suche treiber für die dvd laufwerke |
||
---|---|---|
#0
| ||
04.01.2007, 20:43
Member
Beiträge: 12 |
||
|
||
05.01.2007, 01:56
Ehrenmitglied
Beiträge: 29434 |
#2
Mfjd
1. Cleanup anwenden http://virus-protect.org/cleanup.html 2. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.01.2007, 19:37
Member
Themenstarter Beiträge: 12 |
#3
So, Clean Up! hab ich mit häckchen unter clean recycle bins, cookies, prefetch datein und all users durchgeführt (übrigens auch schon gestern, aber von gestern auf heut haben sich natürlich schon wieder cookies gesammelt).
der text von der listen.bat datei sieht so aus: Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\WINDOWS\Downloaded Program Files 10.12.2002 13:08 233.472 2DX.exe 10.12.2002 13:08 513 2Dxtreme Dialer.osd 30.01.2002 08:21 143.360 avsniff.dll 30.01.2002 08:21 626 AvSniff.inf 01.07.2003 09:58 241 CabSA.inf 16.07.2003 00:00 2.432 catalog.dat 09.09.2002 13:53 1.095 Cult.inf 24.01.2005 11:38 1.249 erma.inf 01.05.2003 12:19 137 installer.inf 10.07.2003 19:45 53.784 IWCHECK.DLL 20.02.2003 15:50 772 jinstall-1_4_1_02.inf 20.01.2000 14:25 1.162 Microsoft XML Parser for Java.osd 20.05.2004 13:36 237.568 MISBH.dll 09.05.2004 10:03 194 MISBH.INF 18.11.1999 12:49 992 msaudio.inf 26.03.2003 15:05 515 MulDist.inf 12.01.2000 15:07 6.854 navapi.vxd 12.01.2000 14:53 208.896 navapi32.dll 16.07.2003 00:00 120.024 naveng32.dll 16.07.2003 00:00 578.776 navex32a.dll 22.08.2000 12:18 744 NSupd9x.inf 05.11.2003 07:04 228 odyssey_webmoo.inf 13.09.2002 10:56 144 QTPlugin.inf 19.11.2002 14:50 8.751.174 QuickTimeInstallCache.qdat 01.07.2003 09:40 115.936 rufsi.dll 16.07.2003 00:00 72.944 scrauth.dat 09.11.2006 14:36 5.019 swflash.inf 16.07.2003 00:00 7.971 symaveng.cat 16.07.2003 00:00 902 symaveng.inf 16.07.2003 00:00 753 tcdefs.dat 16.07.2003 00:00 2.647 tcscan7.dat 16.07.2003 00:00 41.738 tcscan8.dat 16.07.2003 00:00 95.019 tcscan9.dat 16.07.2003 00:00 453 tinf.dat 16.07.2003 00:00 148 tinfidx.dat 16.07.2003 00:00 1.957 tinfl.dat 16.07.2003 00:00 22.268 tscan1.dat 16.07.2003 00:00 1.179 tscan1hd.dat 16.07.2003 00:00 5.382 v.grd 16.07.2003 00:00 2.225 v.sig 16.07.2003 00:00 106.236 virscan.inf 16.07.2003 00:00 803.273 virscan1.dat 16.07.2003 00:00 576.588 virscan2.dat 16.07.2003 00:00 142.248 virscan3.dat 16.07.2003 00:00 311.980 virscan4.dat 16.07.2003 00:00 70.612 virscan5.dat 16.07.2003 00:00 368.414 virscan6.dat 16.07.2003 00:00 811.467 virscan7.dat 16.07.2003 00:00 825.555 virscan8.dat 16.07.2003 00:00 737.565 virscan9.dat 16.07.2003 00:00 32 virscant.dat 20.07.2003 00:55 2.072 vscanmsx.dat 27.10.2002 18:32 3.024 wma9dmo.inf 27.10.2002 19:32 2.399 wmsp9dmo.inf 27.10.2002 18:32 3.036 wmv9dmo.inf 30.06.2003 21:41 1.689 WMV9VCM.inf 08.04.2003 09:20 199 wtinst.inf 26.05.2005 04:19 291 wuweb.inf 28.09.2001 15:24 651 Yahoo! Chat.osd 16.07.2003 00:00 224 zdone.dat 60 Datei(en) 15.489.048 Bytes 0 Verzeichnis(se), 1.959.522.304 Bytes frei Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\Programme Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\Dokumente und Einstellungen\dorninger 03.01.2007 17:16 <DIR> . 03.01.2007 17:16 <DIR> .. 24.11.2005 18:50 0 .gtk-bookmarks 30.03.2003 18:51 <DIR> .java 30.03.2003 18:51 <DIR> .jpi_cache 03.01.2007 01:01 853 .plugin141_02.trace 22.12.2001 12:35 <DIR> Application Data 26.05.2005 21:59 144 btdownloadgui_errors.log 30.10.2006 20:41 <DIR> Contacts 19.12.2006 19:08 126 default.pls 05.01.2007 19:30 <DIR> Desktop 05.01.2007 17:57 <DIR> Eigene Dateien 29.11.2006 16:33 <DIR> Favoriten 05.01.2007 19:27 17.084.416 ntuser.dat 20.09.2006 18:55 15.428 RefEdit.exd 30.01.2005 17:02 <DIR> Startmen 18.10.2001 21:41 <DIR> WINDOWS 15.07.2004 09:59 193.567 ~ 7 Datei(en) 17.294.534 Bytes 11 Verzeichnis(se), 1.959.518.208 Bytes frei Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\Program Files 05.10.2006 16:23 <DIR> . 05.10.2006 16:23 <DIR> .. 05.10.2006 16:23 <DIR> Electronic Arts 01.08.2006 11:32 <DIR> ICQLite 30.11.2006 20:28 <DIR> Mafia 14.03.2003 10:38 <DIR> webHancer 0 Datei(en) 0 Bytes 6 Verzeichnis(se), 1.959.514.112 Bytes frei Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\Dokumente und Einstellungen\dorninger\Lokale Einstellungen\Temporary Internet Files\Content.IE5 05.01.2007 19:29 2.097.152 index.dat 1 Datei(en) 2.097.152 Bytes 0 Verzeichnis(se), 1.959.514.112 Bytes frei Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\Dokumente und Einstellungen\dorninger\Lokale Einstellungen\Temp 05.01.2007 19:29 <DIR> . 05.01.2007 19:29 <DIR> .. 05.01.2007 19:25 <DIR> VBE 05.01.2007 19:29 512 ~DF2B10.tmp 05.01.2007 19:29 512 ~DF9043.tmp 05.01.2007 19:29 16.384 ~WRF0000.tmp 3 Datei(en) 17.408 Bytes 3 Verzeichnis(se), 1.959.514.112 Bytes frei Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\WINDOWS\Temp 05.01.2007 19:30 <DIR> . 05.01.2007 19:30 <DIR> .. 05.01.2007 19:27 255 WGAErrLog.txt 05.01.2007 19:28 409 WGANotify.settings 2 Datei(en) 664 Bytes 2 Verzeichnis(se), 1.959.514.112 Bytes frei Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\Temp 04.01.2007 19:32 <DIR> . 04.01.2007 19:32 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 1.959.514.112 Bytes frei Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\Programme 04.01.2007 19:58 <DIR> . 04.01.2007 19:58 <DIR> .. 08.09.2006 19:49 <DIR> ABC 06.06.2006 16:07 <DIR> Adobe 19.08.2006 18:12 <DIR> ahead 13.07.2005 13:28 <DIR> Ambient Design Ltd 04.01.2007 13:51 <DIR> AntiVir PersonalEdition Classic 18.04.2005 15:09 <DIR> ArcSoft 01.10.2004 13:36 <DIR> Bethesda Softworks 04.01.2007 16:34 <DIR> BillP Studios 10.07.2005 21:13 <DIR> BitTorrent 12.02.2004 20:18 <DIR> Borland 02.04.2005 16:25 <DIR> Canon 21.09.2006 19:27 <DIR> CleanUp! 07.09.2002 10:51 <DIR> Creative 18.10.2001 22:36 <DIR> CyberLink 05.01.2007 19:25 <DIR> DC++ 13.05.2003 16:47 <DIR> DivX 20.02.2004 18:24 <DIR> EA GAMES 09.01.2002 20:30 <DIR> EACOM 04.01.2007 20:08 <DIR> ewido anti-spyware 4.0 22.03.2005 00:11 <DIR> FLT 18.10.2001 21:41 <DIR> FoneSync 04.01.2007 18:14 <DIR> GDiVX Player 21.09.2006 20:29 <DIR> Gemeinsame Dateien 19.09.2006 15:33 <DIR> Google 31.08.2005 13:47 <DIR> Guitar Pro 4 Demo 24.02.2006 18:43 <DIR> Guitar Pro 5 28.04.2005 22:02 <DIR> HappyFoto 22.12.2001 10:04 <DIR> Hewlett-Packard 21.08.2006 14:14 <DIR> hp deskjet 845c series 01.08.2006 11:32 <DIR> ICQLite 01.05.2004 13:34 <DIR> Illustrate 18.10.2001 20:30 <DIR> Intel 29.12.2006 23:33 <DIR> Internet Explorer 24.08.2006 16:11 <DIR> IrfanView 22.12.2002 18:31 <DIR> Jasc Software Inc 30.03.2003 16:37 <DIR> Java 20.08.2006 17:33 <DIR> Java Web Start 10.09.2006 19:01 <DIR> Lavasoft 24.12.2001 18:55 <DIR> Liquid Entertainment 01.05.2005 12:16 <DIR> LucasArts 20.08.2006 17:33 <DIR> Messenger 06.07.2003 20:21 <DIR> Microsoft AutoRoute 18.10.2001 22:05 <DIR> Microsoft Encarta 18.10.2001 18:38 <DIR> microsoft frontpage 30.03.2003 11:07 <DIR> Microsoft Office 17.12.2006 13:40 <DIR> Microsoft Picture It! PhotoPub 21.08.2006 14:04 <DIR> Microsoft Works 18.10.2001 21:33 <DIR> Microsoft Works Suite 2001 20.11.2006 18:08 <DIR> Modem Optimizer 21.08.2006 14:04 <DIR> Movie Maker 27.05.2005 18:10 <DIR> MP3Gain 03.06.2005 16:03 <DIR> Mp3tag 31.01.2003 22:07 <DIR> MSN 18.10.2001 18:31 <DIR> MSN Gaming Zone 30.10.2006 17:49 <DIR> MSN Messenger 30.03.2003 14:10 <DIR> MSXML 4.0 11.07.2005 00:32 <DIR> MusicBrainz Tagger 24.10.2004 06:41 <DIR> NetMeeting 14.03.2003 10:38 <DIR> NetRatings 21.11.2005 19:59 <DIR> Norton AntiVirus 18.10.2001 18:34 <DIR> Online-Dienste 26.12.2006 21:57 <DIR> Opera7 14.12.2006 11:41 <DIR> Outlook Express 30.03.2003 11:08 <DIR> PowerPoint Viewer 07.11.2005 17:19 <DIR> QuickTime 22.12.2006 20:08 <DIR> Real 11.09.2006 17:36 <DIR> Real Alternative 20.08.2006 15:40 <DIR> RegCleaner 25.04.2006 13:31 <DIR> Return to Castle Wolfenstein 07.01.2005 19:48 <DIR> shizmoo 12.02.2004 20:33 <DIR> SiSoftware 17.11.2006 21:54 <DIR> Soulseek 11.07.2005 00:29 <DIR> Spybot - Search & Destroy 21.11.2005 20:00 <DIR> Symantec 04.01.2007 17:11 <DIR> Trojancheck 6 08.07.2005 23:44 <DIR> VideoLAN 30.10.2006 20:26 <DIR> Warcraft III 21.08.2006 15:03 <DIR> WC3Banlist 27.01.2005 17:23 <DIR> WebMarket Ltd 17.08.2004 14:18 <DIR> WildTangent 08.07.2006 01:57 <DIR> Winamp 04.01.2007 16:58 <DIR> Windows Defender 30.12.2006 20:48 <DIR> Windows Live Toolbar 21.08.2006 14:04 <DIR> Windows Media Player 24.10.2004 06:41 <DIR> Windows NT 16.11.2002 02:30 <DIR> WinMX 11.02.2006 15:15 <DIR> WinPcap 30.09.2004 13:21 <DIR> WinRAR 18.10.2001 18:38 <DIR> xerox 17.11.2003 16:40 <DIR> Xing 03.01.2007 14:36 <DIR> XviD 25.04.2006 13:32 <DIR> Yahoo! 0 Datei(en) 0 Bytes 94 Verzeichnis(se), 1.959.510.016 Bytes frei Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\Dokumente und Einstellungen\dorninger\Lokale Einstellungen\Anwendungsdaten 06.06.2006 16:12 <DIR> Adobe 19.08.2006 18:19 <DIR> Ahead 07.11.2005 17:20 <DIR> Apple Computer 05.01.2007 01:16 233.984 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 20.11.2006 19:29 67.960 GDIPFONTCACHEV1.DAT 19.09.2006 20:08 <DIR> Google 27.02.2002 16:58 <DIR> Help 23.01.2003 09:28 <DIR> Identities 20.08.2006 18:37 <DIR> LightScribe 04.01.2007 16:59 <DIR> Microsoft 17.08.2004 13:47 <DIR> Wildtangent 20.08.2006 12:20 <DIR> WMTools Downloaded Files 2 Datei(en) 301.944 Bytes 10 Verzeichnis(se), 1.959.510.016 Bytes frei Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\Dokumente und Einstellungen\dorninger\Anwendungsdaten 24.08.2006 13:43 <DIR> .ABC 3.01 25.05.2005 19:21 <DIR> .bittorrent 04.10.2003 17:52 <DIR> Adobe 25.09.2005 18:32 <DIR> AdobeUM 31.08.2006 06:30 <DIR> Ahead 07.11.2005 17:20 <DIR> Apple Computer 26.03.2002 18:26 <DIR> AquaNox 14.06.2005 22:21 <DIR> ArcSoft 05.01.2007 19:24 8.868 CleanUp!.log 10.09.2006 19:01 <DIR> COWON 04.10.2003 17:47 0 dm.ini 31.12.2006 11:42 <DIR> dvdcss 31.10.2006 11:57 67.960 GDIPFONTCACHEV1.DAT 25.09.2006 14:50 <DIR> Google 24.09.2006 19:25 <DIR> HappyFoto 22.12.2001 12:48 <DIR> Help 24.04.2004 19:33 <DIR> ICQ 11.11.2003 12:32 <DIR> ICQLite 23.01.2003 09:28 <DIR> Identities 18.10.2001 20:28 <DIR> InterTrust 05.09.2006 16:27 <DIR> IrfanView 10.09.2006 19:02 <DIR> Lavasoft 08.10.2004 18:41 <DIR> Macromedia 09.08.2003 13:20 <DIR> Microsoft Games 18.10.2001 21:44 <DIR> Microsoft Web Folders 03.06.2005 16:05 <DIR> Mp3tag 22.12.2006 20:14 <DIR> MSN6 13.06.2003 16:58 <DIR> My Documents 20.08.2006 18:37 <DIR> NeroDCTemplates 22.02.2004 19:21 <DIR> Opera 04.01.2007 18:27 <DIR> Real 20.07.2003 14:50 <DIR> Symantec 12.10.2003 14:17 <DIR> The Hobbit 12.10.2003 14:48 <DIR> The Hobbit Demo 08.07.2005 23:48 <DIR> vlc 04.01.2007 16:34 <DIR> WinPatrol 3 Datei(en) 76.828 Bytes 33 Verzeichnis(se), 1.959.505.920 Bytes frei Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten 30.10.2006 17:52 <DIR> . 30.10.2006 17:52 <DIR> .. 08.02.2006 14:29 305 addr_file.html 06.06.2006 16:10 <DIR> Adobe 19.08.2006 18:02 <DIR> Ahead 19.12.2006 11:10 <DIR> AntiVir PersonalEdition Classic 07.11.2005 17:15 <DIR> Apple Computer 20.09.2006 14:54 <DIR> Google 23.12.2001 16:53 <DIR> MSN6 11.09.2006 10:02 1.384 QTSBandwidthCache 19.11.2002 14:47 <DIR> QuickTime 10.09.2006 18:29 <DIR> Real 18.10.2001 20:12 <DIR> SBSI 11.07.2005 00:29 <DIR> Spybot - Search & Destroy 21.11.2005 20:02 <DIR> Symantec 25.07.2006 18:49 <DIR> Windows Genuine Advantage 30.10.2006 17:52 <DIR> Windows Live Toolbar 2 Datei(en) 1.689 Bytes 15 Verzeichnis(se), 1.959.505.920 Bytes frei Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\Programme\Gemeinsame Dateien 21.09.2006 20:29 <DIR> . 21.09.2006 20:29 <DIR> .. 31.05.2006 14:31 <DIR> Adobe 19.08.2006 18:02 <DIR> Ahead 30.03.2003 11:10 <DIR> Designer 21.09.2006 20:29 <DIR> Dienste 05.07.2003 07:53 <DIR> DirectX 25.04.2006 13:34 <DIR> InstallShield 19.08.2006 18:09 <DIR> LightScribe 22.12.2006 10:04 <DIR> Microsoft Shared 18.10.2001 18:33 <DIR> MSSoap 19.08.2006 18:06 <DIR> Nero 11.07.2005 00:03 <DIR> NSV 18.10.2001 19:26 <DIR> ODBC 04.01.2007 18:24 <DIR> Real 12.10.2003 14:12 <DIR> Sierra 18.10.2001 19:26 <DIR> SpeechEngines 21.11.2005 20:09 <DIR> Symantec Shared 14.12.2006 11:41 <DIR> System 04.02.2004 18:22 <DIR> Wise Installation Wizard 04.01.2007 18:25 <DIR> xing shared 0 Datei(en) 0 Bytes 21 Verzeichnis(se), 1.959.505.920 Bytes frei Datentr?ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C7C-9933 Verzeichnis von C:\Windows\tasks 05.01.2007 18:06 248 Auf Updates fr Windows Live Toolbar prfen.job 1 Datei(en) 248 Bytes 0 Verzeichnis(se), 1.959.505.920 Bytes frei |
|
|
||
06.01.2007, 01:52
Ehrenmitglied
Beiträge: 29434 |
#4
LSPfix
http://www.spychecker.com/program/lspfix.html schreib, welche dll du rechts oder links findest __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.01.2007, 15:13
Member
Themenstarter Beiträge: 12 |
#5
wie auf dem screenshot zu sehen steht auf der rechten seite nichts und auf der linen seite "mswsock.dll" "winrnr.dll" und "rsvpsp.dll"
|
|
|
||
06.01.2007, 15:37
Ehrenmitglied
Beiträge: 29434 |
#6
Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:gruene Ampel klicken + rechner wird neustarten »» C:\Program Files\webHancer - loeschen __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.01.2007, 20:47
Member
Themenstarter Beiträge: 12 |
#7
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\vgihgmxe ******************* Script file located at: \??\C:\WINDOWS\bdhphpxo.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\Downloaded Program Files\2DX.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\2Dxtreme Dialer.osd deleted successfully. Folder C:\Dokumente und Einstellungen\dorninger\Lokale Einstellungen\Anwendungsdaten\Wildtangent deleted successfully. Folder C:\Programme\WildTangent deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot_at deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cgtask Services deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadWare deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromulGate deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spybott lptt01 deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshost.exe deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\webHancer Agent deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\webhancer not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\webhancer failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
06.01.2007, 21:05
Ehrenmitglied
Beiträge: 29434 |
#8
««
http://virus-protect.org/reinigungstoolsregistry.html wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner «« scanne, lasse alles gefunene loeschen - und poste den scanreport http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.01.2007, 21:06
Member
Themenstarter Beiträge: 12 |
#9
Spyware Scan Details
Start Date: 07.01.2007 18:26:49 End Date: 07.01.2007 20:52:50 Total Time: 2 hrs 26 mins 1 secs Detected spyware FlashEnhancer Browser Plug-in more information... Details: FlashEnhancer is a Browser Helper Object that displays advertising popups while surfing the web. Status: Deleted Infected files detected c:\programme\flt\deisl1.isu c:\programme\flt\2000\data\cache\blank.txt c:\programme\flt\2000\data\cache\cache.snd c:\programme\flt\2000\data\config\activities.cfg c:\programme\flt\2000\data\config\classvar.cfg c:\programme\flt\2000\data\config\fs.cfg c:\programme\flt\2000\data\config\langdb.txt c:\programme\flt\2000\data\lessons\blank.txt c:\programme\flt\2000\data\mikesettings.txt c:\programme\flt\2000\data\patches\volumes\blank.txt c:\programme\flt\2000\data\profiles\guest\trsprefs.prf c:\programme\flt\2000\data\profiles\kimilsungfeatthecrazypa\trsprefs.prf c:\programme\flt\2000\data\profiles\kimilsungfeatthecrazypa\trstests.dat c:\programme\flt\2000\data\trsusers.db c:\programme\flt\2000\lib\fltoe\multimedia.cxt c:\programme\flt\2000\lib\fltoe\stream.cxt c:\programme\flt\2000\lib\fltoe\system.cxt c:\programme\flt\2000\lib\fltoe\text\filter.cxt c:\programme\flt\2000\lib\fltoe\text\inputdriver.cxt c:\programme\flt\2000\lib\fltoe\text\outputdriver.cxt c:\programme\flt\2000\lib\fltoe\text\unicodelib.cxt c:\programme\flt\2000\lib\fltoe\widget.cxt c:\programme\flt\2000\lib\locale\deu\help.cxt c:\programme\flt\2000\lib\locale\deu\login.cxt c:\programme\flt\2000\lib\locale\deu\machine.cxt c:\programme\flt\2000\lib\locale\deu\navbar.cxt c:\programme\flt\2000\lib\locale\deu\pronounce.cxt c:\programme\flt\2000\lib\locale\deu\settings.cxt c:\programme\flt\2000\lib\locale\deu\smslogin.cxt c:\programme\flt\2000\lib\locale\deu\strings.cxt c:\programme\flt\2000\lib\locale\deu\text.cxt c:\programme\flt\2000\lib\locale\eng\help.cxt c:\programme\flt\2000\lib\locale\eng\login.cxt c:\programme\flt\2000\lib\locale\eng\machine.cxt c:\programme\flt\2000\lib\locale\eng\navbar.cxt c:\programme\flt\2000\lib\locale\eng\pronounce.cxt c:\programme\flt\2000\lib\locale\eng\settings.cxt c:\programme\flt\2000\lib\locale\eng\smslogin.cxt c:\programme\flt\2000\lib\locale\eng\strings.cxt c:\programme\flt\2000\lib\locale\eng\text.cxt c:\programme\flt\2000\lib\locale\esp\help.cxt c:\programme\flt\2000\lib\locale\esp\login.cxt c:\programme\flt\2000\lib\locale\esp\machine.cxt c:\programme\flt\2000\lib\locale\esp\navbar.cxt c:\programme\flt\2000\lib\locale\esp\pronounce.cxt c:\programme\flt\2000\lib\locale\esp\settings.cxt c:\programme\flt\2000\lib\locale\esp\smslogin.cxt c:\programme\flt\2000\lib\locale\esp\strings.cxt c:\programme\flt\2000\lib\locale\esp\text.cxt c:\programme\flt\2000\lib\locale\fra\help.cxt c:\programme\flt\2000\lib\locale\fra\login.cxt c:\programme\flt\2000\lib\locale\fra\machine.cxt c:\programme\flt\2000\lib\locale\fra\navbar.cxt c:\programme\flt\2000\lib\locale\fra\pronounce.cxt c:\programme\flt\2000\lib\locale\fra\settings.cxt c:\programme\flt\2000\lib\locale\fra\smslogin.cxt c:\programme\flt\2000\lib\locale\fra\strings.cxt c:\programme\flt\2000\lib\locale\fra\text.cxt c:\programme\flt\2000\lib\locale\ita\help.cxt c:\programme\flt\2000\lib\locale\ita\login.cxt c:\programme\flt\2000\lib\locale\ita\machine.cxt c:\programme\flt\2000\lib\locale\ita\navbar.cxt c:\programme\flt\2000\lib\locale\ita\pronounce.cxt c:\programme\flt\2000\lib\locale\ita\settings.cxt c:\programme\flt\2000\lib\locale\ita\smslogin.cxt c:\programme\flt\2000\lib\locale\ita\strings.cxt c:\programme\flt\2000\lib\locale\ita\text.cxt c:\programme\flt\2000\lib\locale\ned\help.cxt c:\programme\flt\2000\lib\locale\ned\login.cxt c:\programme\flt\2000\lib\locale\ned\machine.cxt c:\programme\flt\2000\lib\locale\ned\navbar.cxt c:\programme\flt\2000\lib\locale\ned\pronounce.cxt c:\programme\flt\2000\lib\locale\ned\settings.cxt c:\programme\flt\2000\lib\locale\ned\smslogin.cxt c:\programme\flt\2000\lib\locale\ned\strings.cxt c:\programme\flt\2000\lib\locale\ned\text.cxt c:\programme\flt\2000\lib\locale\por\help.cxt c:\programme\flt\2000\lib\locale\por\login.cxt c:\programme\flt\2000\lib\locale\por\machine.cxt c:\programme\flt\2000\lib\locale\por\navbar.cxt c:\programme\flt\2000\lib\locale\por\pronounce.cxt c:\programme\flt\2000\lib\locale\por\settings.cxt c:\programme\flt\2000\lib\locale\por\smslogin.cxt c:\programme\flt\2000\lib\locale\por\strings.cxt c:\programme\flt\2000\lib\locale\por\text.cxt c:\programme\flt\2000\lib\locale\sve\help.cxt c:\programme\flt\2000\lib\locale\sve\login.cxt c:\programme\flt\2000\lib\locale\sve\machine.cxt c:\programme\flt\2000\lib\locale\sve\navbar.cxt c:\programme\flt\2000\lib\locale\sve\pronounce.cxt c:\programme\flt\2000\lib\locale\sve\settings.cxt c:\programme\flt\2000\lib\locale\sve\smslogin.cxt c:\programme\flt\2000\lib\locale\sve\strings.cxt c:\programme\flt\2000\lib\locale\sve\text.cxt c:\programme\flt\2000\lib\standard.cxt c:\programme\flt\2000\lib\themes\standard\login.graphics.cxt c:\programme\flt\2000\lib\themes\standard\machine.graphics.cxt c:\programme\flt\2000\lib\themes\standard\navbar.graphics.cxt c:\programme\flt\2000\lib\themes\standard\product.graphics.cxt c:\programme\flt\2000\lib\themes\standard\remotelogin.graphics.cxt c:\programme\flt\2000\lib\themes\standard\settings.graphics.cxt c:\programme\flt\2000\lib\themes\standard\shared.trsgui.cxt c:\programme\flt\2000\lib\titles\aentitles.cxt c:\programme\flt\2000\lib\titles\aratitles.cxt c:\programme\flt\2000\lib\titles\arvtitles.cxt c:\programme\flt\2000\lib\titles\asptitles.cxt c:\programme\flt\2000\lib\titles\chititles.cxt c:\programme\flt\2000\lib\titles\chstitles.cxt c:\programme\flt\2000\lib\titles\chttitles.cxt c:\programme\flt\2000\lib\titles\cymtitles.cxt c:\programme\flt\2000\lib\titles\dantitles.cxt c:\programme\flt\2000\lib\titles\deutitles.cxt c:\programme\flt\2000\lib\titles\ebrtitles.cxt c:\programme\flt\2000\lib\titles\engtitles.cxt c:\programme\flt\2000\lib\titles\esptitles.cxt c:\programme\flt\2000\lib\titles\fratitles.cxt c:\programme\flt\2000\lib\titles\hebtitles.cxt c:\programme\flt\2000\lib\titles\hevtitles.cxt c:\programme\flt\2000\lib\titles\hintitles.cxt c:\programme\flt\2000\lib\titles\indtitles.cxt c:\programme\flt\2000\lib\titles\itatitles.cxt c:\programme\flt\2000\lib\titles\jpntitles.cxt c:\programme\flt\2000\lib\titles\jpstitles.cxt c:\programme\flt\2000\lib\titles\jpttitles.cxt c:\programme\flt\2000\lib\titles\kaltitles.cxt c:\programme\flt\2000\lib\titles\kistitles.cxt c:\programme\flt\2000\lib\titles\kortitles.cxt c:\programme\flt\2000\lib\titles\lattitles.cxt c:\programme\flt\2000\lib\titles\mictitles.cxt c:\programme\flt\2000\lib\titles\nedtitles.cxt c:\programme\flt\2000\lib\titles\poltitles.cxt c:\programme\flt\2000\lib\titles\portitles.cxt c:\programme\flt\2000\lib\titles\rustitles.cxt c:\programme\flt\2000\lib\titles\sdetitles.cxt c:\programme\flt\2000\lib\titles\tebtitles.cxt c:\programme\flt\2000\lib\titles\tentitles.cxt c:\programme\flt\2000\lib\titles\testitles.cxt c:\programme\flt\2000\lib\titles\tfrtitles.cxt c:\programme\flt\2000\lib\titles\thatitles.cxt c:\programme\flt\2000\lib\titles\tintitles.cxt c:\programme\flt\2000\lib\titles\trutitles.cxt c:\programme\flt\2000\lib\titles\turtitles.cxt c:\programme\flt\2000\lib\titles\vietitles.cxt c:\programme\flt\2000\lib\trs\machine\audio.cxt c:\programme\flt\2000\lib\trs\machine\blank.aif c:\programme\flt\2000\lib\trs\machine\blank.mov c:\programme\flt\2000\lib\trs\machine\blank16.pct c:\programme\flt\2000\lib\trs\machine\blank8.pct c:\programme\flt\2000\lib\trs\machine\images16.cxt c:\programme\flt\2000\lib\trs\machine\text (fields).cxt c:\programme\flt\2000\lib\trs\machine\text.cxt c:\programme\flt\2000\lib\trs\trslib.cxt c:\programme\flt\2000\plugins\components\blocker\blocker.dxr c:\programme\flt\2000\plugins\components\config\config.dxr c:\programme\flt\2000\plugins\components\credits\credits.dxr c:\programme\flt\2000\plugins\components\credits\credits.trs c:\programme\flt\2000\plugins\components\end\end.dxr c:\programme\flt\2000\plugins\components\help\help.dxr c:\programme\flt\2000\plugins\components\inputmethods\simple.dxr c:\programme\flt\2000\plugins\components\kernel\kernel.dxr c:\programme\flt\2000\plugins\components\localewindow\localewindow.dxr c:\programme\flt\2000\plugins\components\login\login.dxr c:\programme\flt\2000\plugins\components\login\smslogin.dxr c:\programme\flt\2000\plugins\components\machine\machine.dxr c:\programme\flt\2000\plugins\components\navbar\navbar.dxr c:\programme\flt\2000\plugins\components\settings\settings.dxr c:\programme\flt\2000\plugins\components\splash\splash.dxr c:\programme\flt\2000\plugins\components\start\start.dxr c:\programme\flt\2000\plugins\components\system\tooltips\tooltips.dxr c:\programme\flt\2000\plugins\components\voice\blank.swa c:\programme\flt\2000\plugins\components\voice\earcast.cxt c:\programme\flt\2000\plugins\components\voice\pronounce.dxr c:\programme\flt\2000\plugins\components\voice\record.dxr c:\programme\flt\2000\plugins\xtras\blank.txt c:\programme\flt\2000\rose.ico c:\programme\flt\2000\rosetta.exe c:\programme\flt\2000\thumbs.db c:\programme\flt\2000\xtras\pc\filextra v205\filedocs.htm c:\programme\flt\2000\xtras\pc\filextra v205\filextra.doc c:\programme\flt\2000\xtras\pc\filextra v205\filextra.dxr c:\programme\flt\2000\xtras\pc\filextra v205\filextra.rtf c:\programme\flt\2000\xtras\pc\filextra v205\filextra.x32 c:\programme\flt\2000\xtras\pc\flt\budapi.x32 c:\programme\flt\2000\xtras\pc\flt\fltear.x32 c:\programme\flt\2000\xtras\pc\flt\fltxtra.x32 c:\programme\flt\2000\xtras\pc\flt\mastrapp.x32 c:\programme\flt\2000\xtras\pc\flt\popup.x32 c:\programme\flt\2000\xtras\pc\media support\fileio.x32 c:\programme\flt\2000\xtras\pc\media support\mui dialog.x32 c:\programme\flt\2000\xtras\pc\mix\swa import export.x32 Hot Action Dating Dialer Porn Dialer more information... Details: Hot Action Dating Dialer is a premium rate phone dialer for porn related web sites. Status: Deleted Infected files detected c:\windows\downloaded program files\nsupd9x.inf Private Access Plugin Porn Dialer more information... Details: Private Access Plugin is a premium-rate dialer that may be installed through pop-up ads, onexit code, browser exploits and more. Status: Deleted Infected files detected c:\windows\downloaded program files\installer.inf MoneyTree Porn Dialer more information... Details: MoneyTree is an ActiveX control used to download premium-rate dialers, generally for porn sites. Each time MoneyTree is run, on system startup, it tries to connect to a pornographic website. Status: Deleted Infected files detected c:\windows\downloaded program files\muldist.inf Infected registry entries detected HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj ClipGenie Adware (General) more information... Details: ClipGenie.com is a subscription-based entertainment portal that allows you to purchase and view movies on your computer. ClipGenie displays banner ads in its user interface and usually bundled with file sharing programs. Status: Deleted Infected files detected C:\MediaLoads\medialoads\media\channels\bikini\gui\bikpreview.wmv C:\MediaLoads\medialoads\media\channels\bikini\gui\icon.gif C:\MediaLoads\medialoads\media\channels\bikini\gui\icon_new.gif C:\MediaLoads\medialoads\media\channels\casino\gui\casinopreview.wmv C:\MediaLoads\medialoads\media\channels\casino\gui\icon.gif C:\MediaLoads\medialoads\media\channels\casino\gui\icon_new.gif C:\MediaLoads\medialoads\media\channels\celebs\gui\celebpreview.wmv C:\MediaLoads\medialoads\media\channels\celebs\gui\icon.gif C:\MediaLoads\medialoads\media\channels\celebs\gui\icon_new.gif C:\MediaLoads\medialoads\media\channels\comingsoon\gui\mid.gif C:\MediaLoads\medialoads\media\channels\extreme\gui\extpreview.wmv C:\MediaLoads\medialoads\media\channels\extreme\gui\icon.gif C:\MediaLoads\medialoads\media\channels\extreme\gui\icon_new.gif C:\MediaLoads\medialoads\media\channels\groovy\gui\icon.gif C:\MediaLoads\medialoads\media\channels\groovy\gui\icon_new.gif C:\MediaLoads\medialoads\media\channels\weird\gui\icon_new.gif C:\MediaLoads\medialoads\media\channels\weird\gui\wrdpreview.wmv C:\MediaLoads\medialoads\media\gui\player\f1_2b_categories.html C:\MediaLoads\medialoads\media\gui\player\player.html C:\MediaLoads\medialoads\media\gui\player\playerslices.htm C:\MediaLoads\medialoads\media\gui\player\scroller.swf Grokster P2P Program more information... Details: Grokster is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected files detected C:\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv NetRatings Premeter Potential Privacy Risk more information... Details: NetRatings collects statistics about users' web habits and reports them to a remote server. Status: Deleted Infected files detected C:\Programme\NetRatings\Premeter\prmt_update_en_1.0.4.0_STANDARD.exe KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected files detected D:\Kazaa\kzscan.dll D:\Kazaa\Help\mykazaa.css EGroup Sex Dialer Porn Dialer more information... Details: EGroup Sex Dialer is a program that changes your modem's dial-up settings and attempts to connect to a premium or international phone number to access adult material. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\interface\{901166a5-f137-4b27-bc4c-ca611debdced} HKEY_CLASSES_ROOT\interface\{901166a5-f137-4b27-bc4c-ca611debdced}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{901166a5-f137-4b27-bc4c-ca611debdced}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{901166a5-f137-4b27-bc4c-ca611debdced} _IEGDialHTMLEvents ComLoad Trojan Downloader more information... Details: ComLoad is an ActiveX control placed on web sites to load and run any type of executable files, notably premium-rate dialers. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\interface\{f5f779a9-24e5-4bcd-9ae5-6313d4b5ac24} HKEY_CLASSES_ROOT\interface\{f5f779a9-24e5-4bcd-9ae5-6313d4b5ac24}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{f5f779a9-24e5-4bcd-9ae5-6313d4b5ac24}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{f5f779a9-24e5-4bcd-9ae5-6313d4b5ac24} Iloader2 CWS.CameUp Hijacker more information... Details: CWS.CameUp is an adware application that hijacks the user's Internet Explorers start page, and prevents the user from changing the URL back to their preferred homepage. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Bar_bak HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page_bak HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Start Page_bak DownloadWare Adware (General) more information... Details: DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. It may be installed through an ActiveX control. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\mlh HKEY_LOCAL_MACHINE\software\mlh\dating RunCount 1 HKEY_LOCAL_MACHINE\software\mlh Guid D7D67ED86E714AAAB0C5CA002F073369 HKEY_LOCAL_MACHINE\software\mlh Version 9 HKEY_LOCAL_MACHINE\software\mlh InstallTime 1055315968 HKEY_LOCAL_MACHINE\software\mlh Country -- HKEY_LOCAL_MACHINE\software\mlh PrevTime 1058809075 HKEY_LOCAL_MACHINE\software\mlh PrevApp 2 HKEY_CURRENT_USER\software\medialoads HKEY_CURRENT_USER\software\medialoads\Enhanced\Params paramversion 1 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params poprate 7200 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params popdelay 30 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params updateinterval 345600 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params retryrate 86400 HKEY_CURRENT_USER\software\medialoads\Enhanced Guid 55FBD628909E43278780AF7C8A643948 HKEY_CURRENT_USER\software\medialoads\Enhanced Version 2 HKEY_CURRENT_USER\software\medialoads\Enhanced Register 0 HKEY_CURRENT_USER\software\medialoads\Enhanced PrevTime 1104835808 HKEY_CURRENT_USER\software\medialoads\Enhanced Cookie RF*TR_RF_SPMEDIAPOP|SU*#145:1103196791:1103196791:1101823350|PU*#145-1:11 03196791:1103196791:1101823350|LU*#145-1-46:1103196791:1103196791: 1101823350|AT*A:20530:1:1096026602_A:16791:9:1103196791_A:156 IST.ISTbar Hijacker more information... Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user's consent using an Internet Explorer toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main BandRest Never HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main BandRest Never Hot_be Porn Dialer more information... Details: It is a dialer, generally used to dial to porn sites. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\.gmst2 Content Type application/x-gmst2 HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-gmst2 Extension .gmst2 IST.XXXToolbar Toolbar more information... Details: IST.XXXToolbar is an adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj PluginAccess Porn Dialer more information... Details: PluginAccess is a premium-rate dialer that may be installed through popup ads, on exit code, browser exploits, and more. It can also cause browser instability. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\Interface\{F5F779A9-24E5-4BCD-9AE5-6313D4B5AC24} HKEY_CLASSES_ROOT\Interface\{F5F779A9-24E5-4BCD-9AE5-6313D4B5AC24}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{F5F779A9-24E5-4BCD-9AE5-6313D4B5AC24}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{F5F779A9-24E5-4BCD-9AE5-6313D4B5AC24} Iloader2 AvenueMedia.InternetOptimizer Browser Plug-in more information... Details: Internet Optimizer, also known as DyFuCA, is an adware application that hijacks the user's browser error page. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} HKEY_CLASSES_ROOT\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} IBHObj MediaMotor Trojan Downloader more information... Details: MediaMotor is a trojan downloader that downloads and installs additional malware and adware from remote servers. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\mm HKEY_LOCAL_MACHINE\software\mm\MP3ext Extensions .mp3 .mp2 .msf .l3p HKEY_LOCAL_MACHINE\software\mm\MP3ext PLSExtensions .m3u .pls HKEY_LOCAL_MACHINE\software\mm\MP3ext cacheMin 450 HKEY_LOCAL_MACHINE\software\mm\MP3ext cacheMax 500 Trojan.Win32.Kolweb.b Trojan more information... Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\mm HKEY_LOCAL_MACHINE\SOFTWARE\mm\MP3ext Extensions .mp3 .mp2 .msf .l3p HKEY_LOCAL_MACHINE\SOFTWARE\mm\MP3ext PLSExtensions .m3u .pls HKEY_LOCAL_MACHINE\SOFTWARE\mm\MP3ext cacheMin 450 HKEY_LOCAL_MACHINE\SOFTWARE\mm\MP3ext cacheMax 500 Cookie: ad.yieldmanager Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\dorninger\cookies\dorninger@ad.yieldmanager[1].txt Cookie: DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\dorninger\cookies\dorninger@doubleclick[1].txt Cookie: Hitbox.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\dorninger\cookies\dorninger@hitbox[2].txt Cookie: Mediaplex.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\dorninger\cookies\dorninger@mediaplex[1].txt Cookie: SageAnalyst Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\dorninger\cookies\dorninger@sageanalyst[1].txt Cookie: SexTracker.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\dorninger\cookies\dorninger@sextracker[1].txt Cookie: statcounter.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\dorninger\cookies\dorninger@statcounter[1].txt |
|
|
||
07.01.2007, 21:12
Ehrenmitglied
Beiträge: 29434 |
#10
Lade
WinsockFix (windows XP) + anwenden http://www.winsockfix.nl/ Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Folders to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» wenn du nach dem anwenden vom avenger nicht mehr ins net kommst, wende WinsockFix noch mal an __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.01.2007, 22:03
Member
Themenstarter Beiträge: 12 |
#11
werd ich gleich machen abe rmir ist nochetwas verdächtiges aufgefallen, ein ordner namens "netmeeting"
dateipfad ist C:\programme\netrmeeting die .exe datein in dem ordner heißen wb32.exe, cb32.exe und cfg.exe den netmeetings ordner hab ich bereits mit tuneup gelöscht aber es ging nicht so richtig, jetzt existiert der ordner noch immer abe rich kann ihn nicht öffnen. übrigens c:\program files\webhancer wurde ja schon beim ersten anwenden des anvengers gelöscht edit: okay, netmeeting ist anscheinend von microsoft also wohl keine bedrohung... dafür gibts noch einen eintrag den ich nicht kenn, und zwar der firm borland bzw. inprise corporation, scheint aberr aucvh nicht bösartiges zu sein... Dieser Beitrag wurde am 07.01.2007 um 22:14 Uhr von Mfjd editiert.
|
|
|
||
07.01.2007, 23:15
Ehrenmitglied
Beiträge: 29434 |
#12
wie geht es dem rechner ? ist die auslastung immer noch hoch ?
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.01.2007, 23:35
Member
Themenstarter Beiträge: 12 |
#13
Ich muss mich mal wieder bei dir bedanken, großes dankeschön der rechner ist jetzt wirklich um einiges schneller.
geh ich richtig der annahme dass wenn nach diesen schritten der rechner noch immer so langsam gewesen wäre, es nur an der hardware liegen hätte können? MfG Matthias |
|
|
||
07.01.2007, 23:51
Ehrenmitglied
Beiträge: 29434 |
#14
du kannst dir mal die Muehe machen und den Rechner aufschrauben - und den Staub aus den Lueftern pinseln (falls dort welcher ist ) - dann berichte
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.01.2007, 00:49
Member
Themenstarter Beiträge: 12 |
#15
ich hab noch ein großes problem, die treiber für die dvd laufwerke sind hin...
gibts irgendwelche möglichkeiten die wiederzubekommen? |
|
|
||
ichhab einen hijackthis verwendet und auswerten lassen, hat aber zu nichts geführt, hab aber nun auch einen combofix scan gemacht
ich sag schon mal dankeschön für die hilfe
mfg matthias
hier das combofix-log:
dorninger - 07-01-04 20:29:10.90 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Dokumente und Einstellungen\dorninger\Eigene Dateien\Programme\Neuer Ordner"
((((((((((((((((((((((((((((((( Files Created from 2006-12-04 to 2007-01-04 ))))))))))))))))))))))))))))))))))
2007-01-04 16:58 <DIR> d-------- C:\Programme\Windows Defender
2007-01-04 16:34 <DIR> d-------- C:\Programme\BillP Studios
2007-01-04 16:34 <DIR> d-------- C:\Dokumente und Einstellungen\dorninger\Anwendungsdaten\WinPatrol
2007-01-04 16:28 <DIR> d-------- C:\Programme\Trojancheck 6
2006-12-31 11:42 <DIR> d-------- C:\Dokumente und Einstellungen\dorninger\Anwendungsdaten\dvdcss
2006-12-11 16:21 <DIR> d-------- C:\^Musique_au_Laufwerk_C
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-04 20:08 -------- d-------- C:\Programme\ewido anti-spyware 4.0
2007-01-04 19:33 6978 --a------ C:\Dokumente und Einstellungen\dorninger\Anwendungsdaten\CleanUp!.log
2007-01-04 18:27 -------- d-------- C:\Dokumente und Einstellungen\dorninger\Anwendungsdaten\Real
2007-01-04 18:25 -------- d-------- C:\Programme\Gemeinsame Dateien\xing shared
2007-01-04 18:14 -------- d-------- C:\Programme\GDiVX Player
2007-01-04 13:51 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2007-01-03 14:36 -------- d-------- C:\Programme\XviD
2007-01-02 01:19 -------- d-------- C:\Programme\DC++
2006-12-30 20:48 -------- d-------- C:\Programme\Windows Live Toolbar
2006-12-29 23:33 -------- d-------- C:\Programme\Internet Explorer
2006-12-26 21:57 -------- d-------- C:\Programme\Opera7
2006-12-22 20:14 -------- d-------- C:\Dokumente und Einstellungen\dorninger\Anwendungsdaten\MSN6
2006-12-22 20:08 -------- d-------- C:\Programme\Real
2006-12-17 13:40 -------- d-------- C:\Programme\Microsoft Picture It! PhotoPub
2006-12-14 11:41 -------- d-------- C:\Programme\Outlook Express
2006-12-14 11:41 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-12-12 16:19 34304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-12-12 16:19 14848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-12-07 06:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-20 18:08 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-11-20 18:08 249856 --------- C:\WINDOWS\Setup1.exe
2006-11-20 18:08 -------- d-------- C:\Programme\Modem Optimizer
2006-11-17 21:54 -------- d-------- C:\Programme\Soulseek
2006-11-08 08:52 -------- d---s---- C:\Dokumente und Einstellungen\dorninger\Anwendungsdaten\Microsoft
2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:17 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-31 11:57 67960 --a------ C:\Dokumente und Einstellungen\dorninger\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-10-23 16:17 664576 --a------ C:\WINDOWS\system32\wininet(2).dll
2006-10-23 16:17 615936 --a------ C:\WINDOWS\system32\urlmon(2).dll
2006-10-23 16:17 474624 --a------ C:\WINDOWS\system32\shlwapi(2).dll
2006-10-23 16:17 448512 --a------ C:\WINDOWS\system32\mshtmled(3).dll
2006-10-23 16:17 1022976 --a------ C:\WINDOWS\system32\browseui(3).dll
2006-10-20 02:38 715776 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Symantec Network Driver Update Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
"Symantec NetDriver Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Symantec Network Driver Update Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
"Symantec NetDriver Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:ff,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\OFFICE~1\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^dorninger^Startmenü^Programme^Autostart^PowerReg Scheduler.exe]
"path"="C:\\Dokumente und Einstellungen\\dorninger\\Startmenü\\Programme\\Autostart\\PowerReg Scheduler.exe"
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"
"location"="Startup"
"command"="C:\\Dokumente und Einstellungen\\dorninger\\Startmenü\\Programme\\Autostart\\PowerReg Scheduler.exe"
"item"="PowerReg Scheduler"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bargains"
"hkey"="HKLM"
"command"="C:\\Programme\\Bargain Buddy\\bin2\\bargains.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cgtask Services]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cgtask"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\cgtask.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\CMEII\\CMESys.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadWare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dw"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DownloadWare\\dw.exe\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot_at]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hot_at"
"hkey"="HKLM"
"command"="C:\\Program Files\\GMSoft\\Dialers\\Hot_at\\Hot_at.exe /dontdial "
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb03"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb03.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Programme\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Washer Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iw"
"hkey"="HKCU"
"command"="C:\\Programme\\Internet Washer Pro\\iw.exe min"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="istsvc"
"hkey"="HKLM"
"command"="C:\\Programme\\ISTsvc\\istsvc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="D:\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="launcher"
"hkey"="HKLM"
"command"="\"C:\\Programme\\MLH\\launcher.exe\" /P"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dw"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DownloadWare\\dw.exe\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WksSb"
"hkey"="HKLM"
"command"="C:\\Programme\\Microsoft Works\\WksSb.exe /AllUsers"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKLM"
"command"="C:\\Programme\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Premeter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="prmt"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NETRAT~1\\Premeter\\prmt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromulGate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PgMonitr"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DelFin\\PromulGate\\PgMonitr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh EDN Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RSEDNClient"
"hkey"="HKCU"
"command"="C:\\Programme\\RSNet\\RSEDNClient.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spybott lptt01]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="spybott"
"hkey"="HKLM"
"command"="\"C:\\Programme\\spybott\\spybott.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSK Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winssk32"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\winssk32.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\Programme\\WeatherCast\\Weather.exe /q"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="whAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\webHancer\\Programs\\whAgent.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Winamp3\\winampa.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshost.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winshost"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\winshost.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GameChannel"
"hkey"="HKLM"
"command"="C:\\Programme\\WildTangent\\Apps\\GameChannel.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Auf Updates fr Windows Live Toolbar prfen.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
Completion time: 07-01-04 20:31:37.25
C:\ComboFix.txt ... 07-01-04 20:31
C:\ComboFix2.txt ... 07-01-04 19:39