Dummyapplikation wird Geöffnet

von **HISPEED** am 09.09.2005, 23:04

Hallo bin neu hier. Hab probleme bei mir startet wenn ich für kurze zeit keinen tastenschlag mache oder nicht die maus bewege oder sonst was eine applikation in der liste unten links neben der trayliste. Und das nervt zb. Wenn ich ein spiel spiele und kurz Telefoniere oder so kommt das und schmeisst mich raus und es kommt immer ein klick der auch nervt. Ist das ein Wurm oder so? Hab mit S&D, Ad-aware und Norton mal durchgescannt und alle würmer und spyware gelöscht trotzdem kein erfolg. es öffnet sich einfach eine Applikation ohne text und als symbol gibts so ein fenster. Hier mein Hijacklog.
Logfile of HijackThis v1.99.1
Scan saved at 22:59:21, on 09.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programme\DigitalPersona\Bin\DpHost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\DigitalPersona\Bin\DPFUSMgr.exe
C:\Programme\AlienGUIse\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\DigitalPersona\Bin\DPAgnt.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Xfire\Xfire.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Valve\Steam\Steam.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\DOKUME~1\Besitzer\LOKALE~1\Temp\Rar$EX00.828\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.ch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Blizzard Net
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 bns3.net
O1 - Hosts: 62.75.224.159 bns4.net
O1 - Hosts: 62.75.224.159 bns5.net
O1 - Hosts: 62.75.224.159 bns6.net
O1 - Hosts: 62.75.224.159 bns7.net
O1 - Hosts: 62.75.224.159 bns8.net
O1 - Hosts: 62.75.224.159 cms3.net
O1 - Hosts: 62.75.224.159 cms4.net
O1 - Hosts: 62.75.224.159 cms5.net
O1 - Hosts: 62.75.224.159 cms6.net
O1 - Hosts: 62.75.224.159 cms7.net
O1 - Hosts: 62.75.224.159 cms8.net
O1 - Hosts: 62.75.224.159 rg1.com
O1 - Hosts: 62.75.224.159 rg2.com
O1 - Hosts: 62.75.224.159 rg3.com
O1 - Hosts: 62.75.224.159 rg4.com
O1 - Hosts: 62.75.224.159 rg5.com
O1 - Hosts: 62.75.224.159 rg6.com
O1 - Hosts: 62.75.224.159 rg7.com
O1 - Hosts: 62.75.224.159 rg8.com
O1 - Hosts: 62.75.224.159 www.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: metaspinner GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten\Preispiraten2\IEButtonEbayInterface.dll
O2 - BHO: metaspinner GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DPAgnt] C:\Programme\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: *.moove.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O18 - Protocol: bw+0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: Internet Explorer - C:\WINDOWS\SYSTEM32\Internet Explorer.dll
O20 - Winlogon Notify: WB - C:\Programme\AlienGUIse\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Programme\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Programme\DigitalPersona\Bin\DpHost.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MpfService - McAfee Security - (no file)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Piods0sk - HP - C:\WINDOWS\system32\drivers\HPZius12.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

von **Fat_Mike** am 09.09.2005, 23:09

ein fall für nikita.

gruss
fat.

von **HISPEED** am 09.09.2005, 23:43

was ist das nikita?

von **Fat_Mike** am 10.09.2005, 09:47

nikita kümmert sich um das thema "ich habe nicht aufgepasst und jetzt ist mein rechner eine virenschleuder".
http://www.informationsarchiv.net/foren/forum-22.html

gruss
fat.

von **thegreatest** am 10.09.2005, 10:18

Fat_Mike hat geschrieben:"ich habe nicht aufgepasst und jetzt ist mein rechner eine virenschleuder".

Und in diesem Fall sogar eine rießen große Vierenschleuder. Das kann sogar ein Laie rauslesen.

von **Holy Marcell** am 10.09.2005, 14:02

Ich habe nikita bescheidgesagt:

Fixe bitte bis dahin alle 01-Einträge!

und deinstalliere über die Software:

~ Messengerplus3

von **Nikita** am 10.09.2005, 18:12

Hallo@HISPEED

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Blizzard Net
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 bns3.net
O1 - Hosts: 62.75.224.159 bns4.net
O1 - Hosts: 62.75.224.159 bns5.net
O1 - Hosts: 62.75.224.159 bns6.net
O1 - Hosts: 62.75.224.159 bns7.net
O1 - Hosts: 62.75.224.159 bns8.net
O1 - Hosts: 62.75.224.159 cms3.net
O1 - Hosts: 62.75.224.159 cms4.net
O1 - Hosts: 62.75.224.159 cms5.net
O1 - Hosts: 62.75.224.159 cms6.net
O1 - Hosts: 62.75.224.159 cms7.net
O1 - Hosts: 62.75.224.159 cms8.net
O1 - Hosts: 62.75.224.159 rg1.com
O1 - Hosts: 62.75.224.159 rg2.com
O1 - Hosts: 62.75.224.159 rg3.com
O1 - Hosts: 62.75.224.159 rg4.com
O1 - Hosts: 62.75.224.159 rg5.com
O1 - Hosts: 62.75.224.159 rg6.com
O1 - Hosts: 62.75.224.159 rg7.com
O1 - Hosts: 62.75.224.159 rg8.com
O1 - Hosts: 62.75.224.159 www.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net

O15 - Trusted Zone: *.moove.com
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

O18 - Protocol: bw+0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {67A31036-D440-4C58-9F14-F4433357FE79} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: Internet Explorer - C:\WINDOWS\SYSTEM32\Internet Explorer.dll
O23 - Service: MpfService - McAfee Security - (no file)

PC neustarten

CCleaner--> loesche alle *temp-Datein
http://www.ccleaner.com/ccdownload.asp

datfindbat (abarbeiten und alle 4 logs hier mit pfadangabe posten)
http://nikita.eddys-domain.de/datfindbat.html

von **HISPEED** am 11.09.2005, 13:37

EDIT: Mhm hat hier zuwenig platz nikita hast du icq oder msn oder so damit ich dir sie schicken kann die logs per email oder so?

von **Nikita** am 11.09.2005, 16:15

poste einen Teil , dann in einem neuen Thread den anderen und so fort

ausserdem, ich will ja von allen 4 Logs nur ca. 30 Tage sehen

von **HISPEED** am 11.09.2005, 16:41

ok so weit es geht
system32.txt
Datentr„ger in Laufwerk C: ist Blizzard's Festplatte
Volumeseriennummer: C05B-A842

Verzeichnis von C:\WINDOWS\system32

11.09.2005 13:18 13'646 wpa.dbl
07.09.2005 13:52 98'304 CmdLineExt.dll
04.09.2005 12:20 230 spupdsvc.inf
30.08.2005 12:01 4'096 crash
22.08.2005 19:02 13 mwc.ini
17.08.2005 06:33 86'016 dpl100.dll
13.08.2005 21:41 118'784 sirenacm.dll
12.08.2005 13:08 383'254 perfh009.dat
12.08.2005 13:08 64'424 perfc007.dat
12.08.2005 13:08 393'904 perfh007.dat
12.08.2005 13:08 53'608 perfc009.dat
12.08.2005 13:08 905'974 PerfStringBackup.INI
12.08.2005 13:05 634 InstallUtil.InstallLog
05.08.2005 21:05 516'096 ati2sgag.exe
05.08.2005 03:31 1'457'496 MRT.exe
04.08.2005 08:07 307'200 atiiiexx.dll
04.08.2005 07:27 249'856 ATIDEMGR.dll
04.08.2005 06:46 6'684'672 atioglx1.dll
04.08.2005 05:28 5'005'312 atioglxx.dll
04.08.2005 05:10 205'312 ati2dvag.dll
04.08.2005 05:04 106'496 atipdlxx.dll
04.08.2005 05:04 73'728 Oemdspif.dll
04.08.2005 05:04 25'088 Ati2mdxx.exe
04.08.2005 05:04 39'936 ati2edxx.dll
04.08.2005 05:04 46'080 ati2evxx.dll
04.08.2005 05:02 380'928 ati2evxx.exe
04.08.2005 05:02 53'248 ATIDDC.DLL
04.08.2005 04:54 2'365'472 ati3duag.dll
04.08.2005 04:47 639'872 ativvaxx.dll
04.08.2005 04:34 147'456 atikvmag.dll
04.08.2005 04:08 17'408 atitvo32.dll
04.08.2005 04:02 212'992 ati2cqag.dll
03.08.2005 10:33 520'456 LegitCheckControl.DLL
29.07.2005 15:42 45 initdebug.nfo
28.07.2005 14:52 91'856 S32EVNT1.DLL
27.07.2005 15:51 254'272 FNTCACHE.DAT
20.07.2005 04:04 3'012'096 mshtml.dll
17.07.2005 15:45 36'864 frapsvid.dll
12.07.2005 15:35 117'976 hashlib.dll
12.07.2005 15:35 126'680 GCCollection.dll
12.07.2005 15:35 95'448 gcUnCompress.dll
08.07.2005 18:28 76'800 remotesp.tsp
08.07.2005 18:28 249'344 tapisrv.dll
07.07.2005 10:42 13'536 spmsg.dll
07.07.2005 10:42 22'752 spupdsvc.exe
03.07.2005 04:15 664'064 wininet.dll
03.07.2005 04:15 1'484'288 shdocvw.dll
03.07.2005 04:15 474'112 shlwapi.dll
03.07.2005 04:15 605'696 urlmon.dll
03.07.2005 04:15 448'512 mshtmled.dll
03.07.2005 04:15 39'424 pngfilt.dll
03.07.2005 04:15 146'432 msrating.dll
03.07.2005 04:15 251'392 iepeers.dll
03.07.2005 04:15 152'064 cdfview.dll
03.07.2005 04:15 1'019'904 browseui.dll
03.07.2005 04:15 96'768 inseng.dll
02.07.2005 17:28 1'656 qtplugin.log
30.06.2005 04:05 119'296 umpnpmgr.dll
29.06.2005 16:55 37'473 muzika.xm
29.06.2005 03:49 74'240 mscms.dll
29.06.2005 03:49 254'976 icm32.dll
15.06.2005 19:49 295'936 kerberos.dll
15.06.2005 16:55 4'096 speedfan.sys
15.06.2005 03:00 102'400 tsccvid.dll
15.06.2005 03:00 45'056 CSvidcap.dll
11.06.2005 01:53 57'856 spoolsv.exe
10.06.2005 22:59 95'617 atiicdxx.dat
09.06.2005 22:32 692'736 DivX.dll
07.06.2005 09:25 5'496 atifglpf.xml
06.06.2005 23:13 356'436 DivXMedia.ax
29.05.2005 01:35 692'224 divxdec.ax
27.05.2005 04:04 155'136 itircl.dll
27.05.2005 04:04 137'216 itss.dll
27.05.2005 04:04 41'472 hhsetup.dll
27.05.2005 04:04 546'304 hhctrl.ocx
26.05.2005 04:16 173'536 wuweb.dll
26.05.2005 04:16 41'240 wups.dll
26.05.2005 04:16 1'343'768 wuaueng.dll
26.05.2005 04:16 18'200 wups2.dll
26.05.2005 04:16 198'424 iuengine.dll
26.05.2005 04:16 75'544 cdm.dll
26.05.2005 04:16 174'872 wuauclt1.exe
26.05.2005 04:16 128'280 wucltui.dll
26.05.2005 04:16 124'696 wuauclt.exe
26.05.2005 04:16 194'840 wuaueng1.dll
26.05.2005 04:16 174'872 wuaucpl.cpl
26.05.2005 04:16 466'200 wuapi.dll
25.05.2005 10:56 507'904 JetMPVx.dll
25.05.2005 02:40 348'160 msvcr71.dll
25.05.2005 02:40 499'712 msvcp71.dll
25.05.2005 02:40 1'047'552 MFC71u.dll
25.05.2005 02:40 258'352 unicows.dll
25.05.2005 02:40 1'060'864 MFC71.dll
25.05.2005 02:40 89'088 atl71.dll
24.05.2005 23:32 10'775 dsm_ja.qm
24.05.2005 23:32 15'153 dsm_fr.qm
24.05.2005 23:32 15'351 dsm_de.qm
24.05.2005 23:32 4'276 divxsm.tlb
24.05.2005 23:32 524'288 DivXsm.exe
22.05.2005 19:49 31'648 Status.MPF
20.05.2005 20:25 3'136 dtu_de.qm
18.05.2005 23:40 200'704 dtu100.dll
17.05.2005 02:42 17'408 xpsp3res.dll
16.05.2005 00:43 109'248 MSWINSCK.OCX
16.05.2005 00:43 115'920 msinet.ocx
16.05.2005 00:43 434'688 ss2uinst.exe
11.05.2005 04:30 78'336 telnet.exe
06.05.2005 14:09 81'920 cmudax.dll
05.05.2005 23:23 679'424 inetcomm.dll
05.05.2005 03:12 671'744 divx_xx11.dll
05.05.2005 03:12 688'128 divx_xx0c.dll
05.05.2005 03:12 688'128 divx_xx07.dll
04.05.2005 14:45 2'890'240 msi.dll
03.05.2005 22:17 12'398 rerolpxE tenretnI.dat
02.05.2005 17:40 23 Autoexec.cfg
30.04.2005 01:37 308 oeminfo.ini
28.04.2005 21:31 395'776 rpcss.dll
28.04.2005 21:31 74'752 olecli32.dll
28.04.2005 21:31 1'285'120 ole32.dll
28.04.2005 21:31 37'888 olecnv32.dll
28.04.2005 06:22 3'596'288 qt-dx331.dll
28.04.2005 06:22 57'344 dpv11.dll
28.04.2005 06:22 303'104 dpus11.dll
28.04.2005 06:22 581'632 dpuGUI11.dll
28.04.2005 06:22 8'523 dpude.qm
28.04.2005 06:22 245'760 dpu11.dll
28.04.2005 06:22 86'016 Kopie von dpl100.dll
28.04.2005 06:22 159'744 ssleay32.dll
28.04.2005 06:22 831'488 libeay32.dll
16.04.2005 15:14 3'069 jupdate-1.5.0_02-b09.log
13.04.2005 18:33 34'064 lhacm.acm
10.04.2005 22:53 113 NemuAudio08.ini
09.04.2005 22:10 23 sysmwwod.dll
09.04.2005 14:49 16'832 amcompat.tlb
09.04.2005 14:49 23'392 nscompat.tlb
09.04.2005 14:49 2'272 w95inf16.dll
09.04.2005 14:49 4'608 w95inf32.dll
05.04.2005 11:17 132'824 SymRedir.dll
05.04.2005 11:17 517'848 SymNeti.dll
05.04.2005 11:11 10'752 gcmd5query.dll
31.03.2005 11:48 10'510 Cxpidb.hlp
30.03.2005 11:21 3'127 jupdate-1.4.2_02-b03.log
30.03.2005 10:20 13'646 wpa.bak
29.03.2005 18:35 0 h323log.txt
29.03.2005 18:11 251 spupdwxp.log
29.03.2005 17:48 25'065 wmpscheme.xml
29.03.2005 17:40 261 $winnt$.inf
29.03.2005 17:39 2'951 CONFIG.NT
29.03.2005 17:38 488 logonui.exe.manifest
29.03.2005 17:38 488 WindowsLogon.manifest
29.03.2005 17:38 749 ncpa.cpl.manifest
29.03.2005 17:38 749 cdplayer.exe.manifest
29.03.2005 17:38 749 wuaucpl.cpl.manifest
29.03.2005 17:38 749 nwc.cpl.manifest
29.03.2005 17:38 749 sapi.cpl.manifest
29.03.2005 17:37 21'740 emptyregdb.dat
29.03.2005 17:17 15'360 Internet Explorer.dll
24.03.2005 19:39 102'400 cXPINET.ocx
24.03.2005 19:39 53'248 cXPIInternet.ocx
24.03.2005 19:39 53'248 cXPIDatabase.ocx
23.03.2005 13:02 24'064 ativcoxx.dll
21.03.2005 15:00 15'360 msisip.dll
21.03.2005 15:00 884'736 msimsg.dll

von **HISPEED** am 11.09.2005, 16:41

systemtemp.txt
Datentr„ger in Laufwerk C: ist Blizzard's Festplatte
Volumeseriennummer: C05B-A842

Verzeichnis von C:\DOKUME~1\Besitzer\LOKALE~1\Temp

11.09.2005 13:31 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}4900.html
11.09.2005 13:26 16'384 ~DF74C6.tmp
11.09.2005 13:26 512 ~DF74D3.tmp
11.09.2005 13:26 512 ~DF74B8.tmp
11.09.2005 13:26 512 ~DF74FA.tmp
11.09.2005 13:26 16'384 ~DF74A7.tmp
11.09.2005 13:26 16'384 ~DF7484.tmp
11.09.2005 13:26 512 ~DF7494.tmp
11.09.2005 13:26 16'384 ~DF74E7.tmp
11.09.2005 13:22 16'384 ~DF6CD6.tmp
11.09.2005 13:21 16'384 Perflib_Perfdata_bd4.dat
11.09.2005 13:21 16'384 Perflib_Perfdata_df4.dat
11.09.2005 13:20 16'384 ~DFF0B5.tmp
11.09.2005 13:20 16'384 ~DFC3F3.tmp
11.09.2005 13:20 512 ~DFC3FF.tmp
11.09.2005 13:20 32'768 ~DFA701.tmp
11.09.2005 13:20 32'768 ~DF68E4.tmp
11.09.2005 13:16 173'987 hpodvd09.log
18 Datei(en) 390'517 Bytes
0 Verzeichnis(se), 48'681'025'536 Bytes frei

von **HISPEED** am 11.09.2005, 16:42

system.txt
Datentr„ger in Laufwerk C: ist Blizzard's Festplatte
Volumeseriennummer: C05B-A842

Verzeichnis von C:\WINDOWS

11.09.2005 13:19 1'424'116 WindowsUpdate.log
11.09.2005 13:19 159 wiadebug.log
11.09.2005 13:19 50 wiaservc.log
11.09.2005 13:18 2'048 bootstat.dat
09.09.2005 20:09 1'409 QTFont.for
09.09.2005 20:09 54'156 QTFont.qfn
09.09.2005 20:09 32'768 ReBirth RB-338 2.prf
09.09.2005 16:19 136 errmess.ini
07.09.2005 22:11 773 win.ini
07.09.2005 22:11 227 system.ini
05.09.2005 12:58 118'784 bwUnin-7.2.0.137-8876480SL.exe
02.09.2005 20:03 195 mailer.INI
01.09.2005 22:26 3'932'214 InvaderDark1280.bmp
01.09.2005 22:24 101 wb.ini
01.09.2005 22:20 116 NeroDigital.ini
28.08.2005 20:00 2'489 Microsoft.MIF
27.08.2005 21:38 1'220 ATICIM.INI
23.08.2005 13:55 99'970 UninstallFirefox.exe
23.08.2005 13:55 8'116 mozver.dat
06.08.2005 15:15 1'049'670 Firefox Wallpaper.bmp
04.08.2005 15:52 7'579 Ascd_tmp.ini
30.07.2005 20:12 737'280 iun6002.exe
30.07.2005 12:21 100'724 cpeins04.dat
30.07.2005 01:23 104'166 hpoins04.dat
30.07.2005 00:22 8 jngnign nkinhirimokmjilkjgol 2005.jgn
25.07.2005 02:13 403 barcode.ini
25.07.2005 01:40 394 capture.ini
02.07.2005 21:20 356'352 eSellerateEngine.dll
29.06.2005 16:42 160'256 fmod.dll
28.06.2005 21:14 744'206 [00]ArmorySource Uninstaller.exe
26.06.2005 22:05 1'039'374 setupapi.log.0.old
21.06.2005 17:26 104'429 hpoins04.dat.temp
30.05.2005 12:00 501 ROPatch.ini
30.05.2005 11:57 65'536 IFinst27.exe
27.05.2005 01:22 10'752 hh.exe
20.05.2005 14:46 28'160 KHALMNPR.Exe
13.05.2005 12:09 549 eReg.dat
12.05.2005 18:20 4 startup_BBCP.ini
10.05.2005 17:41 0 nsreg.dat
08.05.2005 21:58 0 PCB123.INI
23.04.2005 20:58 266 WPE PRO.INI
18.04.2005 22:01 724 clickEXE.INI
18.04.2005 20:28 253'952 Setup1.exe
18.04.2005 20:28 74'752 ST6UNST.EXE
10.04.2005 23:15 4'096 d3dx.dat
09.04.2005 22:49 62'344 War3Unin.dat
09.04.2005 22:35 2'829 War3Unin.pif
09.04.2005 22:35 139'264 War3Unin.exe
06.04.2005 16:53 221 SIERRA.INI

von **HISPEED** am 11.09.2005, 16:42

sys.txt
Datentr„ger in Laufwerk C: ist Blizzard's Festplatte
Volumeseriennummer: C05B-A842

Verzeichnis von C:\

11.09.2005 13:33 0 sys.txt
11.09.2005 13:32 6'157 system.txt
11.09.2005 13:32 1'211 systemtemp.txt
11.09.2005 13:31 102'771 system32.txt
11.09.2005 13:18 1'610'612'736 pagefile.sys
13.08.2005 03:36 1'358 ClientRegistry.blob
13.08.2005 00:03 23 HldsUpdateTool_15.mst
13.08.2005 00:03 1'159'168 HldsUpdateTool.exe
13.08.2005 00:02 1'356 INSTALL.LOG
30.07.2005 01:23 1'159 _Sid.txt
13.05.2005 12:43 4 loadcounter.dat
20.04.2005 02:24 0 ASPI.LOG
07.04.2005 13:27 3'429 hldsupdatetool_readme.txt
31.03.2005 18:56 0 itouch_config_crash_info.txt
30.03.2005 20:57 0 itouch_crash_info.txt
30.03.2005 11:27 506 sataraidevents.log
29.03.2005 17:39 0 CONFIG.SYS
29.03.2005 17:39 0 AUTOEXEC.BAT
29.03.2005 17:39 0 MSDOS.SYS
29.03.2005 17:39 0 IO.SYS
26.07.2002 17:02 153'088 UNWISE.EXE
21 Datei(en) 1'612'042'966 Bytes
0 Verzeichnis(se), 48'680'988'672 Bytes frei

von **HISPEED** am 11.09.2005, 16:43

das aktuelle hijackthis.log
Logfile of HijackThis v1.99.1
Scan saved at 13:40:51, on 11.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programme\DigitalPersona\Bin\DpHost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\DigitalPersona\Bin\DPFUSMgr.exe
C:\Programme\AlienGUIse\wbload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\DigitalPersona\Bin\DPAgnt.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Xfire\Xfire.exe
C:\Programme\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\Messenger\msmsgs.exe
C:\DOKUME~1\Besitzer\LOKALE~1\Temp\Rar$EX16.906\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.ch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: metaspinner GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten\Preispiraten2\IEButtonEbayInterface.dll
O2 - BHO: metaspinner GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DPAgnt] C:\Programme\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O20 - Winlogon Notify: WB - C:\Programme\AlienGUIse\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Programme\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Programme\DigitalPersona\Bin\DpHost.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MpfService - McAfee Security - (no file)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Piods0sk - HP - C:\WINDOWS\system32\drivers\HPZius12.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

von **Nikita** am 12.09.2005, 19:04

Hallo@

nun habe ich den Thread doch noch gefunden

.....

auf MessengerPlus! 3sollte man unbedingt verzichten, er beinhaltet Spyware (Lop)

Download f-secure-Beta Trial
http://www.f-secure.com/blacklight/
doppelklick: blbeta.exe
nach dem Check klicke -- next
loesche alles ausser [WBEMTEST.EXE]
wenn du gefragt wirst, ob reboot, klicke Yes
nun findet man eine Textdatei auf dem Desktop: poste sie bitte

scanne mit ewido und poste mir dem Report vom scan

http://nikita.eddys-domain.de/Ewido.html

Dummyapplikation wird Geöffnet

Dummyapplikation wird Geöffnet

Wer ist online?