Winfixer 2005 wie kann ich ihn löschen? |
||
---|---|---|
#0
| ||
22.11.2005, 16:40
Member
Beiträge: 15 |
||
|
||
22.11.2005, 16:43
Ehrenmitglied
Beiträge: 29434 |
#17
Hallo@goOsebumps
da ist auch eine LOP-Verseuchung drauf...wegen dem MessengerPlus! 3 und D:\Programme\NetPumper HijackThis (StartupListe) Starte den Rechner bitte im abgesicherten Modus und erstelle dort ein Hijackthis log und ein Startuplist log, dazu bitte in die ms tools setion gehen, beide Dinge bei "generate statuplist log" anhaken und die liste erstellen lassen. *HijackThis - Config *List also minor sections (full) -- Häkchen setzen *List empty sections (complete) -- Häkchen setzen *HijackThis - Config - MiscTools -- Generate StartupListlog *(es öffnet sich das Notepad [Texteditor], nun das KOMPLETTE Log abkopieren und posten) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.11.2005, 16:59
Member
Beiträge: 15 |
#18
öhm ja ich glaub ich hab das jetzt gemacht ^^ hab wirklich nicht viel ahnung...
und schon mal danke für die wirklich extrem schnelle antwort... startuplog: StartupList report, 24.11.2005, 16:54:15 StartupList version: 1.52.2 Started from : E:\hijackthis\HijackThis.EXE Detected: Windows XP SP2, v.2096 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2096) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE E:\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Dokumente und Einstellungen\b0mberpil0t\Startmenü\Programme\Autostart] Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe Registration Brothers In Arms.LNK = E:\Programme\Brothers in Arms\brothers in arms 4 RR\Support\Register\RegistrationReminder.exe Xfire.lnk = C:\Programme\Xfire\Xfire.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd NetPumper = "D:\Programme\NetPumper\NetPumperIEProxy.exe" MessengerPlus3 = "D:\Programme\MessengerPlus! 3\MsgPlus.exe" SunJavaUpdateSched = C:\Programme\Java\jre1.5.0_02\bin\jusched.exe QuickTime Task = "C:\Programme\QuickTime\qttask.exe" -atboottime AVGCtrl = "D:\Programme\AVPersonal\AVGNT.EXE" /min NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install DAEMON Tools-1033 = "C:\Programme\D-Tools\daemon.exe" -lang 1033 TkBellExe = "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot Zone Labs Client = D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe WinampAgent = D:\Programme\Winamp\winampa.exe NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit Gamer Mouse = C:\Programme\GamingCenter\GamingCenter\Panel.exe store bold drive bird = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Settingsmodestorebold\BikeGlobal.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe MessengerPlus3 = "D:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart Skype = "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized mealmess = C:\DOKUME~1\B0MBER~1\ANWEND~1\HOPECA~1\locks gram.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce ICQ Lite = D:\Programme\ICQLite\ICQLite.exe -trayboot -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registrierungs-Editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\DOKUME~1\B0MBER~1\ANWEND~1\BOOKSE~1\rect base.exe - {17AAC286-DCCD-17E4-B131-D81B07FA2E39} (no name) - c:\programme\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - D:\Programme\FlashFXP\IEFlash.dll - {E5A1691B-D188-4419-AD02-90002030B8EE} -------------------------------------------------- Enumerating Task Scheduler jobs: A627B49791C829DB.job -------------------------------------------------- Enumerating Download Program Files: [Checkers Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab [QuickTime Object] InProcServer32 = C:\Programme\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [Minesweeper Flags Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab [Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\YSBactivex.dll CODEBASE = http://www.ysbweb.com/ist/softwares/v4.0/ysb_download.cab [MSN Photo Upload Tool] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll CODEBASE = http://de.msnusers.com/controls/PhotoUC/MsnPUpld.cab [Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ISTactivex.dll CODEBASE = http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_Crac*hier nicht!*.cab [Java Plug-in 1.5.0_02] InProcServer32 = C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab [MsnMessengerSetupDownloadControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab [ZoneIntro Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab [Java Plug-in 1.5.0_01] InProcServer32 = C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab [Java Plug-in 1.5.0_02] InProcServer32 = C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Solitaire Showdown Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Microsoft ACPI-Treiber: System32\DRIVERS\ACPI.sys (system) Adobe LM Service: "C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start) Microsoft Kernel-Echounterdrückung: system32\drivers\aec.sys (manual start) Umgebung für die AFD-Netzwerkunterstützung: \SystemRoot\System32\drivers\afd.sys (system) Warndienst: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Gatewaydienst auf Anwendungsebene: %SystemRoot%\System32\alg.exe (manual start) AMD K7-Prozessortreiber: System32\DRIVERS\amdk7.sys (system) AntiVir Service: "D:\Programme\AVPersonal\AVGUARD.EXE" (autostart) Anwendungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Asynchroner RAS -Medientreiber: System32\DRIVERS\asyncmac.sys (manual start) Standard-IDE/ESDI-Festplattencontroller: System32\DRIVERS\atapi.sys (system) Protokoll für ATM ARP-Client: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audiostubtreiber: System32\DRIVERS\audstub.sys (manual start) avgntdw: \??\D:\Programme\AVPersonal\AVGNTDW.SYS (manual start) AntiVir Update: "D:\Programme\AVPersonal\AVWUPSRV.EXE" (autostart) Intelligenter Hintergrundübertragungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Computerbrowser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) CD-ROM-Laufwerktreiber: System32\DRIVERS\cdrom.sys (system) Indexdienst: C:\WINDOWS\System32\cisvc.exe (manual start) Ablagemappe: %SystemRoot%\system32\clipsrv.exe (disabled) C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start) COM+-Systemanwendung: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Kryptografiedienste: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) d347bus: system32\DRIVERS\d347bus.sys (system) d347prt: System32\Drivers\d347prt.sys (system) DCOM-Server-Prozessstart: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP-Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Laufwerktreiber: System32\DRIVERS\disk.sys (system) Verwaltungsdienst für die Verwaltung logischer Datenträger: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Treiber für die Verwaltung logischer Datenträger: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Verwaltung logischer Datenträger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft Kernel-DLS-Synthesizer: system32\drivers\DMusic.sys (manual start) DNS-Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Microsoft Kernel-DRM-Audioentschlüsselung: system32\drivers\drmkaud.sys (manual start) ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart) ElbyDelay: System32\Drivers\ElbyDelay.sys (manual start) Fehlerberichterstattungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Ereignisprotokoll: %SystemRoot%\system32\services.exe (autostart) COM+-Ereignissystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Kompatibilität für schnelle Benutzerumschaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Diskettencontrollertreiber: System32\DRIVERS\fdc.sys (manual start) Diskettenlaufwerktreiber: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Treiber für Volume-Manager: System32\DRIVERS\ftdisk.sys (system) GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start) GMFilter Filter: System32\Drivers\GMFilter.sys (manual start) Standardpaketklassifizierung: System32\DRIVERS\msgpc.sys (manual start) Hilfe und Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Eingabegerätezugang: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Microsoft HID Class-Treiber: system32\DRIVERS\hidusb.