19 <DIR> InstallShield Installation Information 2007-03-16 13:08 <DIR> Intel 2008-01-20 20:25 <DIR> Internet Explorer 2005-07-16 07:25 <DIR> Jardinains! 2007-10-06 09:00 <DIR> Java 2006-03-04 14:45 <DIR> Logitech 2004-08-12 06:56 <DIR> Managed DirectX (0900) 2004-02-04 02:59 <DIR> Medion Tools 2007-03-16 13:01 <DIR> MegaSystems 2006-11-09 19:51 <DIR> Messenger 2007-10-07 18:59 <DIR> Messenger Plus! Live 2004-02-04 19:35 <DIR> Microsoft AutoRoute 2007-05-08 18:14 <DIR> Microsoft CAPICOM 2.1.0.2 2004-02-04 19:46 <DIR> Microsoft Encarta 2004-02-03 19:34 <DIR> microsoft frontpage 2007-04-13 20:46 <DIR> Microsoft Games 2007-06-22 14:02 <DIR> Microsoft LifeCam 2004-02-04 19:27 <DIR> Microsoft Office 2007-12-06 19:48 <DIR> Microsoft Picture It! 9 2004-02-04 19:27 <DIR> Microsoft Visual Studio 2004-02-04 19:30 <DIR> Microsoft Works 2004-02-04 19:21 <DIR> Microsoft Works Suite 2004 2006-04-26 18:11 <DIR> Movie Maker 2008-01-18 09:25 <DIR> Mozilla Firefox 2004-02-03 19:32 <DIR> MSN 2004-02-03 19:32 <DIR> MSN Gaming Zone 2008-01-07 19:53 <DIR> MSN Messenger 2006-11-17 15:32 <DIR> MSXML 4.0 2006-02-27 20:16 <DIR> MUSICMATCH 2004-02-04 18:31 <DIR> muvee Technologies 2006-04-26 18:08 <DIR> NetMeeting 2004-02-04 08:22 <DIR> Nullsoft 2004-02-03 19:32 <DIR> Online Services 2004-02-03 19:33 <DIR> Online-Dienste 2007-06-13 14:54 <DIR> Outlook Express 2004-09-04 20:02 <DIR> PIXELA 2006-11-06 21:22 <DIR> PTP2004 2007-03-16 13:13 <DIR> QuickTime 2004-02-04 08:21 <DIR> Real 2005-07-26 11:04 <DIR> sixteen tons entertainment 2005-05-06 07:40 <DIR> Sony Corporation 2007-04-08 14:06 <DIR> Sony Ericsson 2004-03-29 19:15 <DIR> Speed Disk 2004-05-09 14:24 <DIR> SpeedProject 2007-02-04 17:58 <DIR> Time-Sync 2007-04-10 20:37 <DIR> TuneUp Utilities 2007 2008-01-11 13:04 <DIR> TuneUp Utilities 2008 2006-02-05 15:20 <DIR> Ulead Systems 2004-09-06 13:07 <DIR> Uninstall Information 2004-02-06 10:23 <DIR> USB Wireless Keyboard Driver 2007-06-27 15:48 <DIR> ViaVoice Outloud 2007-01-13 11:59 <DIR> VideoLAN 2004-02-03 19:47 <DIR> Windows Journal Viewer 2007-10-08 07:16 <DIR> Windows Live 2007-11-30 16:27 <DIR> Windows Live Favorites 2007-11-30 16:27 <DIR> Windows Live Toolbar 2006-12-19 21:44 <DIR> Windows Media Connect 2 2006-12-19 21:44 <DIR> Windows Media Player 2006-04-26 18:08 <DIR> Windows NT 2006-03-18 13:12 <DIR> WindowsUpdate 2004-05-09 14:16 <DIR> WinRAR 2007-07-24 10:29 <DIR> WinZip 2004-02-09 19:21 <DIR> X10 Hardware 2004-02-03 19:34 <DIR> xerox 2007-01-25 20:56 <DIR> Yahoo! 2006-02-07 01:24 <DIR> Zone Labs 2008-01-19 11:54 <DIR> Zylom Games 0 Datei(en) 0 Bytes 107 Verzeichnis(se), 56,070,279,168 Bytes frei Verzeichnis von C:\WINDOWS 2008-01-21 09:21 <DIR> . 2008-01-21 09:21 <DIR> .. 2008-01-20 20:01 <DIR> $hf_mig$ 2006-05-23 09:19 <DIR> $MSI31Uninstall_KB893803v2$ 2006-04-26 18:03 <DIR> $NtServicePackUninstall$ 2006-12-18 21:35 <DIR> $NtServicePackUninstallIDNMitigationAPIs$ 2006-12-18 21:34 <DIR> $NtServicePackUninstallNLSDownlevelMapping$ 2004-02-04 01:30 <DIR> addins 2006-12-20 10:32 <DIR> AppPatch 2006-08-03 11:07 <DIR> assembly 2006-08-23 22:00 <DIR> Cache 2004-02-03 20:27 <DIR> Config 2004-02-03 20:27 <DIR> Connection Wizard 2004-02-03 19:32 <DIR> Cursors 2007-04-03 09:02 <DIR> Debug 2007-04-08 14:04 <DIR> Downloaded Installations 2008-01-19 17:43 <DIR> Downloaded Program Files 2004-02-03 20:27 <DIR> Driver Cache 2006-04-26 17:59 <DIR> EHome 2008-01-20 20:25 <DIR> erdnt 2008-01-20 14:57 <DIR> Fonts 2006-02-12 17:58 <DIR> ftpcache 2007-08-21 07:15 <DIR> Help 2004-02-04 03:25 <DIR> I386 2006-12-18 21:36 <DIR> ie7 2007-08-15 18:09 <DIR> ie7updates 2006-04-26 18:11 <DIR> ime 2008-01-21 02:23 <DIR> inf 2008-01-21 02:14 <DIR> Installer 2006-02-07 01:24 <DIR> Internet Logs 2004-02-03 19:33 <DIR> java 2006-12-18 21:36 <DIR> Media 2006-04-30 15:13 <DIR> Microsoft.NET 2007-11-01 09:54 <DIR> Minidump 2007-04-11 14:52 <DIR> msagent 2004-02-03 20:27 <DIR> msapps 2006-04-26 14:30 <DIR> msdownld.tmp 2004-02-03 20:27 <DIR> mui 2006-12-18 21:32 <DIR> network diagnostic 2007-05-14 15:43 <DIR> occache 2004-02-03 19:33 <DIR> Offline Web Pages 2005-06-23 18:04 <DIR> PCHealth 2006-04-26 18:11 <DIR> peernet 2004-03-30 13:26 <DIR> PIF 2008-01-20 21:34 <DIR> Prefetch 2005-09-11 10:16 <DIR> Profiles 2005-02-15 10:26 <DIR> provisioning 2006-08-23 21:58 <DIR> RegisteredPackages 2007-04-08 14:18 <DIR> Registration 2004-02-27 15:38 <DIR> repair 2004-02-03 20:27 <DIR> Resources 2007-12-31 19:17 <DIR> security 2006-04-26 18:08 <DIR> ServicePackFiles 2006-02-04 12:21 <DIR> ShellNew 2007-11-01 10:11 <DIR> SoftwareDistribution 2005-01-01 21:40 <DIR> speech 2006-04-26 18:08 <DIR> srchasst 2006-03-19 12:40 <DIR> Startmenü 2007-01-09 14:00 <DIR> Sun 2007-12-30 13:31 <DIR> system 2008-01-21 09:20 <DIR> system32 2007-12-30 13:15 <DIR> Tasks 2008-01-21 09:22 <DIR> Temp 2007-06-22 14:17 <DIR> twain_32 2006-12-18 21:37 <DIR> WBEM 2006-04-26 18:05 <DIR> Web 2007-12-04 18:17 <DIR> WinSxS 0 Datei(en) 0 Bytes 234 Verzeichnis(se), 56,070,311,936 Bytes frei Datenträger in Laufwerk C: ist BOOT Volumeseriennummer: 2496-AFED Verzeichnis von C:\WINDOWS\system32 2008-01-21 09:22 2,206 wpa.dbl 2008-01-20 19:58 253,472 FNTCACHE.DAT 2008-01-20 18:39 107,832 PnkBstrB.exe 2008-01-11 13:04 306,432 TuneUpDefragService.exe 2008-01-02 19:21 17,642,616 MRT.exe 2008-01-02 12:16 107,888 CmdLineExt.dll 2007-12-29 09:54 841 SBFC.dat 2007-12-20 10:41 29,440 uxtuneup.dll 2007-12-12 09:40 387,268 TZLog.log 2007-11-19 20:16 376,016 perfh009.dat 2007-11-19 20:16 51,814 perfc009.dat 2007-11-19 20:16 386,338 perfh007.dat 2007-11-19 20:16 62,578 perfc007.dat 2007-11-19 20:16 886,580 PerfStringBackup.INI 2007-11-13 12:31 60,416 tzchange.exe 2007-11-07 10:27 729,600 lsasrv.dll 2007-10-31 00:19 3,590,656 mshtml.dll 2007-10-29 23:42 1,293,312 quartz.dll 2007-10-29 18:02 281,552 cfosspeed.dll 2007-10-29 16:07 373,760 xpsp3res.dll 2007-10-25 17:42 8,501,248 shell32.dll 2007-10-25 09:28 222,720 wmasf.dll |
|
|
||
21.01.2008, 10:17
Ehrenmitglied
Beiträge: 1441 |
#8
Avenger
http://www.virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) die "Lupe" rechts anklicken - View/edit script (wird sich öffnen) kopiere rein: Code Folders to delete:schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten) - Klicke die grüne Ampel - das Script wird nun ausgeführt, dann wird der PC nach Bestätigung (yes) neustarten »» lade sdfix - (im normalmodus) RunThis.bat doppelt klicken - wähle a-squared (option 1) http://www.virus-protect.org/artikel/tools/sdfix.html scanne + poste den report »» wende die Combofix noch mal an + poste den Report http://www.virus-protect.org/artikel/tools/combofix.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
21.01.2008, 13:50
Member
Themenstarter Beiträge: 12 |
#9
hier ist der sdfixreport
a-squared Command Line Scanner - Version 3.0 Last update: N/A Scan settings: Objects: Memory, Traces, Cookies, C: Scan archives: On Heuristics: Off ADS Scan: On Scan start: 2008-01-21 13:25:31 c:\dokumente und einstellungen\hilu\startmenü\programme\whenu detected: Trace.Directory.WhenU.SaveNow c:\windows\system32\mciwndx.ocx detected: Trace.File.ISTbar Value: HKEY_CURRENT_USER\Software\Fun Web Products\Data --> DataDir detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WhenU --> Order detected: Trace.Registry.WhenU.SaveNow c:\programme\elcomsoft\aopr detected: Trace.Directory.Advanced Office Password Recovery c:\programme\icqtoolbar detected: Trace.Directory.ICQToolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Office Password Recovery --> DisplayName detected: Trace.Registry.Advanced Office Password Recovery Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Office Password Recovery --> UninstallString detected: Trace.Registry.Advanced Office Password Recovery Value: HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.ICQToolbar Value: HKEY_CLASSES_ROOT\CLSID\{4BD2D6C3-31DC-B947-23D0-DC52EC4F0C4C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.ICQToolbar Value: HKEY_CLASSES_ROOT\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\InprocServer32 --> ThreadingModel detected: Trace.Registry.ICQToolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar --> {855F3B16-6D32-4fe6-8A56-BBB695989046} detected: Trace.Registry.ICQToolbar Value: HKEY_CURRENT_USER\Software\PartyGaming --> AutoLoginToOtherGames detected: Trace.Registry.PartyPoker Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> ButtonText detected: Trace.Registry.PartyPoker Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> CLSID detected: Trace.Registry.PartyPoker Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Default Visible detected: Trace.Registry.PartyPoker Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Exec detected: Trace.Registry.PartyPoker Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> HotIcon detected: Trace.Registry.PartyPoker Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Icon detected: Trace.Registry.PartyPoker Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> MenuStatusBar detected: Trace.Registry.PartyPoker Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> MenuText detected: Trace.Registry.PartyPoker Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Path detected: Trace.Registry.PartyPoker C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@2o7[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@adserv.quality-channel[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@adtech[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@advertising[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@atdmt[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@bfast[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@casalemedia[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@clickbank[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@com-magazin[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@comdirect[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@comics.incest-art[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@common[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@computer.aolsvc[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@count.xhit[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@counter.sexsuche[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@countomat[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@dealtime[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@doubleclick[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@hitbox[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@media.licenseacquisition[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@media.mtvnservices[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@media.ohost[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@mediavantage[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@popcorn[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@server.iad.liveperson[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@sexgott-or-not[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@sexproadventures[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@sexualhentai[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@F***[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@specificclick[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@statcounter[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@www.searchtraffic[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:42 detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:43 detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:44 detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:54 detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:55 detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:56 detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:57 detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:58 detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:62 detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik\Top of Charts - 2004.wma detected: Trojan-Downloader.WMA.Wimad.l Scanned Files: 30471 Traces: 159169 Cookies: 1418 Processes: 58 Found Files: 1 Traces: 22 Cookies: 41 Processes: 0 Quarantined Files: 1 Traces: 19 Cookies: 41 Processes: 0 Scan end: 2008-01-21 13:47:57 Scan time: 0:22:26 Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\mpeyumqq ******************* Script file located at: \??\C:\kpkfqcit.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Folder C:\Programme\DaemonTools_WhenUSave_Installer deleted successfully. Folder C:\Programme\ErrorSmart deleted successfully. Folder C:\Programme\Defenza deleted successfully. File C:\WINDOWS\system32\fservice.exe not found! Deletion of file C:\WINDOWS\system32\fservice.exe failed! Could not process line: C:\WINDOWS\system32\fservice.exe Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
21.01.2008, 13:52
Ehrenmitglied
Beiträge: 1441 |
#10
+versuche es noch mal mit der Combofix
__________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
21.01.2008, 14:27
Member
Themenstarter Beiträge: 12 |
#11
leider hat combofix wieder keinen log angezeigt obwohl alles optimal bis zum log gelaufen ist
mfg thomasio |
|
|
||
21.01.2008, 14:29
Ehrenmitglied
Beiträge: 1441 |
#12
scanne und poste den Report (als Anhang ) - siehe unten
http://www.virus-protect.org/artikel/tools/kaspersky.html + poste das neue log vom HijackThis http://www.virus-protect.org/hjtkurz.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
22.01.2008, 08:33
Member
Themenstarter Beiträge: 12 |
#13
hier is der neue log von hijackthis
Logfile of HijackThis v1.99.1 Scan saved at 08:33, on 2008-01-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe D:\spd.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Microsoft LifeCam\MSCamSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programme\Time-Sync\TimeSyncServiceClient.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\WINDOWS\CNYHKey.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\Gemeinsame Dateien\AOL\1165609237\ee\AOLSoftware.exe E:\qttask.exe C:\Programme\Java\jre1.6.0_03\bin\jusched.exe C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\vVX1000.exe D:\cFosSpeed.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe D:\PTBSync\PTBSync.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\AOL 9.0 VRa\waol.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programme\AOL 9.0 VRa\shellmon.exe C:\Programme\Gemeinsame Dateien\AOL\Topspeed\3.0\aoltpsd3.exe C:\DOKUME~1\Hilu\LOKALE~1\Temp\Temporäres Verzeichnis 5 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165609237\ee\AOLSoftware.exe O4 - HKLM\..\Run: [PCDefender] C:\Programme\E-Press\PC Defender\bin\ClamTray.exe --logon O4 - HKLM\..\Run: [QuickTime Task] "E:\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [cFosSpeed] D:\cFosSpeed.exe O4 - HKLM\..\Run: [PTBSync] D:\PTBSync\PTBSync.exe /Start O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [AntiSpyware] D:\AntiSpywareApp\AntiSpyware.exe -boot O4 - HKCU\..\Run: [AOL Fast Start] "C:\Programme\AOL 9.0 VRa\AOL.EXE" -b O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\GROEPR~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Suche - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\icq\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\icq\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://www.medionshop.de/ (file missing) (HKCU) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.debitel.de O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20071128-1 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader5.cab?nocache=20080115-1 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\spd.exe" -service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Time-Sync Client (ServiceTimeSyncClient) - Speed-Soft - C:\Programme\Time-Sync\TimeSyncServiceClient.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Große Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
||
22.01.2008, 13:06
Ehrenmitglied
Beiträge: 1441 |
#14
das sieht schon mal besser aus
hat der kaspersky was gefunden/geloescht ? scanne mit Bitdefender/Online - und poste hier den Report http://board.protecus.de/t8642.htm __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
22.01.2008, 21:31
Member
Themenstarter Beiträge: 12 |
#15
nein kaspersky hat nichts weiter gelöscht leider hat bitdefender probleme bereitet und wollte nicht scannen
+ die fehlermeldung durch die fservice exe ist schon verschwunden dieses problem ist schon behoben mfg thomasio |
|
|
||
thomasio
Hier der logfile:
Logfile of HijackThis v1.99.1
Scan saved at 15:42:01, on 20.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
D:\spd.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Time-Sync\TimeSyncServiceClient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\Gemeinsame Dateien\AOL\1165609237\ee\AOLSoftware.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Defenza\pcd-as.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\System32\svchost.exe
D:\cFosSpeed.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\MSN Messenger\usnsvc.exe
D:\PTBSync\PTBSync.exe
C:\Programme\AOL 9.0 VRa\waol.exe
C:\Programme\AOL 9.0 VRa\shellmon.exe
C:\Programme\ErrorSmart\ErrorSmart.exe
C:\Programme\Gemeinsame Dateien\AOL\Topspeed\3.0\aoltpsd3.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Hilu\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165609237\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PCDefender] C:\Programme\E-Press\PC Defender\bin\ClamTray.exe --logon
O4 - HKLM\..\Run: [QuickTime Task] "E:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCDAS] C:\Programme\Defenza\pcd-as.exe /10000
O4 - HKLM\..\Run: [EasyAntivirus] C:\Programme\EasyAntivirus\bin\ClamTray.exe --logon
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [ErrorSmart] C:\Programme\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [cFosSpeed] D:\cFosSpeed.exe
O4 - HKLM\..\Run: [PTBSync] D:\PTBSync\PTBSync.exe /Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AntiSpyware] D:\AntiSpywareApp\AntiSpyware.exe -boot
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Programme\AOL 9.0 VRa\AOL.EXE" -b
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\GROEPR~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Suche - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\icq\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\icq\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://www.medionshop.de/ (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.debitel.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20071128-1
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader5.cab?nocache=20080115-1
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{287D6F3B-66EB-400E-8B00-E8450C554DD9}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{64ED70E9-912B-4686-AA5F-C3F09157F563}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{A776ADD3-A877-4FC9-ADDC-0DE9D7FF20F9}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA6CC07A-813A-4AE6-B43E-44F795AA7A35}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{B37EAD3B-2A7A-413A-A63D-B39AB3C2C021}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEA90478-89DC-4625-BB2F-972D40B76B91}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\..\{287D6F3B-66EB-400E-8B00-E8450C554DD9}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\spd.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Time-Sync Client (ServiceTimeSyncClient) - Speed-Soft - C:\Programme\Time-Sync\TimeSyncServiceClient.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Große Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe