Spy Sheriff Desktop ändern |
||
---|---|---|
#0
| ||
16.12.2005, 15:05
Bernd85
zu Gast
|
||
|
||
16.12.2005, 16:09
Moderator
Beiträge: 7805 |
#2
Wie weit hast du dich durch diese Anleitung schon durchgearbeitet,
http://virus-protect.org/artikel/spyware/spyaxe.html dann koennen wir da weiterarbeiten. Schicke mir bitte den Link zu der "Cr*ck" Seite an virus@protecus.de __________ MfG Ralf SEO-Spam Hunter |
|
|
||
16.12.2005, 17:25
Bernd85
zu Gast
Themenstarter |
#3
Das soll ich hier hin schreiben:
smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key present! Running LTDFix/PSGuard.com fix! PSGuard.com key was successfully removed! spyaxe uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ P.S.Guard ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ oleext.dll logfiles ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ warnhp.html uninstIU.exe ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 772 'explorer.exe' Killing PID 772 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! Und das auch: Verzeichnis von C:\WINDOWS\system32 15.12.2005 22:20 42.496 msctl32.dll 11.12.2005 18:28 2.206 wpa.dbl 09.12.2005 01:21 2.723.680 MRT.exe 07.12.2005 14:10 20.480 H@tKeysH@@k.DLL 01.12.2005 04:31 1.492.480 shdocvw.dll 24.11.2005 00:58 3.013.632 mshtml.dll 24.11.2005 00:58 1.022.464 browseui.dll 19.11.2005 13:11 21.840 SIntfNT.dll 19.11.2005 13:11 17.212 SIntf32.dll 19.11.2005 13:11 12.067 SIntf16.dll 10.11.2005 16:45 295.664 FNTCACHE.DAT 09.11.2005 16:57 54.900 perfc009.dat 09.11.2005 16:57 396.632 perfh007.dat 09.11.2005 16:57 385.216 perfh009.dat 09.11.2005 16:57 66.090 perfc007.dat 09.11.2005 16:57 913.842 PerfStringBackup.INI 05.11.2005 04:16 606.208 urlmon.dll 05.11.2005 04:16 1.056.256 danim.dll 21.10.2005 04:40 664.064 wininet.dll 21.10.2005 04:40 474.112 shlwapi.dll 21.10.2005 04:40 146.432 msrating.dll 21.10.2005 04:40 530.944 mstime.dll 21.10.2005 04:40 448.512 mshtmled.dll 21.10.2005 04:40 39.424 pngfilt.dll 21.10.2005 04:40 96.768 inseng.dll 21.10.2005 04:40 251.392 iepeers.dll 21.10.2005 04:40 152.064 cdfview.dll 21.10.2005 04:40 205.312 dxtrans.dll 21.10.2005 04:40 55.808 extmgr.dll 20.10.2005 23:25 1.094.144 esent.dll 17.10.2005 20:58 65.536 QuickTimeVR.qtx 17.10.2005 20:57 49.152 QuickTime.qts 13.10.2005 00:11 15.584 spmsg.dll 06.10.2005 04:18 280.064 gdi32.dll 06.10.2005 04:08 1.839.616 win32k.sys 23.09.2005 04:06 8.491.520 shell32.dll 16.09.2005 13:55 1.186 $winnt$.inf 14.09.2005 20:17 143.360 pxmas.dll 14.09.2005 20:17 286.720 pxwave.dll 14.09.2005 20:17 53.248 pxhpinst.exe 14.09.2005 20:17 319.488 pxdrv.dll 14.09.2005 20:17 462.848 px.dll 14.09.2005 20:17 28.672 vxblock.dll 10.09.2005 02:54 2.067.968 cdosys.dll 01.09.2005 02:44 292.352 winsrv.dll 01.09.2005 02:44 19.968 linkinfo.dll 30.08.2005 04:55 1.292.800 quartz.dll 23.08.2005 04:39 124.416 umpnpmgr.dll 22.08.2005 19:31 197.632 netman.dll 04.08.2005 08:05 333 $ncsp$.inf Dieser Beitrag wurde am 16.12.2005 um 17:28 Uhr von Bernd85 editiert.
|
|
|
||
16.12.2005, 17:37
Moderator
Beiträge: 7805 |
#4
Hm, es befinden sich in dem Hauptverzeichniss von c: nochj ein paar mehr sys*.txt Dateien. du muesstest alle posten.
Benenne bitte folgende Dateien im abgesicherten Modus um: C:\WINDOWS\system32\msctl32.dll C:\WINDOWS\system32\H@tKeysH@@k.DLL C:\WINDOWS\system32\oleext.dll Danach bitte neu starten und ein Hijackthis log und silentrunner log posten. http://virus-protect.org/silentrunner.html __________ MfG Ralf SEO-Spam Hunter |
|
|
||
16.12.2005, 17:39
Bernd85
zu Gast
Themenstarter |
#5
Wie soll ich sie umbenennen?
Auf einem anderen Wege zum Komunizieren (icq) macht ihr aus Prinzip nicht? Das wäre einfacher... Wenn du willst kannst du es ja versuchen. Du kannst mich als "Bernd Mühlenbrock" finden. Wenn nicht auch egal. Ich finde es schon supergeil, dass mir wer hilft. Dieser Beitrag wurde am 16.12.2005 um 17:48 Uhr von Bernd85 editiert.
|
|
|
||
16.12.2005, 17:56
Moderator
Beiträge: 7805 |
#6
Lasse beim umbenennen einfach den letzten Buchstaben weg.........
wegen ICQ, nein, das machen wir eigentlich nicht, schau aber mal in mein Profil __________ MfG Ralf SEO-Spam Hunter |
|
|
||
16.12.2005, 17:56
Bernd85
zu Gast
Themenstarter |
#7
Willst du noch das alles?
Dieser Beitrag wurde am 16.12.2005 um 18:09 Uhr von Bernd85 editiert.
|
|
|
||
16.12.2005, 17:59
Moderator
Beiträge: 7805 |
||
|
||
16.12.2005, 18:00
Bernd85
zu Gast
Themenstarter |
#9
Was ist das? Und wo finde ich das? Ich habe nicht so den Peil...
Verzeichnis von C:\ 16.12.2005 18:33 0 sys.txt 16.12.2005 18:33 5.326 system.txt 16.12.2005 18:32 381 systemtemp.txt 16.12.2005 18:32 98.348 system32.txt 16.12.2005 17:42 528.011.264 hiberfil.sys 16.12.2005 17:42 792.723.456 pagefile.sys 16.12.2005 17:17 1.420 smitfiles.txt 06.12.2005 09:16 36 TEMP.TXT 29.11.2005 16:03 65.393 iTrip.xml 16.09.2005 13:54 211 boot.ini 25.07.2005 13:38 801 IPH.PH 25.07.2005 09:52 0 CONFIG.SYS 25.07.2005 09:52 0 IO.SYS 25.07.2005 09:52 0 AUTOEXEC.BAT 25.07.2005 09:52 0 MSDOS.SYS 04.08.2004 13:00 4.952 bootfont.bin 04.08.2004 13:00 47.564 NTDETECT.COM 04.08.2004 13:00 251.184 ntldr 18 Datei(en) 1.321.210.336 Bytes 0 Verzeichnis(se), 60.673.515.520 Bytes frei "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Mozilla Quick Launch" = ""C:\Programme\mozilla.org\Mozilla\Mozilla.exe" -turbo" ["Mozilla Foundation"] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"] "AOLDialer" = "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" ["America Online, Inc"] "AntivirusRegistration" = "C:\Programme\CA\Etrust Antivirus\Register.exe" [null data] "Realtime Monitor" = "C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s" ["Computer Associates International, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "RemoteControl" = ""C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "PCMService" = ""C:\Programme\Home Cinema\PowerCinema\PCMService.exe"" ["CyberLink Corp."] "NWEReboot" = (empty string) "ALDI_NORD_FotoSuite" = ""C:\Programme\ALDI Foto Service Nord\ALDI_Foto_Service\FotoSuite.exe" /autorun" ["MAGIX AG"] "Easy-PrintToolBox" = "C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."] "iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data] "AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" = "InoShell" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler" -> {CLSID}\InProcServer32\(Default) = "C:\StarOfficeUser\program\shlxthdl.dll" ["Sun Microsystems, Inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! "{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}" = "st3" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\st3.dll" [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] INFECTION WARNING! st3\DLLName = "C:\WINDOWS\system32\st3.dll" [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] InoShell\(Default) = "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] InoShell\(Default) = "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Bernd\Eigene Dateien\Eigene Bilder\Hintergrund.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\MM_BAH~1.SCR" (MM_Bahn_V3.scr) ["Manfred Meyer, Martin Meyer"] Startup items in "Bernd" & "All Users" startup folders: ------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [null data] "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {604E7FBD-473C-428D-87F9-630C36112E48}\ "ButtonText" = "MedionShop" "Exec" = "http://www.medionshop.de/" [file not found] HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.aldi.com Missing lines (compared with English-language version): [Strings]: 1 line HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Service, AntiVirService, ""C:\Programme\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"] AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] AOL Connectivity Service, AOL ACS, ""C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"" ["America Online, Inc."] CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"" [empty string] CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"" ["Cyberlink"] CyberLink Task Scheduler (CTS), CLSched, ""C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"" [empty string] eTrust Antivirus Realtime Server, InoRT, ""C:\Programme\CA\eTrust Antivirus\InoRT.exe"" ["Computer Associates International, Inc."] eTrust Antivirus RPC Server, InoRPC, ""C:\Programme\CA\eTrust Antivirus\InoRpc.exe"" ["Computer Associates International, Inc."] HTTP-SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} iPodService, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] X10 Device Network Service, x10nets, "C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe" ["X10"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor iP1600\Driver = "CNMLM75.DLL" ["CANON INC."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 29 seconds, including 8 seconds for message boxes) Dieser Beitrag wurde am 16.12.2005 um 18:53 Uhr von Bernd85 editiert.
|
|
|
||
Also: Das Problem dürfte mehr oder weniger bekannt sein:
Ich habe mir einen Crack aus dem Internet runtergeladen, der aber keiner war. Es war dieses tolle SpySheriff-Programm. Nun ja... Ich habe es runtergeworfen und dann auch den aktiven Desktop wieder beseitigt. Jetzt habe ich das Problem, dass ich meinen Hintergrund nicht mehr ändern kann, da ich im entsprechenden Menü nichts mehr anklicken kann.
Ich habe zu dem Thema schon viele Foren durchsucht und auch viel gefunden. Aber ich habe keine Ahnung, was ich machen soll. Auf formatieren habe ich kein Bock. Ich habe aber oft gesehen, dass Leute irgendwelche Listen gepostet haben. Weiß der Geier warum...
Naja... Vielleicht kann mir irgendwer (möglichst kleinschrittig) helfen und sagen, was ich machen muss.
Vielen Dank im Vorraus Bernd