Winfixer 2005 wie kann ich ihn löschen?

#16 So ich "benutze" diesen Thread mal in der hoffnung dat die Sabine mir auch hilft denn dieser dumme WinFixer nervt mich schon sehr sehr lange...
Und wenn mein PC zu verseucht ist was durchaus der Fall sein könnte könnte man mir dann trotzdem irgendwie helfen den WinFixer wenigstens los zu werden? Ich wäre dir sehr sehr verbunden Sabine da ich der totale Virenbekämpfungsnewbie bin
Hier mein Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 16:41:42, on 24.11.2005
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
D:\Programme\AVPersonal\AVGUARD.EXE
D:\Programme\NetPumper\NetPumperIEProxy.exe
D:\Programme\MessengerPlus! 3\MsgPlus.exe
D:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
D:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\D-Tools\daemon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\GamingCenter\GamingCenter\Panel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\HHVcdV7Sys\VC7SecS.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Xfire\Xfire.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Winamp\winamp.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\Programme\NetPumper\NetPumper.exe
D:\Programme\ICQLite\ICQLite.exe
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
D:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\B0MBER~1\LOKALE~1\Temp\Rar$EX00.328\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17AAC286-DCCD-17E4-B131-D81B07FA2E39} - C:\DOKUME~1\B0MBER~1\ANWEND~1\BOOKSE~1\rect base.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NetPumper] "D:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "D:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Gamer Mouse] C:\Programme\GamingCenter\GamingCenter\Panel.exe
O4 - HKLM\..\Run: [store bold drive bird] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Settingsmodestorebold\BikeGlobal.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [mealmess] C:\DOKUME~1\B0MBER~1\ANWEND~1\HOPECA~1\locks gram.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Brothers In Arms.LNK = E:\Programme\Brothers in Arms\brothers in arms 4 RR\Support\Register\RegistrationReminder.exe
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with NetPumper - D:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_download.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://de.msnusers.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_Crac*hier nicht!*.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Programme\HHVcdV7Sys\VC7SecS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#17 Hallo@goOsebumps

da ist auch eine LOP-Verseuchung drauf...wegen dem MessengerPlus! 3 und D:\Programme\NetPumper

HijackThis (StartupListe)
Starte den Rechner bitte im abgesicherten Modus und erstelle dort ein Hijackthis log und ein Startuplist log, dazu bitte in die ms tools setion gehen, beide Dinge bei "generate statuplist log" anhaken und die liste erstellen lassen.

*HijackThis - Config
*List also minor sections (full) -- Häkchen setzen
*List empty sections (complete) -- Häkchen setzen
*HijackThis - Config - MiscTools -- Generate StartupListlog
*(es öffnet sich das Notepad [Texteditor], nun das KOMPLETTE Log abkopieren und posten)
__________
MfG Sabina

rund um die PC-Sicherheit

#18 öhm ja ich glaub ich hab das jetzt gemacht ^^ hab wirklich nicht viel ahnung...
und schon mal danke für die wirklich extrem schnelle antwort...

startuplog:

StartupList report, 24.11.2005, 16:54:15
StartupList version: 1.52.2
Started from : E:\hijackthis\HijackThis.EXE
Detected: Windows XP SP2, v.2096 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2096)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Dokumente und Einstellungen\b0mberpil0t\Startmenü\Programme\Autostart]
Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
Registration Brothers In Arms.LNK = E:\Programme\Brothers in Arms\brothers in arms 4 RR\Support\Register\RegistrationReminder.exe
Xfire.lnk = C:\Programme\Xfire\Xfire.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
NetPumper = "D:\Programme\NetPumper\NetPumperIEProxy.exe"
MessengerPlus3 = "D:\Programme\MessengerPlus! 3\MsgPlus.exe"
SunJavaUpdateSched = C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
QuickTime Task = "C:\Programme\QuickTime\qttask.exe" -atboottime
AVGCtrl = "D:\Programme\AVPersonal\AVGNT.EXE" /min
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
DAEMON Tools-1033 = "C:\Programme\D-Tools\daemon.exe" -lang 1033
TkBellExe = "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
Zone Labs Client = D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
WinampAgent = D:\Programme\Winamp\winampa.exe
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Gamer Mouse = C:\Programme\GamingCenter\GamingCenter\Panel.exe
store bold drive bird = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Settingsmodestorebold\BikeGlobal.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
MessengerPlus3 = "D:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
Skype = "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
mealmess = C:\DOKUME~1\B0MBER~1\ANWEND~1\HOPECA~1\locks gram.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

ICQ Lite = D:\Programme\ICQLite\ICQLite.exe -trayboot

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registrierungs-Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\DOKUME~1\B0MBER~1\ANWEND~1\BOOKSE~1\rect base.exe - {17AAC286-DCCD-17E4-B131-D81B07FA2E39}
(no name) - c:\programme\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - D:\Programme\FlashFXP\IEFlash.dll - {E5A1691B-D188-4419-AD02-90002030B8EE}

--------------------------------------------------

Enumerating Task Scheduler jobs:

A627B49791C829DB.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

[QuickTime Object]
InProcServer32 = C:\Programme\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

[Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
CODEBASE = http://www.ysbweb.com/ist/softwares/v4.0/ysb_download.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://de.msnusers.com/controls/PhotoUC/MsnPUpld.cab

[Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ISTactivex.dll
CODEBASE = http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_Crac*hier nicht!*.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

[Java Plug-in 1.5.0_01]
InProcServer32 = C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Solitaire Showdown Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI-Treiber: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Microsoft Kernel-Echounterdrückung: system32\drivers\aec.sys (manual start)
Umgebung für die AFD-Netzwerkunterstützung: \SystemRoot\System32\drivers\afd.sys (system)
Warndienst: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Gatewaydienst auf Anwendungsebene: %SystemRoot%\System32\alg.exe (manual start)
AMD K7-Prozessortreiber: System32\DRIVERS\amdk7.sys (system)
AntiVir Service: "D:\Programme\AVPersonal\AVGUARD.EXE" (autostart)
Anwendungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Asynchroner RAS -Medientreiber: System32\DRIVERS\asyncmac.sys (manual start)
Standard-IDE/ESDI-Festplattencontroller: System32\DRIVERS\atapi.sys (system)
Protokoll für ATM ARP-Client: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audiostubtreiber: System32\DRIVERS\audstub.sys (manual start)
avgntdw: \??\D:\Programme\AVPersonal\AVGNTDW.SYS (manual start)
AntiVir Update: "D:\Programme\AVPersonal\AVWUPSRV.EXE" (autostart)
Intelligenter Hintergrundübertragungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computerbrowser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM-Laufwerktreiber: System32\DRIVERS\cdrom.sys (system)
Indexdienst: C:\WINDOWS\System32\cisvc.exe (manual start)
Ablagemappe: %SystemRoot%\system32\clipsrv.exe (disabled)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
COM+-Systemanwendung: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Kryptografiedienste: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
d347bus: system32\DRIVERS\d347bus.sys (system)
d347prt: System32\Drivers\d347prt.sys (system)
DCOM-Server-Prozessstart: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP-Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Laufwerktreiber: System32\DRIVERS\disk.sys (system)
Verwaltungsdienst für die Verwaltung logischer Datenträger: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Treiber für die Verwaltung logischer Datenträger: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Verwaltung logischer Datenträger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel-DLS-Synthesizer: system32\drivers\DMusic.sys (manual start)
DNS-Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel-DRM-Audioentschlüsselung: system32\drivers\drmkaud.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
ElbyDelay: System32\Drivers\ElbyDelay.sys (manual start)
Fehlerberichterstattungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Ereignisprotokoll: %SystemRoot%\system32\services.exe (autostart)
COM+-Ereignissystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Kompatibilität für schnelle Benutzerumschaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Diskettencontrollertreiber: System32\DRIVERS\fdc.sys (manual start)
Diskettenlaufwerktreiber: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Treiber für Volume-Manager: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
GMFilter Filter: System32\Drivers\GMFilter.sys (manual start)
Standardpaketklassifizierung: System32\DRIVERS\msgpc.sys (manual start)
Hilfe und Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Eingabegerätezugang: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class-Treiber: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP-SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042-Tastatur- und PS/2-Mausanschluss-Treiber: System32\DRIVERS\i8042prt.sys (system)
Filtertreiber für CD-Brennen: System32\DRIVERS\imapi.sys (system)
IMAPI-CD-Brenn-COM-Dienste: C:\WINDOWS\System32\imapi.exe (manual start)
InCDPass: System32\DRIVERS\InCDPass.sys (system)
InCD Helper: C:\Programme\Ahead\InCD\InCDsrv.exe (autostart)
IPv6-Firewalltreiber: system32\drivers\ip6fw.sys (manual start)
Filtertreiber für IP-Verkehr: System32\DRIVERS\ipfltdrv.sys (manual start)
IP/IP-Tunneltreiber: System32\DRIVERS\ipinip.sys (manual start)
Übersetzer für IP-Netzwerkadressen: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: C:\Programme\iPod\bin\iPodService.exe (manual start)
IPSEC-Treiber: System32\DRIVERS\ipsec.sys (system)
IR-Enumeratordienst: System32\DRIVERS\irenum.sys (manual start)
PnP-ISA/EISA-Bus-Treiber: System32\DRIVERS\isapnp.sys (system)
Tastaturklassentreiber: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel-Waveaudiomixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Arbeitsstationsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP-NetBIOS-Hilfsprogramm: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Nachrichtendienst: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting-Remotedesktop-Freigabe: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mausklassentreiber: System32\DRIVERS\mouclass.sys (system)
Maus-HID-Treiber: System32\DRIVERS\mouhid.sys (manual start)
MPMan-F70: System32\Drivers\MPManF70.sys (manual start)
Redirector für WebDav-Client: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Proxy für Streaming Clock: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Proxy für Streaming Quality Manager: system32\drivers\MSPQM.sys (manual start)
Microsoft-Systemverwaltungs-BIOS-Treiber: System32\DRIVERS\mssmbios.sys (manual start)
RAS-NDIS-TAPI-Treiber: System32\DRIVERS\ndistapi.sys (manual start)
NDIS-Benutzermodus-E/A-Protokoll: System32\DRIVERS\ndisuio.sys (manual start)
RAS-NDIS-WAN-Treiber: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-Schnittstelle: System32\DRIVERS\netbios.sys (system)
NetBios über TCP/IP: System32\DRIVERS\netbt.sys (system)
Netzwerk-DDE-Dienst: %SystemRoot%\system32\netdde.exe (disabled)
Netzwerk-DDE-Serverdienst: %SystemRoot%\system32\netdde.exe (disabled)
Anmeldedienst: %SystemRoot%\System32\lsass.exe (manual start)
Netzwerkverbindungen: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT-LM-Sicherheitsdienst: %SystemRoot%\System32\lsass.exe (manual start)
Wechselmedien: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
Filtertreiber für IPX-Verkehr: System32\DRIVERS\nwlnkflt.sys (manual start)
Treiber für IPX-Verkehrsweiterleitung: System32\DRIVERS\nwlnkfwd.sys (manual start)
Treiber für parallelen Anschluss: System32\DRIVERS\parport.sys (manual start)
PCI-Bus-Treiber: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug & Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC-Dienste: %SystemRoot%\System32\lsass.exe (autostart)
WAN-Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Prozessortreiber: System32\DRIVERS\processr.sys (system)
Geschützter Speicher: %SystemRoot%\system32\lsass.exe (autostart)
QoS-Paketplaner: System32\DRIVERS\psched.sys (manual start)
Treiber für direkte Parallelverbindung: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Treiber für automatische RAS-Verbindung: System32\DRIVERS\rasacd.sys (system)
Verwaltung für automatische RAS-Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
RAS-Verbindungsverwaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remotezugriff-PPPOE-Treiber: System32\DRIVERS\raspppoe.sys (manual start)
Parallelanschluss (direkt): System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Treiber für Terminalserver-Geräteumleitung: System32\DRIVERS\rdpdr.sys (manual start)
Sitzungs-Manager für Remotedesktophilfe: C:\WINDOWS\system32\sessmgr.exe (manual start)
Filtertreiber für digitale CD-Audiowiedergabe: System32\DRIVERS\redbook.sys (system)
Routing und RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote-Registrierung: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
RPC-Locator: %SystemRoot%\System32\locator.exe (manual start)
Remoteprozeduraufruf (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS-RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Sicherheitskontenverwaltung: %SystemRoot%\system32\lsass.exe (autostart)
Smartcard-Hilfsprogramm: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smartcard: %SystemRoot%\System32\SCardSvr.exe (manual start)
Taskplaner: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Sekundäre Anmeldung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Systemereignisbenachrichtigung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum-Filtertreiber: System32\DRIVERS\serenum.sys (manual start)
Treiber für seriellen Anschluss: System32\DRIVERS\Seri*hier nicht!*.sys (system)
Windows-Firewall/Gemeinsame Nutzung der Internetverbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shellhardwareerkennung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP-Bus-Filter: System32\DRIVERS\sisagp.sys (system)
SiS-PCI-Fast Ethernet- Adaptertreiber: System32\DRIVERS\sisnic.sys (manual start)
Microsoft Kernel-Audiosplitter: system32\drivers\splitter.sys (manual start)
Druckwarteschlange: %SystemRoot%\system32\spoolsv.exe (autostart)
Filtertreiber für Systemwiederherstellung: System32\DRIVERS\sr.sys (system)
Systemwiederherstellungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP-Suchdienst: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
SSHDRV79: \??\C:\WINDOWS\system32\drivers\SSHDRV79.sys (system)
Windows-Bilderfassung (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
StyleXPHelper: \??\C:\Programme\TGTSoft\StyleXP\StyleXPHelper.exe (system)
StyleXPService: "C:\Programme\TGTSoft\StyleXP\StyleXPService.exe" (autostart)
Software-Bus-Treiber: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetablesynthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{7AB0E3A1-E69F-4948-924A-20341343FA30} (manual start)
Microsoft Kernel-Systemaudiogerät: system32\drivers\sysaudio.sys (manual start)
Leistungsdatenprotokolle und Warnungen: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP-Protokolltreiber: System32\DRIVERS\tcpip.sys (system)
Terminal-Gerätetreiber: System32\DRIVERS\termdd.sys (system)
Terminaldienste: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Designs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
Überwachung verteilter Verknüpfungen (Client): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Updatetreiber: System32\DRIVERS\update.sys (manual start)
Universeller Plug & Play-Gerätehost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Unterbrechungsfreie Stromversorgung: %SystemRoot%\System32\ups.exe (manual start)
Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller: System32\DRIVERS\usbehci.sys (manual start)
USB2-aktivierter Hub: System32\DRIVERS\usbhub.sys (manual start)
Miniporttreiber für Microsoft USB Open Host-Controller: System32\DRIVERS\usbohci.sys (manual start)
USB-Massenspeichertreiber: system32\DRIVERS\USBSTOR.SYS (manual start)
Miniporttreiber für universellen Microsoft USB-Hostcontroller: System32\DRIVERS\usbuhci.sys (manual start)
Virtual CD v7 Management Service: C:\Programme\HHVcdV7Sys\VC7SecS.exe (autostart)
VGA-Anzeigecontroller.: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volumeschattenkopie: %SystemRoot%\System32\vssvc.exe (manual start)
Windows-Zeitgeber: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
RAS-IP-ARP-Treiber: System32\DRIVERS\wanarp.sys (manual start)
Treiber für Microsoft WINMM-WDM-Audiokompatibilität: system32\drivers\wdmaud.sys (manual start)
Webclient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows-Verwaltungsinstrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Seriennummer der tragbaren Medien: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Treibererweiterungen für Windows-Verwaltungsinstrumentation: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI-Leistungsadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatische Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Konfigurationsfreie drahtlose Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Netzwerkversorgungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 34.372 bytes
Report generated in 0,157 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

und denn die hijackthis log....:

Logfile of HijackThis v1.99.1
Scan saved at 16:55:39, on 24.11.2005
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17AAC286-DCCD-17E4-B131-D81B07FA2E39} - C:\DOKUME~1\B0MBER~1\ANWEND~1\BOOKSE~1\rect base.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NetPumper] "D:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "D:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Gamer Mouse] C:\Programme\GamingCenter\GamingCenter\Panel.exe
O4 - HKLM\..\Run: [store bold drive bird] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Settingsmodestorebold\BikeGlobal.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [mealmess] C:\DOKUME~1\B0MBER~1\ANWEND~1\HOPECA~1\locks gram.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Brothers In Arms.LNK = E:\Programme\Brothers in Arms\brothers in arms 4 RR\Support\Register\RegistrationReminder.exe
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with NetPumper - D:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_download.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://de.msnusers.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_Crac*hier nicht!*.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Programme\HHVcdV7Sys\VC7SecS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#19 Hallo@goOsebumps

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O2 - BHO: (no name) - {17AAC286-DCCD-17E4-B131-D81B07FA2E39} - C:\DOKUME~1\B0MBER~1\ANWEND~1\BOOKSE~1\rect base.exe
O4 - HKLM\..\Run: [NetPumper] "D:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Gamer Mouse] C:\Programme\GamingCenter\GamingCenter\Panel.exe
O4 - HKLM\..\Run: [store bold drive bird] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Settingsmodestorebold\BikeGlobal.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [mealmess] C:\DOKUME~1\B0MBER~1\ANWEND~1\HOPECA~1\locks gram.exe
O8 - Extra context menu item: Download with NetPumper - D:\Programme\NetPumper\AddUrl.htm
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_download.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_Crac*hier nicht!*.cab

PC neustarten

deinstallieren:NetPumper+MessengerPlus! 3

Killbox
http://virus-protect.org/killbox.html
DelTree (include SubDirectories)
Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories).
Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht.

D:\Programme\NetPumper
D:\Programme\MessengerPlus! 3

------------------------------------------------------------------------
Killbox
Delete File on Reboot -- anhaken
reinkopieren:

C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
C:\WINDOWS\Downloaded Program Files\ISTactivex.dll

und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

----------------------------------------------------------------------

boote in den abgesicherten Modus...F8 druecken, wenn der PC hochfaehrt und melde dich als Administrator an

loeschen:
C:\Dokumente und Einstellungen\B0MBER~1\Anwendungsdaten\HOPECA....
C:\Dokumente und Einstellungen\B0MBER~1\Anwendungsdaten\BOOKSE....
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Settingsmodestorebold

-------------------------------------------------------------------------
wende CleanUp an
http://virus-protect.org/cleanup.html

Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:

Zitat

dir %Windir%\tasks /a h > files.txt
notepad files.txt

- Speichern als: findjobs.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text

wenn das alles erledigt ist....loeschen wir den Winfixer
__________
MfG Sabina

rund um die PC-Sicherheit

#20 dann hab ich dazu mal ne frage was ist so schlimm an messenger plus 3 und netpumper?

#21 kannst du sehen...der PC ist voellig verseucht......
und es wird dich viel Muehe kosten, das sauber zubekommen.... (solche Sachen haben auf einem PC nichts zu suchen....)

Trojaner TR/Swizzor, Lop Verseuchung
http://virus-protect.org/artikel/spyware/lop.html
__________
MfG Sabina

rund um die PC-Sicherheit

#22 okay aber wenn ich des versuch mit KillBox zu löschen dann sagt der mir immer File could not delete

#23 dann lass erst mal die killbox und arbeite alles weitere ab

deinstallieren :
D:\Programme\NetPumper
D:\Programme\MessengerPlus! 3
__________
MfG Sabina

rund um die PC-Sicherheit

#24 Joa ich glaub soweit bis auf des mit der KillBox hab ich nu alles gemacht glaub bzw. hoff ich mal das ich das richtig gemacht habe ^^ zumindest sind die zwei von dir angegebenen Ordner gelöscht und die bat datei hab ich auch erstellt und geöffnet hier dat log:


Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: A0EF-38FB

Verzeichnis von C:\WINDOWS\tasks

22.11.2005 17:06 <DIR> .
22.11.2005 17:06 <DIR> ..
25.11.2005 15:00 280 A627B49791C829DB.job
18.08.2001 11:00 65 desktop.ini
25.11.2005 16:18 6 SA.DAT
3 Datei(en) 351 Bytes

Verzeichnis von C:\Dokumente und Einstellungen\b0mberpil0t\Desktop

#25 Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:

Zitat

%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h A627B49791C829DB.job
del A627B49791C829DB.job

- Speichern als: remjob.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate remjob.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich kurz ist normal

wende CleanUp an
http://virus-protect.org/cleanup.html

Deaktivieren Wiederherstellung XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924

scanne mit escan
http://virus-protect.org/escan.html
dann kopiere hier den scanreport (, so wie unten auf meiner Seite erklaert ist)
__________
MfG Sabina

rund um die PC-Sicherheit

#26 --------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Wed Nov 23 19:52:01 2005 => System found infected with gain.gator Spyware/Adware ({21ffb6c0-0da1-11d5-a9d5-00500413153c})! Action taken: No Action Taken.
2: Wed Nov 23 19:52:01 2005 => System found infected with istbar Spyware/Adware ({42f2c9ba-614f-47c0-b3e3-ecfd34eed658})! Action taken: No Action Taken.
3: Wed Nov 23 19:52:01 2005 => System found infected with istbar Spyware/Adware ({7c559105-9ecf-42b8-b3f7-832e75edd959})! Action taken: No Action Taken.
4: Wed Nov 23 19:52:01 2005 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken.
5: Wed Nov 23 19:52:01 2005 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken.
6: Wed Nov 23 19:52:01 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
7: Wed Nov 23 19:52:01 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
8: Wed Nov 23 19:52:01 2005 => System found infected with istbar Spyware/Adware ({42f2c9ba-614f-47c0-b3e3-ecfd34eed658})! Action taken: No Action Taken.
9: Wed Nov 23 19:52:01 2005 => System found infected with istbar Spyware/Adware ({7c559105-9ecf-42b8-b3f7-832e75edd959})! Action taken: No Action Taken.
10: Wed Nov 23 19:52:43 2005 => System found infected with istbar Spyware/Adware ({67907b3c-a6ef-4a01-99ad-3fcd5f526429})! Action taken: No Action Taken.
11: Wed Nov 23 19:52:43 2005 => System found infected with istbar Spyware/Adware ({0985c112-2562-46f2-8da6-92648ba4630f})! Action taken: No Action Taken.
12: Wed Nov 23 19:52:44 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
13: Wed Nov 23 19:52:46 2005 => Offending file found: C:\WINDOWS\DOWNLO~1\istactivex.dll
14: Wed Nov 23 19:52:46 2005 => System found infected with isearchtech Spyware/Adware (istactivex.dll)! Action taken: No Action Taken.
15: Wed Nov 23 19:52:56 2005 => Offending file found: C:\Dokumente und Einstellungen\b0mberpil0t\Desktop\internet.lnk
16: Wed Nov 23 19:52:56 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.
17: Wed Nov 23 19:52:59 2005 => Offending file found: C:\WINDOWS\DOWNLO~1\ISTACT~1.DLL
18: Wed Nov 23 19:52:59 2005 => System found infected with xrenoder Spyware/Adware (C:\WINDOWS\DOWNLO~1\ISTACT~1.DLL)! Action taken: No Action Taken.
19: Wed Nov 23 19:55:35 2005 => File C:\!KillBox\YSBactivex.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
20: Wed Nov 23 20:15:54 2005 => File C:\WINDOWS\Downloaded Program Files\ISTactivex.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
21: Wed Nov 23 20:30:20 2005 => Scanning Folder: D:\Programme\AVPersonal\INFECTED\*.*
22: Wed Nov 23 20:30:20 2005 => Scanning File D:\Programme\AVPersonal\INFECTED\3P_1.EXE.VIR
23: Wed Nov 23 20:30:21 2005 => File D:\Programme\AVPersonal\INFECTED\3P_1.EXE.VIR tagged as "not-a-virus:AdWare.Win32.BetterInternet". Action Taken: No Action Taken.
24: Wed Nov 23 20:30:21 2005 => Scanning File D:\Programme\AVPersonal\INFECTED\YSB_PROMPT[1].HTM.VIR [**]

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Wed Nov 23 19:51:45 2005 => File C:\DOKUME~1\ALLUSE~1\ANWEND~1\SETTIN~1\BIKEGL~1.EXE tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken.
2: Wed Nov 23 19:55:25 2005 => File C:\!KillBox\Book Sect\rect base.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken.
3: Wed Nov 23 19:55:34 2005 => File C:\!KillBox\NetPumper\NetPumperFSG.exe tagged as "not-a-virus:AdWare.Win32.Gator.c". Action Taken: No Action Taken.
4: Wed Nov 23 19:55:35 2005 => File C:\!KillBox\NetPumper\ZM\minime.exe tagged as "not-a-virus:AdWare.Win32.Lop.ai". Action Taken: No Action Taken.
5: Wed Nov 23 19:55:35 2005 => File C:\!KillBox\NetPumper\ZM\NP_0001_1.exe tagged as "not-a-virus:AdWare.Win32.Lop.ai". Action Taken: No Action Taken.
6: Wed Nov 23 20:10:59 2005 => File C:\Programme\Save\Save.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bc". Action Taken: No Action Taken.
7: Wed Nov 23 20:10:59 2005 => File C:\Programme\Save\SaveUninst.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bc". Action Taken: No Action Taken.
8: Wed Nov 23 20:30:21 2005 => File D:\Programme\AVPersonal\INFECTED\3P_1.EXE.VIR tagged as "not-a-virus:AdWare.Win32.BetterInternet". Action Taken: No Action Taken.
9: Wed Nov 23 20:33:46 2005 => File D:\Programme\Gamers.IRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
10: Wed Nov 23 20:34:23 2005 => Scanning File D:\Programme\Media_Manager_2004\Icons\Tagged Image File Format.ico [**]
11: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\0A7CE430-7E23-4B9F-B505-BFA240\50BB44B1-1ECF-4917-B03D-B0CBB4 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
12: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\0A7CE430-7E23-4B9F-B505-BFA240\B296AD46-F6CC-4AE8-A56E-1731D6 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
13: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\1F2D0153-AC7B-4C6C-84EC-5A6A1A\A8AB0A7D-D7DF-4DF9-B1A0-F61663 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
14: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\1F2D0153-AC7B-4C6C-84EC-5A6A1A\E563655D-A323-4B04-97A6-C161B6 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
15: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\25206B3A-2281-4851-A211-8868C3\506F8DEF-3BEC-4A43-B539-B609E0 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
16: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\2B5D9902-4D37-4CF8-8D8C-399820\E7E4DBDB-E9AE-432D-B326-5EFF67 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
17: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\31A7B512-5047-411F-A193-26FD27\1C2A7397-E769-4C4F-B2BB-A49BC1 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
18: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\31A7B512-5047-411F-A193-26FD27\F92104F4-C32B-4B34-A0B5-65F5B0 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
19: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\35228169-0DF1-4ABB-B543-52A349\4C7E09DD-3BCA-4BB4-8846-98B705 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
20: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\35228169-0DF1-4ABB-B543-52A349\E0AF6AC3-E116-4518-89CF-2CBC31 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
21: Wed Nov 23 20:34:41 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\4D9B6E37-3D6D-4E41-B8C7-F90560\449CDCED-160A-4893-BC9B-5920E1 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
22: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\5E65AF58-2BD6-4B58-95DB-F06FF1\D63A7D5E-53AF-4263-B716-DD5B7A tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
23: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\5E9B74E8-D7B5-441C-8CC3-B6472D\7A29EF99-12FC-4107-AE4F-D2F8A4 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
24: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\5E9B74E8-D7B5-441C-8CC3-B6472D\C0419663-C444-48AF-BDEF-4EE354 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
25: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\83AEF279-4E79-4928-AE3E-8B06B4\350DF91C-F3AE-4A46-A818-203548 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
26: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\88A423B4-BD34-4465-9F69-616250\73E967D3-C654-4B69-BF94-8BFA1D tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
27: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\88A423B4-BD34-4465-9F69-616250\93E44D90-40D5-4B0E-B587-8D7E26 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
28: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\A5C953D9-C434-4DEB-AF1F-BBA204\53EDEB25-995F-473B-B01E-4304EF tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
29: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\A64FC5FE-68E0-492F-A627-822AC6\1EB90694-B101-4499-8ABC-A97CCB tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
30: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\A64FC5FE-68E0-492F-A627-822AC6\86B29366-9482-4F9E-8CD6-738AB1 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
31: Wed Nov 23 20:34:42 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\D513F990-AD18-4008-864B-75B1F5\562703BB-4EE4-4716-866C-ADFBBB tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
32: Wed Nov 23 20:34:43 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\D7E3A454-F4BC-4BA0-8257-2284E9\2C0F2BDF-DCA3-4632-B210-690A39 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
33: Wed Nov 23 20:34:43 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\E43C90E2-74EF-4E5F-9360-BD024C\3E49CDC2-C18A-49B3-AED5-9DCE56 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
34: Wed Nov 23 20:34:43 2005 => File D:\Programme\Microsoft AntiSpyware\Quarantine\E43C90E2-74EF-4E5F-9360-BD024C\7E7911FA-6041-4807-B2B3-D56FB0 tagged as "not-a-virus:AdWare.Win32.EliteBar.s". Action Taken: No Action Taken.
35: Wed Nov 23 20:34:44 2005 => File D:\Programme\NetPumper\NetPumperFSG.exe tagged as "not-a-virus:AdWare.Win32.Gator.c". Action Taken: No Action Taken.
36: Wed Nov 23 20:34:44 2005 => File D:\Programme\NetPumper\ZM\minime.exe tagged as "not-a-virus:AdWare.Win32.Lop.ai". Action Taken: No Action Taken.
37: Wed Nov 23 20:34:44 2005 => File D:\Programme\NetPumper\ZM\NP_0001_1.exe tagged as "not-a-virus:AdWare.Win32.Lop.ai". Action Taken: No Action Taken.
38: Wed Nov 23 20:38:24 2005 => File D:\System Volume Information\_restore{206CE547-DE36-4C7C-8E83-B425BEB7B88C}\RP17\A0008779.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
39: Wed Nov 23 20:41:06 2005 => File E:\girc432.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
40: Wed Nov 23 20:49:26 2005 => File E:\Treiber\xp_sp_22\Data\psshutdown.exe tagged as not-a-virus:RiskTool.Win32.PsShutdown.232. No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Wed Nov 23 19:35:18 2005 => ERROR!!! Invalid Entry = C:\DOKUME~1\B0MBER~1\ANWEND~1\BOOKSE~1\rect base.exe (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{17AAC286-DCCD-17E4-B131-D81B07FA2E39}). No Action Taken.
2: Wed Nov 23 19:35:26 2005 => ERROR!!! Invalid Entry MessengerPlus3 = "D:\Programme\MessengerPlus! 3\MsgPlus.exe" (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
3: Wed Nov 23 19:51:45 2005 => ERROR!!! Invalid Entry MessengerPlus3 = "D:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
4: Wed Nov 23 19:51:45 2005 => ERROR!!! Invalid Entry mealmess = C:\DOKUME~1\B0MBER~1\ANWEND~1\HOPECA~1\locks gram.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
5: Wed Nov 23 19:53:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\YSBactivex.dll". Action Taken: No Action Taken.
6: Wed Nov 23 19:53:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.
7: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.
8: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken.
9: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken.
10: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.
11: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.
12: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.
13: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken.
14: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.
15: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.
16: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.
17: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken.
18: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sve.nls". Action Taken: No Action Taken.
19: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.
20: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.
21: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken.
22: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.
23: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.
24: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.
25: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.
26: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.
27: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken.
28: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.
29: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.
30: Wed Nov 23 19:53:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.
No Action Taken.
71: Wed Nov 23 19:53:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\B0MBER~1\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken.
72: Wed Nov 23 19:53:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
73: Wed Nov 23 19:53:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\FlashFXP.exe" refers to invalid object "C:\DOKUME~1\B0MBER~1\LOKALE~1\Temp\Rar$EX00.109\FlashFXP.exe". Action Taken: No Action Taken.
74: Wed Nov 23 19:53:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Pandora_tomorrow.exe" refers to invalid object "D:\Programme\Splinter Cell\Splinter Cell Pandora Tomorrow\system\Pandora_tomorrow.exe". Action Taken: No Action Taken.
75: Wed Nov 23 19:53:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\RegCloneDVD2.exe" refers to invalid object "D:\Programme\CloneDVD2\RegCloneDVD2.exe". Action Taken: No Action Taken.
76: Wed Nov 23 19:53:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\VUGames\SWAT 4 Single Player Demo\Content\". Action Taken: No Action Taken.
77: Wed Nov 23 19:53:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\VUGames\SWAT 4 Single Player Demo\Content\System\". Action Taken: No Action Taken.
78: Wed Nov 23 19:53:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Call of Duty\uo\". Action Taken: No Action Taken.
79: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Bin32\". Action Taken: No Action Taken.
80: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\". Action Taken: No Action Taken.
81: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\Archive\". Action Taken: No Action Taken.
82: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\Carrier\". Action Taken: No Action Taken.
83: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\Cooler\". Action Taken: No Action Taken.
84: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\Rebellion\". Action Taken: No Action Taken.
85: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\Training\". Action Taken: No Action Taken.
86: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Levels\Treehouse\". Action Taken: No Action Taken.
87: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\FCData\". Action Taken: No Action Taken.
88: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\FCData\Localized\". Action Taken: No Action Taken.
89: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Support\". Action Taken: No Action Taken.
90: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\Support\Manual\". Action Taken: No Action Taken.
91: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Ubisoft\Crytek\Far Cry\PB\". Action Taken: No Action Taken.
92: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken.
93: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".000". Action Taken: No Action Taken.
94: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".001". Action Taken: No Action Taken.
95: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1". Action Taken: No Action Taken.
96: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".103". Action Taken: No Action Taken.
97: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acr". Action Taken: No Action Taken.
98: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".avd". Action Taken: No Action Taken.
99: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b3d". Action Taken: No Action Taken.
100: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BK3". Action Taken: No Action Taken.
101: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".c00". Action Taken: No Action Taken.
102: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".C03". Action Taken: No Action Taken.
103: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".c05". Action Taken: No Action Taken.
104: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".c06". Action Taken: No Action Taken.
105: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".c08". Action Taken: No Action Taken.
106: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".C17_0-". Action Taken: No Action Taken.
107: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cam". Action Taken: No Action Taken.
108: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/Para/ustedes/el/jueguito/CD1/". Action Taken: No Action Taken.
109: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/Para/ustedes/el/jueguito/Coluche%20-%20Integral%20-%20Cd1/". Action Taken: No Action Taken.
110: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/Para/ustedes/el/jueguito/New%20Folder/". Action Taken: No Action Taken.
111: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cts". Action Taken: No Action Taken.
112: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cue". Action Taken: No Action Taken.
113: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dcx". Action Taken: No Action Taken.
114: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/etpro10map/etadmin_mod/". Action Taken: No Action Taken.
115: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/etpro10map/etadmin_mod/addons/". Action Taken: No Action Taken.
116: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/etpro10map/etmain/". Action Taken: No Action Taken.
117: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/etpro10map/etpro/". Action Taken: No Action Taken.
118: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DIP". Action Taken: No Action Taken.
119: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".djvu". Action Taken: No Action Taken.
120: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dm_83". Action Taken: No Action Taken.
121: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dm_84". Action Taken: No Action Taken.
122: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dusd". Action Taken: No Action Taken.
123: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ecw". Action Taken: No Action Taken.
124: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ET". Action Taken: No Action Taken.
125: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".exe_0-". Action Taken: No Action Taken.
126: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fpx". Action Taken: No Action Taken.
127: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fsh". Action Taken: No Action Taken.
128: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".g3". Action Taken: No Action Taken.
129: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gba". Action Taken: No Action Taken.
130: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gsm". Action Taken: No Action Taken.
131: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".HQPv2". Action Taken: No Action Taken.
132: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ic1". Action Taken: No Action Taken.
133: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".icl". Action Taken: No Action Taken.
134: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ics". Action Taken: No Action Taken.
135: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iw44". Action Taken: No Action Taken.
136: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".j2k". Action Taken: No Action Taken.
137: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jp2". Action Taken: No Action Taken.
138: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpc". Action Taken: No Action Taken.
139: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpm". Action Taken: No Action Taken.
140: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kdc". Action Taken: No Action Taken.
141: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ldf". Action Taken: No Action Taken.
142: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lds". Action Taken: No Action Taken.
143: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lng". Action Taken: No Action Taken.
144: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LST". Action Taken: No Action Taken.
145: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lwf". Action Taken: No Action Taken.
146: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mds". Action Taken: No Action Taken.
147: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".med". Action Taken: No Action Taken.
148: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ngg". Action Taken: No Action Taken.
149: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nlm". Action Taken: No Action Taken.
150: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nol". Action Taken: No Action Taken.
151: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ogg_0-". Action Taken: No Action Taken.
152: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part1". Action Taken: No Action Taken.
153: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part11". Action Taken: No Action Taken.
154: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php?ctl=download_attachment&p[msgid]=05afae16ef31f906&p[folder]=INBOX&p[attachid]=2&p[hash]=35778308ddf001242dab600ae1dd2a6e&p[method]=view". Action Taken: No Action Taken.
155: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php?ctl=download_attachment&p[msgid]=9dea8cee7abc29c8&p[folder]=INBOX&p[attachid]=2&p[hash]=32801c06639f90b30baf87cf05ac518a&p[method]=view". Action Taken: No Action Taken.
156: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pk3". Action Taken: No Action Taken.
157: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".plr". Action Taken: No Action Taken.
158: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r33". Action Taken: No Action Taken.
159: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r35". Action Taken: No Action Taken.
160: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r36". Action Taken: No Action Taken.
161: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r37". Action Taken: No Action Taken.
162: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r42". Action Taken: No Action Taken.
163: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r46". Action Taken: No Action Taken.
164: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r47". Action Taken: No Action Taken.
165: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r50". Action Taken: No Action Taken.
166: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r53". Action Taken: No Action Taken.
167: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar_0-". Action Taken: No Action Taken.
168: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar_93187369-". Action Taken: No Action Taken.
169: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rgb". Action Taken: No Action Taken.
170: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".SAV". Action Taken: No Action Taken.
171: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sff". Action Taken: No Action Taken.
172: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken.
173: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv_0-". Action Taken: No Action Taken.
174: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfw". Action Taken: No Action Taken.
175: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sgi". Action Taken: No Action Taken.
176: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sid". Action Taken: No Action Taken.
177: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".so". Action Taken: No Action Taken.
178: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sun". Action Taken: No Action Taken.
179: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".SWC". Action Taken: No Action Taken.
180: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".swl". Action Taken: No Action Taken.
181: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".zip_0-". Action Taken: No Action Taken.
182: Wed Nov 23 19:53:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
183: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}". Action Taken: No Action Taken.
184: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WebGraphics Optimizer 4.2". Action Taken: No Action Taken.
185: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4A840E1E-2BA8-47de-923E-0E00407EB530}". Action Taken: No Action Taken.
186: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300311}". Action Taken: No Action Taken.
187: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}". Action Taken: No Action Taken.
188: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}". Action Taken: No Action Taken.
189: Wed Nov 23 19:53:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}". Action Taken: No Action Taken.
190: Wed Nov 23 19:53:09 2005 => Entry "HKCR\CLSID\{0D756DB8-E9F2-4FB3-BC4D-DD0C5513C02D}" refers to invalid object "D:\Programme\Adobe\Premiere Pro 1.5 Tryout\Plug-ins\de_DE\DXGenericRender.prm". Action Taken: No Action Taken.
191: Wed Nov 23 19:53:09 2005 => Entry "HKCR\CLSID\{17AAC286-DCCD-17E4-B131-D81B07FA2E39}" refers to invalid object "C:\DOKUME~1\B0MBER~1\ANWEND~1\BOOKSE~1\rect base.exe". Action Taken: No Action Taken.
192: Wed Nov 23 19:53:09 2005 => Entry "HKCR\CLSID\{2993E5DD-6A61-4776-B0FC-AFC4BE152D7C}" refers to invalid object "D:\Programme\Adobe\Premiere Pro 1.5 Tryout\Plug-ins\de_DE\DXDVSupport.prm". Action Taken: No Action Taken.
193: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{3181343b-94a2-4feb-adef-30a1dde617b4}" refers to invalid object "C:\WINDOWS\System32\wmvdmoe.dll". Action Taken: No Action Taken.
194: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\YSBactivex.dll". Action Taken: No Action Taken.
195: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{57671674-F46B-41FC-A7A5-73F95F94316F}" refers to invalid object "D:\Programme\Adobe\Premiere Pro 1.5 Tryout\Plug-ins\de_DE\DXGenericSource.prm". Action Taken: No Action Taken.
196: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{5D7182D6-50DE-4402-9A59-794B2BF257B3}" refers to invalid object "D:\Programme\Adobe\Premiere Pro 1.5 Tryout\Plug-ins\de_DE\DvControl.prm". Action Taken: No Action Taken.
197: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{5D96CF2B-4E6F-11D6-99FD-00B0D0B23EE4}" refers to invalid object "D:\Programme\ACE-HIGH MP3 WAV WMA OGG Converter\ID3Edit.dll". Action Taken: No Action Taken.
198: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{6394CA06-C8F8-4333-BFD5-33E7C65B3C75}" refers to invalid object "D:\Programme\Adobe\Premiere Pro 1.5 Tryout\Plug-ins\de_DE\DXAvSource.prm". Action Taken: No Action Taken.
199: Wed Nov 23 19:53:10 2005 => Entry "HKCR\CLSID\{647C2812-DFBB-4CAF-B1FD-1FE1083CAD96}" refers to invalid object "D:\Programme\Adobe\Premiere Pro 1.5 Tryout\Plug-ins\de_DE\DXCaptureSource.prm". Action Taken: No Action Taken.
200: Wed Nov 23 19:53:11 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
201: Wed Nov 23 19:53:11 2005 => Entry "HKCR\CLSID\{AA41EA17-FFB5-4A7C-BE4F-13BB9F9592A6}" refers to invalid object "C:\DOKUME~1\B0MBER~1\LOKALE~1\Temp\Rar$EX01.235\crack\Photoshop.exe /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken.
202: Wed Nov 23 19:53:12 2005 => Entry "HKCR\CLSID\{F1F9D19A-2E27-4B78-9D7A-3135C2D0DC04}" refers to invalid object "C:\PROGRA~1\Hello\Hello.exe". Action Taken: No Action Taken.
203: Wed Nov 23 19:53:12 2005 => Entry "HKCR\CLSID\{F50B3F10-19C4-11CF-AA9A-02608C9BABA2}" refers to invalid object "C:\WINDOWS\system32\FILTER.AX". Action Taken: No Action Taken.
204: Wed Nov 23 19:53:12 2005 => Entry "HKCR\TypeLib\{5D96CF21-4E6F-11D6-99FD-00B0D0B23EE4}" refers to invalid object "D:\Programme\ACE-HIGH MP3 WAV WMA OGG Converter\ID3Edit.dll". Action Taken: No Action Taken.
205: Wed Nov 23 19:53:12 2005 => Entry "HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\YSBactivex.dll". Action Taken: No Action Taken.
206: Wed Nov 23 19:53:13 2005 => Entry "HKCR\TypeLib\{B32DDB80-8AE9-4AFB-8217-3955440F88C2}" refers to invalid object "C:\Programme\Hello\Hello.exe". Action Taken: No Action Taken.
207: Wed Nov 23 19:53:13 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
208: Wed Nov 23 19:53:13 2005 => Entry "HKCR\TypeLib\{F3A9845E-6B2F-4F26-B52C-AFEFE4133610}" refers to invalid object "C:\DOKUME~1\B0MBER~1\LOKALE~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
209: Wed Nov 23 19:53:13 2005 => Entry "HKCR\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}" refers to invalid object "D:\Programme\NetPumper\NetPumperNNProxy.dll". Action Taken: No Action Taken.
210: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.
211: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.
212: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.det" refers to invalid object "DETFile". Action Taken: No Action Taken.
213: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.
214: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.
215: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.
216: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.
217: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.
218: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.frg" refers to invalid object "Access.Fragment". Action Taken: No Action Taken.
219: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken.
220: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.idc" refers to invalid object "idcfile". Action Taken: No Action Taken.
221: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.ldb" refers to invalid object "Access.LockFile.9". Action Taken: No Action Taken.
222: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.
223: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.
224: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
225: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.
226: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
227: Wed Nov 23 19:53:13 2005 => Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.
228: Wed Nov 23 19:53:13 2005 => Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
229: Wed Nov 23 19:53:14 2005 => Entry "HKCR\Bridge.Table.2" refers to invalid object "{321FF6F5-4917-AA85-CEC0-22C26668AF83}". Action Taken: No Action Taken.
230: Wed Nov 23 19:53:14 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
231: Wed Nov 23 19:53:14 2005 => Entry "HKCR\FlashFXP.Document\shell\open\command" refers to invalid object "C:\DOKUME~1\B0MBER~1\LOKALE~1\Temp\Rar$EX00.109\FlashFXP.exe %1". Action Taken: No Action Taken.
232: Wed Nov 23 19:53:14 2005 => Entry "HKCR\GunzReplay\shell\open\command" refers to invalid object "C:\Programme\MAIET\Gunz\Gunz.exe %1". Action Taken: No Action Taken.
233: Wed Nov 23 19:53:14 2005 => Entry "HKCR\hello\shell\open\command" refers to invalid object ""C:\Programme\Hello\Hello.exe" /o "%1"". Action Taken: No Action Taken.
234: Wed Nov 23 19:53:14 2005 => Entry "HKCR\HelloApplication\shell\open\command" refers to invalid object ""C:\Programme\Hello\Hello.exe" /o rss:"%1"". Action Taken: No Action Taken.
235: Wed Nov 23 19:53:15 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
236: Wed Nov 23 19:53:15 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
237: Wed Nov 23 19:53:15 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
238: Wed Nov 23 19:53:15 2005 => Entry "HKCR\MsgPlus.Encrypted\shell\open\command" refers to invalid object ""D:\Programme\MessengerPlus! 3\MsgPlus.exe" /LOG:%1". Action Taken: No Action Taken.
239: Wed Nov 23 19:53:15 2005 => Entry "HKCR\MsgPlus.SoundPack\shell\open\command" refers to invalid object ""D:\Programme\MessengerPlus! 3\MsgPlus.exe" /SNDPACK:%1". Action Taken: No Action Taken.
240: Wed Nov 23 19:53:16 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
241: Wed Nov 23 19:53:16 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
242: Wed Nov 23 19:53:16 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
243: Wed Nov 23 19:53:16 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
244: Wed Nov 23 19:53:16 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
245: Wed Nov 23 19:53:16 2005 => Entry "HKCR\steam\shell\open\command" refers to invalid object ""D:\Programme\SiX-Steam\Steam\Steam.exe" "%1"". Action Taken: No Action Taken.
246: Wed Nov 23 19:53:16 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
247: Wed Nov 23 19:53:16 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
248: Wed Nov 23 19:53:16 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
249: Wed Nov 23 19:53:16 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
250: Wed Nov 23 20:29:01 2005 => Result: ERROR!!! File D:\Downloads\Charlie.und.die.Schokoladenfabrik.TS.Mic.Dubbed.German.SVCD-MRM.rar is Not Scanned
251: Wed Nov 23 20:29:20 2005 => Result: ERROR!!! File D:\Downloads\Transporter.2.The.Mission.TS.Line.Dubbed.German.SVCD-TRCD.rar is Not Scanned
252: Wed Nov 23 20:39:42 2005 => Result: ERROR!!! File E:\Age of Methology\Age.Of.Empires.III-RELOADED.rar is Not Scanned
253: Wed Nov 23 20:39:45 2005 => Result: ERROR!!! File E:\Age of Methology\bb-lee.rar is Not Scanned
254: Wed Nov 23 20:39:53 2005 => Result: ERROR!!! File E:\Age of Methology\eve-lawrence.rar is Not Scanned
255: Wed Nov 23 20:39:56 2005 => Result: ERROR!!! File E:\Age of Methology\mrs-lee-mfst.rar is Not Scanned
256: Wed Nov 23 20:40:17 2005 => Result: ERROR!!! File E:\Aleks Sagt\tit-mvcd.rar is Not Scanned

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\!KillBox\YSBactivex.dll => Trojan-Downloader.Win32.IstBar.gen
2: C:\WINDOWS\Downloaded Program Files\ISTactivex.dll => Trojan-Downloader.Win32.IstBar.gen
3: D:\Programme\Gamers.IRC\mirc.exe => tagged:Client-IRC.Win32.mIRC.616.
4: D:\System Volume Information\_restore{206CE547-DE36-4C7C-8E83-B425BEB7B88C}\RP17\A0008779.exe => tagged:Client-IRC.Win32.mIRC.616.
5: E:\girc432.exe => tagged:Client-IRC.Win32.mIRC.616.
6: E:\Treiber\xp_sp_22\Data\psshutdown.exe => tagged:RiskTool.Win32.PsShutdown.232.

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Wed Nov 23 20:49:34 2005 => Total Objects Scanned: 152685
Wed Nov 23 20:49:34 2005 => Total Virus(es) Found: 70
Wed Nov 23 20:49:34 2005 => Total Errors: 256
Wed Nov 23 20:49:34 2005 => Virus Database Date: 2005/11/23
Wed Nov 23 20:49:34 2005 => Virus Database Count: 161224
Wed Nov 23 21:21:18 2005 => Total Objects Scanned: 152685
Wed Nov 23 21:21:18 2005 => Total Virus(es) Found: 70
Wed Nov 23 21:21:19 2005 => Total Errors: 256



so ich hoffe das ist so richtig :/

#27 loeschen:

C:\Dokumente und Einstellungen\b0mberpil0t\Desktop\internet.lnk

D:\Programme\NetPumper\NetPumperFSG.exe
D:\Programme\NetPumper\ZM\NP_0001_1.exe
D:\Programme\NetPumper\NetPumperNNProxy.dll
D:\Programme\NetPumper

C:\WINDOWS\Downloaded Program Files\ISTactivex.dll

C:\Programme\Save\Save.exe
C:\Programme\Save\SaveUninst.exe
C:\Programme\Save

C:\!KillBox\ <--leeren

scanne mit AdAware
http://virus-protect.org/adaware.html

--> aktiviere wieder sie Systemwiederherstellung

TuneUp 2006 (30 Tage free) Shareware
http://virus-protect.org/reinigungstoolsregistry.html
wende an:
Cleanup repair -- TuneUp Diskcleaner
Cleanup repair -- Registry Cleaner
__________
MfG Sabina

rund um die PC-Sicherheit

#28 was versteh ich unter killbox leeren?

#29

Zitat

C:\!KillBox\ <--leeren

C:\!KillBox\Book Sect\rect base.exe<---diesen und andere Eintraege loeschen
__________
MfG Sabina

rund um die PC-Sicherheit

#30
hallo ich habe auch das sch.... problem mit der winfixer 2005 werbung
könnt ihr mir helfen???bitte


Logfile of HijackThis v1.99.1
Scan saved at 18:30:54, on 24.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\slserv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\SurfAccuracy\SAcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Tweak-XP Pro 4\transtask.exe
C:\Programme\Tweak-XP Pro 4\AdBlocker.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\iTunes\iTunes.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Pi\Lokale Einstellungen\Temp\HijackThis.exe
C:\Programme\Norton AntiVirus\OPScan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mein Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Programme\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TransTask] "C:\Programme\Tweak-XP Pro 4\transtask.exe"
O4 - HKCU\..\Run: [BlockAds] "C:\Programme\Tweak-XP Pro 4\AdBlocker.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_Crac*hier nicht!*.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Dienst (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe