![[HaBo]](/styles/default/logoklein.png){kind=small}
b4ck
0
hiho seit einiger zeit hat mein kleiner bruder das komische problem das beim starten des systems der explorer (explorer.exe) nicht gestartet wird d.h. mann muss immer zuerst taskmanager -> neuer task -> explorer machen damit er sich startet....
des weiteren befindet sich komischerweise ein windowsordner mit dem unterordner system32 unter: c:\dokumente und einstellungen\"user"\
ich hab dabei sofort an spyware viren etc. und hab das ganze gelöscht nur wird dieser ordner immer neu erstellt da hab ich dann den autostart geprüft doch da fällt mir nichts ungewöhnliches auf.
Hijackthis hab ich auch laufen lassen der findet unmengen fehler die alle nach dem gleichem schema ablaufen...
hier das hijackthis log:
system win xp home sp 2
in dem erwähnten windows ordner befinden sich folgende dateien:
infile.upd
win.ini
(
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
MAPIX=1
OLEMessaging=1
CMC=1
CMCDLLNAME=mapi.dll
CMCDLLNAME32=MAPI32.DLL
MAPIXVER=1.0.0.1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
m2v=MPEGVideo
mod=MPEGVideo
[windows]
run=
[ProXoft-PCE1]
$Data=56453D310D0A46543D33383939302C353831303132303032330D0A4C543D33383939352C383936373133333231380D0A54503D32310D0A45313D370D0A47313D0D0A45323D370D0A47323D0D0A52443D0D0A524B3D0D0A55433D360D0A55413D3939393939393939390D0A55493D0D0A434E3D0D0A454D3D0D0A43523D3139303236343438300D0A52533D0D0A4C453D300D0A5645523D0D0A
[MAPI 1.0 Time Zone]
Bias=fffffda8
StandardName=AUS Eastern Normalzeit
StandardBias=0
StandardStart=00000300050003000000000000000000
DaylightName=AUS Eastern Sommerzeit
DaylightBias=ffffffc4
DaylightStart=00000A00050002000000000000000000
ActiveTimeBias=fffffd6c
[SciCalc]
layout=0
)
noch ein system ordner leer und ein system32 ordner leer..
Sti_trace.log - > leer
solltet ihr noch mehr infos brauchen kann ich schaun was ich tun kann
des weiteren befindet sich komischerweise ein windowsordner mit dem unterordner system32 unter: c:\dokumente und einstellungen\"user"\
ich hab dabei sofort an spyware viren etc. und hab das ganze gelöscht nur wird dieser ordner immer neu erstellt da hab ich dann den autostart geprüft doch da fällt mir nichts ungewöhnliches auf.
Hijackthis hab ich auch laufen lassen der findet unmengen fehler die alle nach dem gleichem schema ablaufen...
hier das hijackthis log:
Code:
Logfile of HijackThis v1.99.1
Scan saved at 12:13:07, on 21.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Userinit.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.exe
C:\DOKUME~1\fivers\LOKALE~1\Temp\Rar$EX07.359\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.gay.ch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
F2 - REG:system.ini: Shell=Explorer.exe
F3 - REG:win.ini: load=???
?
F3 - REG:win.ini: run=???
?
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programme\mcafee\spamkiller\mcapfbho.dll (file missing)
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D67F5D7F412B39CF - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\programme\zango\zangohook.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [] 5259
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\dokumente und einstellungen\fivers\windows\system32\mswsock.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O18 - Protocol: bw+0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {9D5F8E3D-EBE6-488B-B4E1-6DC02BFC8D54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WB - C:\Programme\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Gatewaydienst auf Anwendungsebene (ALG) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Anwendungsverwaltung (AppMgmt) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: ASP.NET-Statusdienst (aspnet_state) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Computerbrowser (Browser) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Indexdienst (CiSvc) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Kryptografiedienste (CryptSvc) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DCOM-Server-Prozessstart (DcomLaunch) - Unknown owner - C:\Dokumente.exe (file missing)
O23 - Service: DHCP-Client (Dhcp) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Verwaltung logischer Datenträger (dmserver) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS-Client (Dnscache) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Fehlerberichterstattungsdienst (ERSvc) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Ereignisprotokoll (Eventlog) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\services.exe (file missing)
O23 - Service: Kompatibilität für schnelle Benutzerumschaltung (FastUserSwitchingCompatibility) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Fax - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Hilfe und Support (helpsvc) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HID Input Service (HidServ) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HTTP-SSL (HTTPFilter) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Arbeitsstationsdienst (lanmanworkstation) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: TCP/IP-NetBIOS-Hilfsprogramm (LmHosts) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\programme\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: MasterEye Kontroll Manager (MeSuSrvc) - Unknown owner - C:\WINDOWS\system32\MeSuAx.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Anmeldedienst (Netlogon) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Netzwerkverbindungen (Netman) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: NT-LM-Sicherheitsdienst (NtLmSsp) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Wechselmedien (NtmsSvc) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Plug & Play (PlugPlay) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC-Dienste (PolicyAgent) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Geschützter Speicher (ProtectedStorage) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Verwaltung für automatische RAS-Verbindung (RasAuto) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: RAS-Verbindungsverwaltung (RasMan) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: RPC-Locator (RpcLocator) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Remoteprozeduraufruf (RPC) (RpcSs) - Unknown owner - C:\Dokumente.exe (file missing)
O23 - Service: QoS-RSVP (RSVP) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: Sicherheitskontenverwaltung (SamSs) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Smartcard (SCardSvr) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Taskplaner (Schedule) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Sekundäre Anmeldung (seclogon) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Systemereignisbenachrichtigung (SENS) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows-Firewall/Gemeinsame Nutzung der Internetverbindung (SharedAccess) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Shellhardwareerkennung (ShellHWDetection) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Druckwarteschlange (Spooler) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Systemwiederherstellungsdienst (srservice) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: SSDP-Suchdienst (SSDPSRV) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows-Bilderfassung (WIA) (stisvc) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Leistungsdatenprotokolle und Warnungen (SysmonLog) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telefonie (TapiSrv) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminaldienste (TermService) - Unknown owner - C:\Dokumente.exe (file missing)
O23 - Service: Designs (Themes) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Überwachung verteilter Verknüpfungen (Client) (TrkWks) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Universeller Plug & Play-Gerätehost (upnphost) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Unterbrechungsfreie Stromversorgung (UPS) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Volumeschattenkopie (VSS) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Windows Time (w32time) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Webclient (WebClient) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows-Verwaltungsinstrumentation (winmgmt) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Dienst für Seriennummern der tragbaren Medien (WmdmPmSN) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Sicherheitscenter (wscsvc) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Konfigurationsfreie drahtlose Verbindung (WZCSVC) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Netzwerkversorgungsdienst (xmlprov) - Unknown owner - C:\Dokumente und Einstellungen\fivers\WINDOWS\System32\svchost.exe (file missing)system win xp home sp 2
in dem erwähnten windows ordner befinden sich folgende dateien:
infile.upd
win.ini
(
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
MAPIX=1
OLEMessaging=1
CMC=1
CMCDLLNAME=mapi.dll
CMCDLLNAME32=MAPI32.DLL
MAPIXVER=1.0.0.1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
m2v=MPEGVideo
mod=MPEGVideo
[windows]
run=
[ProXoft-PCE1]
$Data=56453D310D0A46543D33383939302C353831303132303032330D0A4C543D33383939352C383936373133333231380D0A54503D32310D0A45313D370D0A47313D0D0A45323D370D0A47323D0D0A52443D0D0A524B3D0D0A55433D360D0A55413D3939393939393939390D0A55493D0D0A434E3D0D0A454D3D0D0A43523D3139303236343438300D0A52533D0D0A4C453D300D0A5645523D0D0A
[MAPI 1.0 Time Zone]
Bias=fffffda8
StandardName=AUS Eastern Normalzeit
StandardBias=0
StandardStart=00000300050003000000000000000000
DaylightName=AUS Eastern Sommerzeit
DaylightBias=ffffffc4
DaylightStart=00000A00050002000000000000000000
ActiveTimeBias=fffffd6c
[SciCalc]
layout=0
)
noch ein system ordner leer und ein system32 ordner leer..
Sti_trace.log - > leer
solltet ihr noch mehr infos brauchen kann ich schaun was ich tun kann
) und Windows Deines kleinen Bruders platt machst, Windows neu drauf haust und dann ein paar gute Sicherheitsmechanismen aktivierst, damit er sich nicht mehr solchen Mist einfangen kann!