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP-SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i8042-Tastatur- und PS/2-Mausanschluss-Treiber: System32\DRIVERS\i8042prt.sys (system) Filtertreiber für CD-Brennen: System32\DRIVERS\imapi.sys (system) IMAPI-CD-Brenn-COM-Dienste: C:\WINDOWS\System32\imapi.exe (manual start) InCDPass: System32\DRIVERS\InCDPass.sys (system) InCD Helper: C:\Programme\Ahead\InCD\InCDsrv.exe (autostart) IPv6-Firewalltreiber: system32\drivers\ip6fw.sys (manual start) Filtertreiber für IP-Verkehr: System32\DRIVERS\ipfltdrv.sys (manual start) IP/IP-Tunneltreiber: System32\DRIVERS\ipinip.sys (manual start) Übersetzer für IP-Netzwerkadressen: System32\DRIVERS\ipnat.sys (manual start) iPod Service: C:\Programme\iPod\bin\iPodService.exe (manual start) IPSEC-Treiber: System32\DRIVERS\ipsec.sys (system) IR-Enumeratordienst: System32\DRIVERS\irenum.sys (manual start) PnP-ISA/EISA-Bus-Treiber: System32\DRIVERS\isapnp.sys (system) Tastaturklassentreiber: System32\DRIVERS\kbdclass.sys (system) Microsoft Kernel-Waveaudiomixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Arbeitsstationsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TCP/IP-NetBIOS-Hilfsprogramm: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Nachrichtendienst: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) NetMeeting-Remotedesktop-Freigabe: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Mausklassentreiber: System32\DRIVERS\mouclass.sys (system) Maus-HID-Treiber: System32\DRIVERS\mouhid.sys (manual start) MPMan-F70: System32\Drivers\MPManF70.sys (manual start) Redirector für WebDav-Client: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Proxy für Streaming Clock: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Proxy für Streaming Quality Manager: system32\drivers\MSPQM.sys (manual start) Microsoft-Systemverwaltungs-BIOS-Treiber: System32\DRIVERS\mssmbios.sys (manual start) RAS-NDIS-TAPI-Treiber: System32\DRIVERS\ndistapi.sys (manual start) NDIS-Benutzermodus-E/A-Protokoll: System32\DRIVERS\ndisuio.sys (manual start) RAS-NDIS-WAN-Treiber: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS-Schnittstelle: System32\DRIVERS\netbios.sys (system) NetBios über TCP/IP: System32\DRIVERS\netbt.sys (system) Netzwerk-DDE-Dienst: %SystemRoot%\system32\netdde.exe (disabled) Netzwerk-DDE-Serverdienst: %SystemRoot%\system32\netdde.exe (disabled) Anmeldedienst: %SystemRoot%\System32\lsass.exe (manual start) Netzwerkverbindungen: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NT-LM-Sicherheitsdienst: %SystemRoot%\System32\lsass.exe (manual start) Wechselmedien: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: system32\DRIVERS\nv4_mini.sys (manual start) NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart) Filtertreiber für IPX-Verkehr: System32\DRIVERS\nwlnkflt.sys (manual start) Treiber für IPX-Verkehrsweiterleitung: System32\DRIVERS\nwlnkfwd.sys (manual start) Treiber für parallelen Anschluss: System32\DRIVERS\parport.sys (manual start) PCI-Bus-Treiber: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Plug & Play: %SystemRoot%\system32\services.exe (autostart) IPSEC-Dienste: %SystemRoot%\System32\lsass.exe (autostart) WAN-Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start) Prozessortreiber: System32\DRIVERS\processr.sys (system) Geschützter Speicher: %SystemRoot%\system32\lsass.exe (autostart) QoS-Paketplaner: System32\DRIVERS\psched.sys (manual start) Treiber für direkte Parallelverbindung: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: system32\DRIVERS\PxHelp20.sys (system) Treiber für automatische RAS-Verbindung: System32\DRIVERS\rasacd.sys (system) Verwaltung für automatische RAS-Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN-Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) RAS-Verbindungsverwaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Remotezugriff-PPPOE-Treiber: System32\DRIVERS\raspppoe.sys (manual start) Parallelanschluss (direkt): System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Treiber für Terminalserver-Geräteumleitung: System32\DRIVERS\rdpdr.sys (manual start) Sitzungs-Manager für Remotedesktophilfe: C:\WINDOWS\system32\sessmgr.exe (manual start) Filtertreiber für digitale CD-Audiowiedergabe: System32\DRIVERS\redbook.sys (system) Routing und RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Remote-Registrierung: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) RPC-Locator: %SystemRoot%\System32\locator.exe (manual start) Remoteprozeduraufruf (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS-RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Sicherheitskontenverwaltung: %SystemRoot%\system32\lsass.exe (autostart) Smartcard-Hilfsprogramm: %SystemRoot%\System32\SCardSvr.exe (manual start) Smartcard: %SystemRoot%\System32\SCardSvr.exe (manual start) Taskplaner: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Sekundäre Anmeldung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Systemereignisbenachrichtigung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum-Filtertreiber: System32\DRIVERS\serenum.sys (manual start) Treiber für seriellen Anschluss: System32\DRIVERS\Seri*hier nicht!*.sys (system) Windows-Firewall/Gemeinsame Nutzung der Internetverbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Shellhardwareerkennung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SIS AGP-Bus-Filter: System32\DRIVERS\sisagp.sys (system) SiS-PCI-Fast Ethernet- Adaptertreiber: System32\DRIVERS\sisnic.sys (manual start) Microsoft Kernel-Audiosplitter: system32\drivers\splitter.sys (manual start) Druckwarteschlange: %SystemRoot%\system32\spoolsv.exe (autostart) Filtertreiber für Systemwiederherstellung: System32\DRIVERS\sr.sys (system) Systemwiederherstellungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) SSDP-Suchdienst: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) SSHDRV79: \??\C:\WINDOWS\system32\drivers\SSHDRV79.sys (system) Windows-Bilderfassung (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start) StyleXPHelper: \??\C:\Programme\TGTSoft\StyleXP\StyleXPHelper.exe (system) StyleXPService: "C:\Programme\TGTSoft\StyleXP\StyleXPService.exe" (autostart) Software-Bus-Treiber: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetablesynthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{7AB0E3A1-E69F-4948-924A-20341343FA30} (manual start) Microsoft Kernel-Systemaudiogerät: system32\drivers\sysaudio.sys (manual start) Leistungsdatenprotokolle und Warnungen: %SystemRoot%\system32\smlogsvc.exe (manual start) Telefonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP-Protokolltreiber: System32\DRIVERS\tcpip.sys (system) Terminal-Gerätetreiber: System32\DRIVERS\termdd.sys (system) Terminaldienste: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Designs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start) Überwachung verteilter Verknüpfungen (Client): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Microcode Updatetreiber: System32\DRIVERS\update.sys (manual start) Universeller Plug & Play-Gerätehost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Unterbrechungsfreie Stromversorgung: %SystemRoot%\System32\ups.exe (manual start) Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller: System32\DRIVERS\usbehci.sys (manual start) USB2-aktivierter Hub: System32\DRIVERS\usbhub.sys (manual start) Miniporttreiber für Microsoft USB Open Host-Controller: System32\DRIVERS\usbohci.sys (manual start) USB-Massenspeichertreiber: system32\DRIVERS\USBSTOR.SYS (manual start) Miniporttreiber für universellen Microsoft USB-Hostcontroller: System32\DRIVERS\usbuhci.sys (manual start) Virtual CD v7 Management Service: C:\Programme\HHVcdV7Sys\VC7SecS.exe (autostart) VGA-Anzeigecontroller.: \SystemRoot\System32\drivers\vga.sys (system) vsdatant: System32\vsdatant.sys (system) TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart) Volumeschattenkopie: %SystemRoot%\System32\vssvc.exe (manual start) Windows-Zeitgeber: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) RAS-IP-ARP-Treiber: System32\DRIVERS\wanarp.sys (manual start) Treiber für Microsoft WINMM-WDM-Audiokompatibilität: system32\drivers\wdmaud.sys (manual start) Webclient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Windows-Verwaltungsinstrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Seriennummer der tragbaren Medien: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Treibererweiterungen für Windows-Verwaltungsinstrumentation: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI-Leistungsadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Automatische Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Konfigurationsfreie drahtlose Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Netzwerkversorgungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 34.372 bytes Report generated in 0,157 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only und denn die hijackthis log....: Logfile of HijackThis v1.99.1 Scan saved at 16:55:39, on 24.11.2005 Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE E:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {17AAC286-DCCD-17E4-B131-D81B07FA2E39} - C:\DOKUME~1\B0MBER~1\ANWEND~1\BOOKSE~1\rect base.exe O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Programme\FlashFXP\IEFlash.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NetPumper] "D:\Programme\NetPumper\NetPumperIEProxy.exe" O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programme\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVGCtrl] "D:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Gamer Mouse] C:\Programme\GamingCenter\GamingCenter\Panel.exe O4 - HKLM\..\Run: [store bold drive bird] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Settingsmodestorebold\BikeGlobal.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [mealmess] C:\DOKUME~1\B0MBER~1\ANWEND~1\HOPECA~1\locks gram.exe O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Registration Brothers In Arms.LNK = E:\Programme\Brothers in Arms\brothers in arms 4 RR\Support\Register\RegistrationReminder.exe O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download with NetPumper - D:\Programme\NetPumper\AddUrl.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_download.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://de.msnusers.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_Crac*hier nicht!*.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Programme\HHVcdV7Sys\VC7SecS.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
||
22.11.2005, 18:15
Ehrenmitglied
Beiträge: 29434 |
#19
Hallo@goOsebumps
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O2 - BHO: (no name) - {17AAC286-DCCD-17E4-B131-D81B07FA2E39} - C:\DOKUME~1\B0MBER~1\ANWEND~1\BOOKSE~1\rect base.exe O4 - HKLM\..\Run: [NetPumper] "D:\Programme\NetPumper\NetPumperIEProxy.exe" O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programme\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Gamer Mouse] C:\Programme\GamingCenter\GamingCenter\Panel.exe O4 - HKLM\..\Run: [store bold drive bird] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Settingsmodestorebold\BikeGlobal.exe O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [mealmess] C:\DOKUME~1\B0MBER~1\ANWEND~1\HOPECA~1\locks gram.exe O8 - Extra context menu item: Download with NetPumper - D:\Programme\NetPumper\AddUrl.htm O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_download.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_Crac*hier nicht!*.cab PC neustarten deinstallieren:NetPumper+MessengerPlus! 3 Killbox http://virus-protect.org/killbox.html DelTree (include SubDirectories) Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories). Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht. D:\Programme\NetPumper D:\Programme\MessengerPlus! 3 ------------------------------------------------------------------------ Killbox Delete File on Reboot -- anhaken reinkopieren: C:\WINDOWS\Downloaded Program Files\YSBactivex.dll C:\WINDOWS\Downloaded Program Files\ISTactivex.dll und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" ---------------------------------------------------------------------- boote in den abgesicherten Modus...F8 druecken, wenn der PC hochfaehrt und melde dich als Administrator an loeschen: C:\Dokumente und Einstellungen\B0MBER~1\Anwendungsdaten\HOPECA.... C:\Dokumente und Einstellungen\B0MBER~1\Anwendungsdaten\BOOKSE.... C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Settingsmodestorebold ------------------------------------------------------------------------- wende CleanUp an http://virus-protect.org/cleanup.html Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein: Zitat dir %Windir%\tasks /a h > files.txt- Speichern als: findjobs.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text wenn das alles erledigt ist....loeschen wir den Winfixer __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.11.2005, 18:20
Member
Beiträge: 15 |
#20
dann hab ich dazu mal ne frage was ist so schlimm an messenger plus 3 und netpumper?
|
|
|
||
22.11.2005, 18:22
Ehrenmitglied
Beiträge: 29434 |
#21
kannst du sehen...der PC ist voellig verseucht......
und es wird dich viel Muehe kosten, das sauber zubekommen.... (solche Sachen haben auf einem PC nichts zu suchen....) Trojaner TR/Swizzor, Lop Verseuchung http://virus-protect.org/artikel/spyware/lop.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.11.2005, 18:27
Member
Beiträge: 15 |
#22
okay aber wenn ich des versuch mit KillBox zu löschen dann sagt der mir immer File could not delete
|
|
|
||
23.11.2005, 00:08
Ehrenmitglied
Beiträge: 29434 |
#23
dann lass erst mal die killbox und arbeite alles weitere ab
deinstallieren : D:\Programme\NetPumper D:\Programme\MessengerPlus! 3 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.11.2005, 16:21
Member
Beiträge: 15 |
#24
Joa ich glaub soweit bis auf des mit der KillBox hab ich nu alles gemacht glaub bzw. hoff ich mal das ich das richtig gemacht habe ^^ zumindest sind die zwei von dir angegebenen Ordner gelöscht und die bat datei hab ich auch erstellt und geöffnet hier dat log:
Datentr„ger in Laufwerk C: ist System Volumeseriennummer: A0EF-38FB Verzeichnis von C:\WINDOWS\tasks 22.11.2005 17:06 <DIR> . 22.11.2005 17:06 <DIR> .. 25.11.2005 15:00 280 A627B49791C829DB.job 18.08.2001 11:00 65 desktop.ini 25.11.2005 16:18 6 SA.DAT 3 Datei(en) 351 Bytes Verzeichnis von C:\Dokumente und Einstellungen\b0mberpil0t\Desktop |
|
|
||
23.11.2005, 18:01
Ehrenmitglied
Beiträge: 29434 |
#25
Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:
Zitat %systemdrive%- Speichern als: remjob.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate remjob.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich kurz ist normal wende CleanUp an http://virus-protect.org/cleanup.html Deaktivieren Wiederherstellung XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924 scanne mit escan http://virus-protect.org/escan.html dann kopiere hier den scanreport (, so wie unten auf meiner Seite erklaert ist) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.11.2005, 14:43
Member
Beiträge: 15 |
#26
--------------------------------------------------
-------------------- INFECTED -------------------- -------------------------------------------------- 1: Wed Nov 23 19:52:01 2005 => System found infected with gain.gator Spyware/Adware ({21ffb6c0-0da1-11d5-a9d5-00500413153c})! Action taken: No Action Taken. 2: Wed Nov 23 19:52:01 2005 => System found infected with istbar Spyware/Adware ({42f2c9ba-614f-47c0-b3e3-ecfd34eed658})! Action taken: No Action Taken. 3: Wed Nov 23 19:52:01 2005 => System found infected with istbar Spyware/Adware ({7c559105-9ecf-42b8-b3f7-832e75edd959})! Action taken: No Action Taken. 4: Wed Nov 23 19:52:01 2005 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. 5: Wed Nov 23 19:52:01 2005 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. 6: Wed Nov 23 19:52:01 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. 7: Wed Nov 23 19:52:01 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. 8: Wed Nov 23 19:52:01 2005 => System found infected with istbar Spyware/Adware ({42f2c9ba-614f-47c0-b3e3-ecfd34eed658})! Action taken: No Action Taken. 9: Wed Nov 23 19:52:01 2005 => System found infected with istbar Spyware/Adware ({7c559105-9ecf-42b8-b3f7-832e75edd959})! Action taken: No Action Taken. 10: Wed Nov 23 19:52:43 2005 => System found infected with istbar Spyware/Adware ({67907b3c-a6ef-4a01-99ad-3fcd5f526429})! Action taken: No Action Taken. 11: Wed Nov 23 19:52:43 2005 => System found infected with istbar Spyware/Adware ({0985c112-2562-46f2-8da6-92648ba4630f})! Action taken: No Action Taken. 12: Wed Nov 23 19:52:44 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. 13: Wed Nov 23 19:52:46 2005 => Offending file found: C:\WINDOWS\DOWNLO~1\istactivex.dll 14: Wed Nov 23 19:52:46 2005 => System found infected with isearchtech Spyware/Adware (istactivex.dll)! Action taken: No Action Taken. 15: Wed Nov 23 19:52:56 2005 => Offending file found: C:\Dokumente und Einstellungen\b0mberpil0t\Desktop\internet.lnk 16: Wed Nov 23 19:52:56 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken. 17: Wed Nov 23 19:52:59 2005 => Offending file found: C:\WINDOWS\DOWNLO~1\ISTACT~1.DLL 18: Wed Nov 23 19:52:59 2005 => System found infected with xrenoder Spyware/Adware (C:\WINDOWS\DOWNLO~1\ISTACT~1.DLL)! Action taken: No Action Taken. 19: Wed Nov 23 19:55:35 2005 => File C:\!KillBox\YSBactivex.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken. 20: Wed Nov 23 20:15:54 2005 => File C:\WINDOWS\Downloaded Program Files\ISTactivex.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken. 21: Wed Nov 23 20:30:20 2005 => Scanning Folder: D:\Programme\AVPersonal\INFECTED\*.* 22: Wed Nov 23 20:30:20 2005 => Scanning File D:\Programme\AVPersonal\INFECTED\3P_1.EXE.VIR 23: Wed Nov 23 20:30:21 2005 => File D:\Programme\AVPersonal\INFECTED\3P_1.EXE.VIR tagged as "not-a-virus:AdWare.Win32.BetterInternet". Action Taken: No Action Taken. 24: Wed Nov 23 20:30:21 2005 => Scanning File D:\Programme\AVPersonal\INFECTED\YSB_PROMPT[1].HTM.VIR [**] -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Wed Nov 23 19:51:45 2005 => File C:\DOKUME~1\ALLUSE~1\ANWEND~1\SETTIN~1\BIKEGL~1.EXE tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. 2: Wed Nov 23 19:55:25 2005 => File C:\!KillBox\Book Sect\rect base.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. 3: Wed Nov 23 19:55:34 2005 => File C:\!KillBox\NetPumper\NetPumperFSG.exe tagged as "not-a-virus:AdWare.Win32.Gator.c". Action Taken: No Action Taken. 4: Wed Nov 23 19:55:35 2005 => File C:\!KillBox\NetPumper\ZM\minime.exe tagged as "not-a-virus:AdWare.Win32.Lop.ai". Action Taken: No Action Taken. 5: Wed Nov 23 19:55:35 2005 => File C:\!KillBox\NetPumper\ZM\NP_0001_1.exe tagged as "not-a-virus:AdWare.Win32.Lop.ai". Action Taken: No Action Taken. 6: Wed Nov 23 20:10:59 2005 => File C:\Programme\Save\Save.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bc". Action Taken: No Action Taken. 7: Wed Nov 23 20:10:59 2005 => File C:\Programme\Save\SaveUninst.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bc". Action Taken: No Action Taken. 8: Wed Nov 23 20:30:21 2005 => File D:\Programme\AVPersonal\INFECTED\3P_1.EXE.VIR tagged as "not-a-virus:AdWare.Win32.BetterInternet". Action Taken: No Action Taken. 9: Wed Nov 23 20:33:46 2005 => File D:\Programme\Gamers.IRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. 10: Wed Nov 23 20:34:23 2005 => Scanning File D:\Programme\Media_Manager_2004\Icons\Tagged Image File Format.ico [**] 11: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\0A7CE430-7E23-4B9F-B505-BFA240\50BB44B1-1ECF-4917-B03D-B0CBB4 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 12: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\0A7CE430-7E23-4B9F-B505-BFA240\B296AD46-F6CC-4AE8-A56E-1731D6 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 13: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\1F2D0153-AC7B-4C6C-84EC-5A6A1A\A8AB0A7D-D7DF-4DF9-B1A0-F61663 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 14: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\1F2D0153-AC7B-4C6C-84EC-5A6A1A\E563655D-A323-4B04-97A6-C161B6 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 15: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\25206B3A-2281-4851-A211-8868C3\506F8DEF-3BEC-4A43-B539-B609E0 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 16: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\2B5D9902-4D37-4CF8-8D8C-399820\E7E4DBDB-E9AE-432D-B326-5EFF67 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 17: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\31A7B512-5047-411F-A193-26FD27\1C2A7397-E769-4C4F-B2BB-A49BC1 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 18: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\31A7B512-5047-411F-A193-26FD27\F92104F4-C32B-4B34-A0B5-65F5B0 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 19: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\35228169-0DF1-4ABB-B543-52A349\4C7E09DD-3BCA-4BB4-8846-98B705 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 20: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\35228169-0DF1-4ABB-B543-52A349\E0AF6AC3-E116-4518-89CF-2CBC31 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 21: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\4D9B6E37-3D6D-4E41-B8C7-F90560\449CDCED-160A-4893-BC9B-5920E1 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 22: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\5E65AF58-2BD6-4B58-95DB-F06FF1\D63A7D5E-53AF-4263-B716-DD5B7A tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 23: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\5E9B74E8-D7B5-441C-8CC3-B6472D\7A29EF99-12FC-4107-AE4F-D2F8A4 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 24: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\5E9B74E8-D7B5-441C-8CC3-B6472D\C0419663-C444-48AF-BDEF-4EE354 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 25: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\83AEF279-4E79-4928-AE3E-8B06B4\350DF91C-F3AE-4A46-A818-203548 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 26: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\88A423B4-BD34-4465-9F69-616250\73E967D3-C654-4B69-BF94-8BFA1D tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 27: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\88A423B4-BD34-4465-9F69-616250\93E44D90-40D5-4B0E-B587-8D7E26 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 28: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\A5C953D9-C434-4DEB-AF1F-BBA204\53EDEB25-995F-473B-B01E-4304EF tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 29: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\A64FC5FE-68E0-492F-A627-822AC6\1EB90694-B101-4499-8ABC-A97CCB tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 30: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\A64FC5FE-68E0-492F-A627-822AC6\86B29366-9482-4F9E-8CD6-738AB1 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 31: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\D513F990-AD18-4008-864B-75B1F5\562703BB-4EE4-4716-866C-ADFBBB tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 32: Wed Nov 23 20:34:43 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\D7E3A454-F4BC-4BA0-8257-2284E9\2C0F2BDF-DCA3-4632-B210-690A39 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 33: Wed Nov 23 20:34:43 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\E43C90E2-74EF-4E5F-9360-BD024C\3E49CDC2-C18A-49B3-AED5-9DCE56 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 34: Wed Nov 23 20:34:43 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\E43C90E2-74EF-4E5F-9360-BD024C\7E7911FA-6041-4807-B2B3-D56FB0 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken. 35: Wed Nov 23 20:34:44 2005 => File D:\Programme\NetPumper\NetPumperFSG.exe tagged as "not-a-virus:AdWare.Win32.Gator.c". Action Taken: No Action Taken. 36: Wed Nov 23 20:34:44 2005 => File D:\Programme\NetPumper\ZM\minime.exe tagged as "not-a-virus:AdWare.Win32.Lop.ai". Action Taken: No Action Taken. 37: Wed Nov 23 20:34:44 2005 => File D:\Programme\NetPumper\ZM\NP_0001_1.exe tagged as "not-a-virus:AdWare.Win32.Lop.ai". Action Taken: No Action Taken. 38: Wed Nov 23 20:38:24 2005 => File D:\System Volume Information\_restore{206CE547-DE36-4C7C-8E83-B425BEB7B88C}\RP17\A0008779.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. 39: Wed Nov 23 20:41:06 2005 => File E:\girc432.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. 40: Wed Nov 23 20:49:26 2005 => File E:\Treiber\xp_sp_22\Data\psshutdown.exe tagged as not-a-virus:RiskTool.Win32.PsShutdown.232. No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Wed Nov 23 19:35:18 2005 => ERROR!!! Invalid Entry = C:\DOKUME~1\B0MBER~1\ANWEND~1\BOOKSE~1\rect base.exe (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{17AAC286-DCCD-17E4-B131-D81B07FA2E39}). No Action Taken. 2: Wed Nov 23 19:35:26 2005 => ERROR!!! Invalid Entry MessengerPlus3 = "D:\Programme\MessengerPlus! 3\MsgPlus.exe" (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 3: Wed Nov 23 19:51:45 2005 => ERROR!!! Invalid Entry MessengerPlus3 = "D:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 4: Wed Nov 23 19:51:45 2005 => ERROR!!! Invalid Entry mealmess = C:\DOKUME~1\B0MBER~1\ANWEND~1\HOPECA~1\locks gram.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 5: Wed Nov 23 19:53:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\YSBactivex.dll". Action Taken: No Action Taken. 6: Wed Nov 23 19:53:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken. 7: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken. 8: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken. 9: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken. 10: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken. 11: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken. 12: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken. 13: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken. 14: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken. 15: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken. 16: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken. 17: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken. 18: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sve.nls". Action Taken: No Action Taken. 19: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken. 20: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken. 21: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken. 22: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken. 23: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken. 24: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken. 25: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken. 26: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken. 27: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken. 28: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken. 29: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken. 30: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken. No Action Taken. 71: Wed Nov 23 19:53:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\B0MBER~1\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken. 72: Wed Nov 23 19:53:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken. 73: Wed Nov 23 19:53:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\FlashFXP.exe" refers to invalid object "C:\DOKUME~1\B0MBER~1\LOKALE~1\Temp\Rar$EX00.109\FlashFXP.exe". Action Taken: No Action Taken. 74: Wed Nov 23 19:53:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Pandora_tomorrow.exe" refers to invalid object "D:\Programme\Splinter Cell\Splinter Cell Pandora Tomorrow\system\Pandora_tomorrow.exe". Action Taken: No Action Taken. 75: Wed Nov 23 19:53:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\RegCloneDVD2.exe" refers to invalid object "D:\Programme\CloneDVD2\RegCloneDVD2.exe". Action Taken: No Action Taken. 76: Wed Nov 23 19:53:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\VUGames\SWAT 4 Single Player Demo\Content\". Action Taken: No Action Taken. 77: Wed Nov 23 19:53:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\VUGames\SWAT 4 Single Player Demo\Content\System\". Action Taken: No Action Taken. 78: Wed Nov 23 19:53:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Call of Duty\uo\". Action Taken: No Action Taken. 79: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Bin32\". Action Taken: No Action Taken. 80: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\". Action Taken: No Action Taken. 81: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\Archive\". Action Taken: No Action Taken. 82: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\Carrier\". Action Taken: No Action Taken. 83: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\Cooler\". Action Taken: No Action Taken. 84: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\Rebellion\". Action Taken: No Action Taken. 85: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\Training\". Action Taken: No Action Taken. 86: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\Treehouse\". Action Taken: No Action Taken. 87: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\FCData\". Action Taken: No Action Taken. 88: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\FCData\Localized\". Action Taken: No Action Taken. 89: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Support\". Action Taken: No Action Taken. 90: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Support\Manual\". Action Taken: No Action Taken. 91: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\PB\". Action Taken: No Action Taken. 92: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken. 93: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".000". Action Taken: No Action Taken. 94: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".001". Action Taken: No Action Taken. 95: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1". Action Taken: No Action Taken. 96: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".103". Action Taken: No Action Taken. 97: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acr". Action Taken: No Action Taken. 98: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".avd". Action Taken: No Action Taken. 99: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b3d". Action Taken: No Action Taken. 100: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BK3". Action Taken: No Action Taken. 101: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".c00". Action Taken: No Action Taken. 102: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".C03". Action Taken: No Action Taken. 103: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".c05". Action Taken: No Action Taken. 104: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".c06". Action Taken: No Action Taken. 105: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".c08". Action Taken: No Action Taken. 106: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".C17_0-". Action Taken: No Action Taken. 107: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cam". Action Taken: No Action Taken. 108: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/Para/ustedes/el/jueguito/CD1/". Action Taken: No Action Taken. 109: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/Para/ustedes/el/jueguito/Coluche%20-%20Integral%20-%20Cd1/". Action Taken: No Action Taken. 110: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/Para/ustedes/el/jueguito/New%20Folder/". Action Taken: No Action Taken. 111: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cts". Action Taken: No Action Taken. 112: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cue". Action Taken: No Action Taken. 113: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dcx". Action Taken: No Action Taken. 114: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/etpro10map/etadmin_mod/". Action Taken: No Action Taken. 115: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/etpro10map/etadmin_mod/addons/". Action Taken: No Action Taken. 116: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/etpro10map/etmain/". Action Taken: No Action Taken. 117: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/etpro10map/etpro/". Action Taken: No Action Taken. 118: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DIP". Action Taken: No Action Taken. 119: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".djvu". Action Taken: No Action Taken. 120: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dm_83". Action Taken: No Action Taken. 121: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dm_84". Action Taken: No Action Taken. 122: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dusd". Action Taken: No Action Taken. 123: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ecw". Action Taken: No Action Taken. 124: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ET". Action Taken: No Action Taken. 125: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".exe_0-". Action Taken: No Action Taken. 126: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fpx". Action Taken: No Action Taken. 127: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fsh". Action Taken: No Action Taken. 128: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".g3". Action Taken: No Action Taken. 129: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gba". Action Taken: No Action Taken. 130: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gsm". Action Taken: No Action Taken. 131: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".HQPv2". Action Taken: No Action Taken. 132: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ic1". Action Taken: No Action Taken. 133: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".icl". Action Taken: No Action Taken. 134: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ics". Action Taken: No Action Taken. 135: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iw44". Action Taken: No Action Taken. 136: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".j2k". Action Taken: No Action Taken. 137: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jp2". Action Taken: No Action Taken. 138: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpc". Action Taken: No Action Taken. 139: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpm". Action Taken: No Action Taken. 140: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kdc". Action Taken: No Action Taken. 141: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ldf". Action Taken: No Action Taken. 142: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lds". Action Taken: No Action Taken. 143: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lng". Action Taken: No Action Taken. 144: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LST". Action Taken: No Action Taken. 145: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lwf". Action Taken: No Action Taken. 146: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mds". Action Taken: No Action Taken. 147: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".med". Action Taken: No Action Taken. 148: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ngg". Action Taken: No Action Taken. 149: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nlm". Action Taken: No Action Taken. 150: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nol". Action Taken: No Action Taken. 151: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ogg_0-". Action Taken: No Action Taken. 152: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part1". Action Taken: No Action Taken. 153: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part11". Action Taken: No Action Taken. 154: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php?ctl=download_attachment&p[msgid]=05afae16ef31f906&p[folder]=INBOX&p[attachid]=2&p[hash]=35778308ddf001242dab600ae1dd2a6e&p[method]=view". Action Taken: No Action Taken. 155: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php?ctl=download_attachment&p[msgid]=9dea8cee7abc29c8&p[folder]=INBOX&p[attachid]=2&p[hash]=32801c06639f90b30baf87cf05ac518a&p[method]=view". Action Taken: No Action Taken. 156: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pk3". Action Taken: No Action Taken. 157: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".plr". Action Taken: No Action Taken. 158: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r33". Action Taken: No Action Taken. 159: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r35". Action Taken: No Action Taken. 160: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r36". Action Taken: No Action Taken. 161: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r37". Action Taken: No Action Taken. 162: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r42". Action Taken: No Action Taken. 163: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r46". Action Taken: No Action Taken. 164: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r47". Action Taken: No Action Taken. 165: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r50". Action Taken: No Action Taken. 166: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r53". Action Taken: No Action Taken. 167: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar_0-". Action Taken: No Action Taken. 168: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar_93187369-". Action Taken: No Action Taken. 169: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rgb". Action Taken: No Action Taken. 170: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".SAV". Action Taken: No Action Taken. 171: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sff". Action Taken: No Action Taken. 172: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken. 173: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv_0-". Action Taken: No Action Taken. 174: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfw". Action Taken: No Action Taken. 175: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sgi". Action Taken: No Action Taken. 176: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sid". Action Taken: No Action Taken. 177: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".so". Action Taken: No Action Taken. 178: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sun". Action Taken: No Action Taken. 179: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".SWC". Action Taken: No Action Taken. 180: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".swl". Action Taken: No Action Taken. 181: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".zip_0-". Action Taken: No Action Taken. 182: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken. 183: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}". Action Taken: No Action Taken. 184: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WebGraphics Optimizer 4.2". Action Taken: No Action Taken. 185: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4A840E1E-2BA8-47de-923E-0E00407EB530}". Action Taken: No Action Taken. 186: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300311}". Action Taken: No Action Taken. 187: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}". Action Taken: No Action Taken. 188: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}". Action Taken: No Action Taken. 189: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}". Action Taken: No Action Taken. 190: Wed Nov 23 19:53:09 2005 => Entry "HKCR\CLSID\{0D756DB8-E9F2-4FB3-BC4D-DD0C5513C02D}" refers to invalid object "D:\Programme\Adobe\Premiere Pro 1.5 Tryout\Plug-ins\de_DE\DXGenericRender.prm". Action Taken: No Action Taken. 191: Wed Nov 23 19:53:09 2005 => Entry "HKCR\CLSID\{17AAC286-DCCD-17E4-B131-D81B07FA2E39}" refers to invalid object "C:\DOKUME~1\B0MBER~1\ANWEND~1\BOOKSE~1\rect base.exe". Action Taken: No Action Taken. 192: Wed Nov 23 19:53:09 2005 => Entry "HKCR\CLSID\{2993E5DD-6A61-4776-B0FC-AFC4BE152D7C}" refers to invalid object "D:\Programme\Adobe\Premiere Pro 1.5 Tryout\Plug-ins\de_DE\DXDVSupport.prm". Action Taken: No Action Taken. 193: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{3181343b-94a2-4feb-adef-30a1dde617b4}" refers to invalid object "C:\WINDOWS\System32\wmvdmoe.dll". Action Taken: No Action Taken. 194: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\YSBactivex.dll". Action Taken: No Action Taken. 195: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{57671674-F46B-41FC-A7A5-73F95F94316F}" refers to invalid object "D:\Programme\Adobe\Premiere Pro 1.5 Tryout\Plug-ins\de_DE\DXGenericSource.prm". Action Taken: No Action Taken. 196: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{5D7182D6-50DE-4402-9A59-794B2BF257B3}" refers to invalid object "D:\Programme\Adobe\Premiere Pro 1.5 Tryout\Plug-ins\de_DE\DvControl.prm". Action Taken: No Action Taken. 197: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{5D96CF2B-4E6F-11D6-99FD-00B0D0B23EE4}" refers to invalid object "D:\Programme\ACE-HIGH MP3 WAV WMA OGG Converter\ID3Edit.dll". Action Taken: No Action Taken. 198: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{6394CA06-C8F8-4333-BFD5-33E7C65B3C75}" refers to invalid object "D:\Programme\Adobe\Premiere Pro 1.5 Tryout\Plug-ins\de_DE\DXAvSource.prm". Action Taken: No Action Taken. 199: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{647C2812-DFBB-4CAF-B1FD-1FE1083CAD96}" refers to invalid object "D:\Programme\Adobe\Premiere Pro 1.5 Tryout\Plug-ins\de_DE\DXCaptureSource.prm". Action Taken: No Action Taken. 200: Wed Nov 23 19:53:11 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken. 201: Wed Nov 23 19:53:11 2005 => Entry "HKCR\CLSID\{AA41EA17-FFB5-4A7C-BE4F-13BB9F9592A6}" refers to invalid object "C:\DOKUME~1\B0MBER~1\LOKALE~1\Temp\Rar$EX01.235\crack\Photoshop.exe /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken. 202: Wed Nov 23 19:53:12 2005 => Entry "HKCR\CLSID\{F1F9D19A-2E27-4B78-9D7A-3135C2D0DC04}" refers to invalid object "C:\PROGRA~1\Hello\Hello.exe". Action Taken: No Action Taken. 203: Wed Nov 23 19:53:12 2005 => Entry "HKCR\CLSID\{F50B3F10-19C4-11CF-AA9A-02608C9BABA2}" refers to invalid object "C:\WINDOWS\system32\FILTER.AX". Action Taken: No Action Taken. 204: Wed Nov 23 19:53:12 2005 => Entry "HKCR\TypeLib\{5D96CF21-4E6F-11D6-99FD-00B0D0B23EE4}" refers to invalid object "D:\Programme\ACE-HIGH MP3 WAV WMA OGG Converter\ID3Edit.dll". Action Taken: No Action Taken. 205: Wed Nov 23 19:53:12 2005 => Entry "HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\YSBactivex.dll". Action Taken: No Action Taken. 206: Wed Nov 23 19:53:13 2005 => Entry "HKCR\TypeLib\{B32DDB80-8AE9-4AFB-8217-3955440F88C2}" refers to invalid object "C:\Programme\Hello\Hello.exe". Action Taken: No Action Taken. 207: Wed Nov 23 19:53:13 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken. 208: Wed Nov 23 19:53:13 2005 => Entry "HKCR\TypeLib\{F3A9845E-6B2F-4F26-B52C-AFEFE4133610}" refers to invalid object "C:\DOKUME~1\B0MBER~1\LOKALE~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken. 209: Wed Nov 23 19:53:13 2005 => Entry "HKCR\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}" refers to invalid object "D:\Programme\NetPumper\NetPumperNNProxy.dll". Action Taken: No Action Taken. 210: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken. 211: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken. 212: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.det" refers to invalid object "DETFile". Action Taken: No Action Taken. 213: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken. 214: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken. 215: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken. 216: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken. 217: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken. 218: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.frg" refers to invalid object "Access.Fragment". Action Taken: No Action Taken. 219: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken. 220: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.idc" refers to invalid object "idcfile". Action Taken: No Action Taken. 221: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.ldb" refers to invalid object "Access.LockFile.9". Action Taken: No Action Taken. 222: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken. 223: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken. 224: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken. 225: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken. 226: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken. 227: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken. 228: Wed Nov 23 19:53:13 2005 => Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken. 229: Wed Nov 23 19:53:14 2005 => Entry "HKCR\Bridge.Table.2" refers to invalid object "{321FF6F5-4917-AA85-CEC0-22C26668AF83}". Action Taken: No Action Taken. 230: Wed Nov 23 19:53:14 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken. 231: Wed Nov 23 19:53:14 2005 => Entry "HKCR\FlashFXP.Document\shell\open\command" refers to invalid object "C:\DOKUME~1\B0MBER~1\LOKALE~1\Temp\Rar$EX00.109\FlashFXP.exe %1". Action Taken: No Action Taken. 232: Wed Nov 23 19:53:14 2005 => Entry "HKCR\GunzReplay\shell\open\command" refers to invalid object "C:\Programme\MAIET\Gunz\Gunz.exe %1". Action Taken: No Action Taken. 233: Wed Nov 23 19:53:14 2005 => Entry "HKCR\hello\shell\open\command" refers to invalid object ""C:\Programme\Hello\Hello.exe" /o "%1"". Action Taken: No Action Taken. 234: Wed Nov 23 19:53:14 2005 => Entry "HKCR\HelloApplication\shell\open\command" refers to invalid object ""C:\Programme\Hello\Hello.exe" /o rss:"%1"". Action Taken: No Action Taken. 235: Wed Nov 23 19:53:15 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. 236: Wed Nov 23 19:53:15 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 237: Wed Nov 23 19:53:15 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 238: Wed Nov 23 19:53:15 2005 => Entry "HKCR\MsgPlus.Encrypted\shell\open\command" refers to invalid object ""D:\Programme\MessengerPlus! 3\MsgPlus.exe" /LOG:%1". Action Taken: No Action Taken. 239: Wed Nov 23 19:53:15 2005 => Entry "HKCR\MsgPlus.SoundPack\shell\open\command" refers to invalid object ""D:\Programme\MessengerPlus! 3\MsgPlus.exe" /SNDPACK:%1". Action Taken: No Action Taken. 240: Wed Nov 23 19:53:16 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 241: Wed Nov 23 19:53:16 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 242: Wed Nov 23 19:53:16 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken. 243: Wed Nov 23 19:53:16 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. 244: Wed Nov 23 19:53:16 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. 245: Wed Nov 23 19:53:16 2005 => Entry "HKCR\steam\shell\open\command" refers to invalid object ""D:\Programme\SiX-Steam\Steam\Steam.exe" "%1"". Action Taken: No Action Taken. 246: Wed Nov 23 19:53:16 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 247: Wed Nov 23 19:53:16 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 248: Wed Nov 23 19:53:16 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. 249: Wed Nov 23 19:53:16 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. 250: Wed Nov 23 20:29:01 2005 => Result: ERROR!!! File D:\Downloads\Charlie.und.die.Schokoladenfabrik.TS.Mic.Dubbed.German.SVCD-MRM.rar is Not Scanned 251: Wed Nov 23 20:29:20 2005 => Result: ERROR!!! File D:\Downloads\Transporter.2.The.Mission.TS.Line.Dubbed.German.SVCD-TRCD.rar is Not Scanned 252: Wed Nov 23 20:39:42 2005 => Result: ERROR!!! File E:\Age of Methology\Age.Of.Empires.III-RELOADED.rar is Not Scanned 253: Wed Nov 23 20:39:45 2005 => Result: ERROR!!! File E:\Age of Methology\bb-lee.rar is Not Scanned 254: Wed Nov 23 20:39:53 2005 => Result: ERROR!!! File E:\Age of Methology\eve-lawrence.rar is Not Scanned 255: Wed Nov 23 20:39:56 2005 => Result: ERROR!!! File E:\Age of Methology\mrs-lee-mfst.rar is Not Scanned 256: Wed Nov 23 20:40:17 2005 => Result: ERROR!!! File E:\Aleks Sagt\tit-mvcd.rar is Not Scanned -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\!KillBox\YSBactivex.dll => Trojan-Downloader.Win32.IstBar.gen 2: C:\WINDOWS\Downloaded Program Files\ISTactivex.dll => Trojan-Downloader.Win32.IstBar.gen 3: D:\Programme\Gamers.IRC\mirc.exe => tagged:Client-IRC.Win32.mIRC.616. 4: D:\System Volume Information\_restore{206CE547-DE36-4C7C-8E83-B425BEB7B88C}\RP17\A0008779.exe => tagged:Client-IRC.Win32.mIRC.616. 5: E:\girc432.exe => tagged:Client-IRC.Win32.mIRC.616. 6: E:\Treiber\xp_sp_22\Data\psshutdown.exe => tagged:RiskTool.Win32.PsShutdown.232. -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Wed Nov 23 20:49:34 2005 => Total Objects Scanned: 152685 Wed Nov 23 20:49:34 2005 => Total Virus(es) Found: 70 Wed Nov 23 20:49:34 2005 => Total Errors: 256 Wed Nov 23 20:49:34 2005 => Virus Database Date: 2005/11/23 Wed Nov 23 20:49:34 2005 => Virus Database Count: 161224 Wed Nov 23 21:21:18 2005 => Total Objects Scanned: 152685 Wed Nov 23 21:21:18 2005 => Total Virus(es) Found: 70 Wed Nov 23 21:21:19 2005 => Total Errors: 256 so ich hoffe das ist so richtig :/ |
|
|
||
24.11.2005, 15:15
Ehrenmitglied
Beiträge: 29434 |
#27
loeschen:
C:\Dokumente und Einstellungen\b0mberpil0t\Desktop\internet.lnk D:\Programme\NetPumper\NetPumperFSG.exe D:\Programme\NetPumper\ZM\NP_0001_1.exe D:\Programme\NetPumper\NetPumperNNProxy.dll D:\Programme\NetPumper C:\WINDOWS\Downloaded Program Files\ISTactivex.dll C:\Programme\Save\Save.exe C:\Programme\Save\SaveUninst.exe C:\Programme\Save C:\!KillBox\ <--leeren scanne mit AdAware http://virus-protect.org/adaware.html --> aktiviere wieder sie Systemwiederherstellung TuneUp 2006 (30 Tage free) Shareware http://virus-protect.org/reinigungstoolsregistry.html wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.11.2005, 15:25
Member
Beiträge: 15 |
#28
was versteh ich unter killbox leeren?
|
|
|
||
24.11.2005, 15:53
Ehrenmitglied
Beiträge: 29434 |
#29
Zitat C:\!KillBox\ <--leerenC:\!KillBox\Book Sect\rect base.exe<---diesen und andere Eintraege loeschen __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.11.2005, 18:32
...neu hier
Beiträge: 1 |
#30
hallo ich habe auch das sch.... problem mit der winfixer 2005 werbung könnt ihr mir helfen???bitte Logfile of HijackThis v1.99.1 Scan saved at 18:30:54, on 24.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\slserv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\SurfAccuracy\SAcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Tweak-XP Pro 4\transtask.exe C:\Programme\Tweak-XP Pro 4\AdBlocker.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\iTunes\iTunes.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Pi\Lokale Einstellungen\Temp\HijackThis.exe C:\Programme\Norton AntiVirus\OPScan.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mein Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local., R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll (file missing) O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Programme\SpySpotter3\Defender.exe -startup O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TransTask] "C:\Programme\Tweak-XP Pro 4\transtask.exe" O4 - HKCU\..\Run: [BlockAds] "C:\Programme\Tweak-XP Pro 4\AdBlocker.exe" O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_Crac*hier nicht!*.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Dienst (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
|
||
Und wenn mein PC zu verseucht ist was durchaus der Fall sein könnte könnte man mir dann trotzdem irgendwie helfen den WinFixer wenigstens los zu werden? Ich wäre dir sehr sehr verbunden Sabine da ich der totale Virenbekämpfungsnewbie bin
Hier mein Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 16:41:42, on 24.11.2005
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
D:\Programme\AVPersonal\AVGUARD.EXE
D:\Programme\NetPumper\NetPumperIEProxy.exe
D:\Programme\MessengerPlus! 3\MsgPlus.exe
D:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
D:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\D-Tools\daemon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\GamingCenter\GamingCenter\Panel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\HHVcdV7Sys\VC7SecS.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Xfire\Xfire.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Winamp\winamp.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\Programme\NetPumper\NetPumper.exe
D:\Programme\ICQLite\ICQLite.exe
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
D:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\B0MBER~1\LOKALE~1\Temp\Rar$EX00.328\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17AAC286-DCCD-17E4-B131-D81B07FA2E39} - C:\DOKUME~1\B0MBER~1\ANWEND~1\BOOKSE~1\rect base.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NetPumper] "D:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "D:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Gamer Mouse] C:\Programme\GamingCenter\GamingCenter\Panel.exe
O4 - HKLM\..\Run: [store bold drive bird] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Settingsmodestorebold\BikeGlobal.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [mealmess] C:\DOKUME~1\B0MBER~1\ANWEND~1\HOPECA~1\locks gram.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Brothers In Arms.LNK = E:\Programme\Brothers in Arms\brothers in arms 4 RR\Support\Register\RegistrationReminder.exe
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with NetPumper - D:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_download.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://de.msnusers.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_Crac*hier nicht!*.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Programme\HHVcdV7Sys\VC7SecS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe