PC streikt, Internet funktioniert nicht richtig |
||
---|---|---|
#0
| ||
17.02.2007, 22:34
Ehrenmitglied
Beiträge: 29434 |
||
|
||
17.02.2007, 22:55
Member
Themenstarter Beiträge: 18 |
#17
Danke!
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... aspack 12.05.2006 14:43:12 545280 C:\WINDOWS\flashax.exe Checking %System% folder... PEC2 10.08.2004 13:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc PEC2 01.10.2004 19:23:10 716800 C:\WINDOWS\SYSTEM32\DivX.dll PECompact2 01.10.2004 19:23:10 716800 C:\WINDOWS\SYSTEM32\DivX.dll PTech 19.06.2006 15:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll PECompact2 03.01.2007 00:19:44 10980776 C:\WINDOWS\SYSTEM32\MRT.exe aspack 03.01.2007 00:19:44 10980776 C:\WINDOWS\SYSTEM32\MRT.exe aspack 10.08.2004 13:00:00 733696 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 10.08.2004 13:00:00 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 16.02.2007 17:27:32 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe UPX! 16.02.2007 17:27:56 135168 C:\WINDOWS\SYSTEM32\swreg.exe UPX! 16.02.2007 17:27:56 40960 C:\WINDOWS\SYSTEM32\swsc.exe UPX! 16.02.2007 17:27:56 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe winsync 10.08.2004 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu PTech 19.06.2006 15:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 17.02.2007 11:29:36 S 2048 C:\WINDOWS\bootstat.dat 16.02.2007 22:30:24 H 54156 C:\WINDOWS\QTFont.qfn 17.02.2007 12:02:42 H 1024 C:\WINDOWS\system32\config\default.LOG 17.02.2007 11:29:42 H 1024 C:\WINDOWS\system32\config\SAM.LOG 17.02.2007 19:29:52 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 17.02.2007 22:45:26 H 1024 C:\WINDOWS\system32\config\software.LOG 17.02.2007 22:35:44 H 1024 C:\WINDOWS\system32\config\system.LOG 13.01.2007 10:35:54 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG 13.01.2007 09:04:26 S 1039 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 13.01.2007 09:04:26 S 126 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 28.01.2007 00:23:12 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\eadd4827-8e7c-4f1e-a137-9efbd6c0ddf7 28.01.2007 00:23:12 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred 01.02.2007 09:22:02 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\0d213e90-5bf8-40e8-affb-614bc977b6d6 01.02.2007 09:22:02 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 17.02.2007 11:29:40 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 10.08.2004 13:00:00 70656 C:\WINDOWS\SYSTEM32\access.cpl Realtek Semiconductor Corp. 16.12.2005 04:19:10 R 18776064 C:\WINDOWS\SYSTEM32\alsndmgr.cpl Microsoft Corporation 10.08.2004 13:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 10.08.2004 13:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl DataDesign AG 11.03.2005 15:04:26 692224 C:\WINDOWS\SYSTEM32\ddbaccpl.cpl DataDesign AG 11.03.2005 14:43:54 196608 C:\WINDOWS\SYSTEM32\ddbacctm.cpl Microsoft Corporation 10.08.2004 13:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 10.08.2004 13:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 10.08.2004 13:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 10.08.2004 13:00:00 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 10.08.2004 13:00:00 133120 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 10.08.2004 13:00:00 381440 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 10.08.2004 13:00:00 69632 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 10.08.2004 13:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 10.08.2004 13:00:00 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 10.08.2004 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 10.08.2004 13:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 10.08.2004 13:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 10.08.2004 13:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 10.08.2004 13:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 10.08.2004 13:00:00 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 10.08.2004 13:00:00 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 10.08.2004 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 10.08.2004 13:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 10.08.2004 13:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Realtek Semiconductor Corp. 16.12.2005 05:19:10 18776064 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\ALSNDMGR.CPL »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 19.07.2006 16:57:28 1741 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk 23.03.2006 14:12:32 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini 06.05.2006 11:38:50 725 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WWU.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 23.03.2006 13:56:02 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini 11.06.2006 13:50:54 1756 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 23.03.2006 14:12:32 HS 84 C:\Dokumente und Einstellungen\Susan\Startmenü\Programme\Autostart\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 23.03.2006 16:45:10 869 C:\Dokumente und Einstellungen\Susan\Anwendungsdaten\AdobeDLM.log 23.03.2006 13:56:02 HS 62 C:\Dokumente und Einstellungen\Susan\Anwendungsdaten\desktop.ini 23.03.2006 16:45:10 0 C:\Dokumente und Einstellungen\Susan\Anwendungsdaten\dm.ini 14.12.2006 15:13:08 1864 C:\Dokumente und Einstellungen\Susan\Anwendungsdaten\wklnhst.dat »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\InoShell {DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programme\CA\eTrust Antivirus\InoShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\InoShell {DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programme\CA\eTrust Antivirus\InoShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882} = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} SSVHelper Class = C:\Programme\Java\jre1.5.0_06\bin\ssv.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} Google Toolbar Helper = c:\programme\google\googletoolbar4.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\system32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {855F3B16-6D32-4fe6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll {2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar4.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} ButtonText = Recherchieren : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\system32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-Band = %SystemRoot%\system32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar4.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar4.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ehTray C:\WINDOWS\ehome\ehtray.exe ATIPTA "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" SynTPEnh C:\Programme\Synaptics\SynTP\SynTPEnh.exe AGRSMMSG AGRSMMSG.exe AOLDialer C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe Realtime Monitor C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s PestPatrol Control Center C-\PROGRA~1\PESTPA~1\PPControl.exe PPMemCheck C:\PROGRA~1\PESTPA~1\PPMemCheck.exe CookiePatrol C:\PROGRA~1\PESTPA~1\CookiePatrol.exe NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe SoundMan SOUNDMAN.EXE TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot QuickTime Task "C:\Programme\QuickTime\qttask.exe" -atboottime avgnt "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe MSMSGS "C:\Programme\Messenger\msmsgs.exe" /background updateMgr "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 swg C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TeaTimer hkey HKCU command C:\Programme\Spybot - Search & Destroy\TeaTimer.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID {17492023-C23A-453E-A040-C7C580BBF700} 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent = Ati2evxx.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon = WgaLogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 17.02.2007 22:50:44 |
|
|
||
17.02.2007, 23:02
Ehrenmitglied
Beiträge: 29434 |
#18
sorry, dass ich dich so mit Tool eindecke - aber ich finde NICHTS - absolut nichts.
besteht das problem ueberhaupt noch ? lade L2mfix (2.Proggie auf der Seite) http://virus-protect.org/l2mfix.html arbeite nur option 1 ab und poste das log __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.02.2007, 23:20
Member
Themenstarter Beiträge: 18 |
#19
Kein Problem, bin froh dass mir ueberhaupt jemand hilft.
Ja, das Problem besteht immer noch. Ich wundere mich auch schon, war kurz davor mal nachzufragen, ob du irgendwas gefunden hast. Hast du eine Idee, was ich sonst noch machen koennte? L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] "Logon"="WLEventLogon" "Logoff"="WLEventLogoff" "Startup"="WLEventStartup" "Shutdown"="WLEventShutdown" "StartScreenSaver"="WLEventStartScreenSaver" "StopScreenSaver"="WLEventStopScreenSaver" "Lock"="WLEventLock" "Unlock"="WLEventUnlock" "StartShell"="WLEventStartShell" "PostShell"="WLEventPostShell" "Disconnect"="WLEventDisconnect" "Reconnect"="WLEventReconnect" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000000 "SafeMode"=dword:00000001 "MaxWait"=dword:ffffffff "DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Event"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 00,00,27,48,dd,ea,7c,8e,1e,4f,a1,37,9e,fb,d6,c0,dd,f7,04,00,00,00,04,00,00,\ 00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,97,a3,87,e3,04,c7,40,a2,\ e3,bd,36,a4,4a,68,20,6a,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,7d,\ ac,25,72,25,8b,07,ae,d8,3d,16,06,b8,34,29,b7,b0,01,00,00,15,87,71,46,dc,9f,\ 5e,77,9f,fb,b9,a9,f5,7c,c5,0f,74,9b,4e,3d,22,ed,56,d7,36,3d,12,ae,ed,91,b5,\ 3e,94,b8,86,aa,aa,63,9e,a5,68,0c,1d,b7,89,d2,a8,a7,52,ca,c5,41,a7,fb,65,3f,\ e9,d5,5c,5f,77,9c,31,f6,71,50,1a,66,5f,d5,b4,38,71,0c,5b,e4,9f,e6,5a,ed,3c,\ bc,fe,7d,c2,b8,bd,c2,b8,c3,e7,39,14,89,cb,db,39,3e,f5,e8,e7,18,b3,86,29,04,\ 97,6d,01,0f,02,a3,53,cd,fa,37,aa,63,57,49,fc,0b,2d,01,69,ce,58,ee,27,0e,aa,\ de,44,a9,a7,f1,fd,44,ca,25,df,1e,eb,4b,fc,7e,58,8d,f6,c5,36,81,ae,dd,ae,d8,\ 79,48,01,53,3c,86,8d,3e,cb,c4,e2,06,91,f0,b8,4e,f4,8a,e4,d8,8e,45,97,1c,35,\ 3d,2e,b6,59,62,25,6f,94,28,98,01,61,75,6b,c3,01,a8,15,e5,4f,75,52,1c,3c,66,\ 26,a2,67,ae,e9,52,dc,3a,bc,ca,c9,ee,c0,47,42,9a,26,f6,b2,da,dc,10,62,31,de,\ 04,41,2d,00,e5,e5,15,be,d7,12,ad,08,78,33,97,b6,fb,37,2b,36,ba,26,93,18,cd,\ f2,ed,b2,e5,f4,30,d3,46,7c,a1,df,54,b6,67,d4,91,4f,85,79,e7,ca,01,14,7c,98,\ 64,ca,23,88,0c,58,ef,b0,12,71,85,fd,73,c0,c2,93,11,c3,b1,bd,f7,4b,b7,91,fe,\ 31,c5,95,15,90,b1,7c,42,d9,da,38,d5,f9,6f,97,99,93,52,a8,a5,b0,85,76,41,39,\ 21,78,c3,35,3e,c8,44,8a,95,74,b6,90,a2,6c,56,bc,5e,34,95,06,e9,14,05,cf,c4,\ e7,fe,22,59,cc,b7,b7,fe,41,79,b6,ce,70,c1,3c,82,ea,99,c8,79,72,b1,e1,c5,ce,\ 24,a6,a5,b3,0d,33,dc,e3,ef,15,00,38,6e,fa,e6,7e,57,76,d0,74,e6,60,c7,3a,91,\ 28,d4,fd,80,77,49,e1,41,6c,99,d7,d0,bd,74,22,fb,10,65,1c,15,f3,ec,72,f8,d2,\ 73,14,00,00,00,17,f2,f9,26,32,42,24,b7,d1,ef,7f,47,55,14,7e,97,f4,97,48,72 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschaftenseite fr vorherige Versionen" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorherige Versionen" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References" "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References" "{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{DCED20BE-3645-11D4-BC95-00C04F0E0588}"="InoShell" "{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler" "{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ wmvcore.dll Thu 7 Dec 2006 5:14:52 A.... 2.330.624 2,22 M 1 item found: 1 file, 0 directories. Total of file sizes: 2.330.624 bytes 2,22 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 4C1E-5722 Verzeichnis von C:\WINDOWS\System32 16.02.2007 17:21 <DIR> dllcache 06.04.2006 15:04 56 2246DFD473.sys 06.04.2006 15:04 5.642 KGyGaAvL.sys 30.03.2006 09:33 8 4212FAB396.sys 23.03.2006 14:16 <DIR> Microsoft 3 Datei(en) 5.706 Bytes 2 Verzeichnis(se), 50.151.112.704 Bytes frei |
|
|
||
17.02.2007, 23:22
Ehrenmitglied
Beiträge: 29434 |
#20
wie gesagt, ich finde nichts....
scanne und poste den scanreport http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.02.2007, 23:32
Member
Themenstarter Beiträge: 18 |
#21
Sorry, altbekanntes Problem: "...Seite kann nicht angezeigt werden" (Dein Link geht, aber die Seite wo es den Original Download gibt nicht).
Dieser Beitrag wurde am 17.02.2007 um 23:41 Uhr von susiee85 editiert.
|
|
|
||
18.02.2007, 12:48
Ehrenmitglied
Beiträge: 29434 |
#22
1.
Lade den Firefox als Alternativbrowser zum IE http://virus-protect.org/firefox.html 2. Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten --------------------------------------------------------------------- «« Counterspy http://www.sunbelt-software.com/CounterSpy-Download.cfm «« Browser verliert Internetverbindung - Aufruf von "www"-Seiten ist nicht mehr möglich, Ping funktioniert aber. Ebenso können Seiten über ihre IP-Adresse aufgerufen werden (PC ist im LAN, IP wird via DHCP zugeteilt): Abhilfe:: Bei der LAN-Verbindung: Eigenschaften von TCP/IP - Erweitert/DNS: Häkchen bei "Adressen dieser Verbindung in DNS registrieren" entfernen. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.02.2007, 14:37
Member
Themenstarter Beiträge: 18 |
#23
Der Link den du mir wegen Counterspy gegeben hast funktioniert zwar jetzt, aber ich kann Counterpsy immer noch nicht downloaden, da die folgende Seite sich nicht oeffnen laesst.
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\nasiuhis ******************* Script file located at: \??\C:\WINDOWS\system32\gisdjwqn.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Dokumente und Einstellungen\susan\Lokale Einstellungen\Temp\npobut.exe not found! Deletion of file C:\Dokumente und Einstellungen\susan\Lokale Einstellungen\Temp\npobut.exe failed! Could not process line: C:\Dokumente und Einstellungen\susan\Lokale Einstellungen\Temp\npobut.exe Status: 0xc0000034 File C:\Dokumente und Einstellungen\susan\Lokale Einstellungen\Temp\ginstall.dll not found! Deletion of file C:\Dokumente und Einstellungen\susan\Lokale Einstellungen\Temp\ginstall.dll failed! Could not process line: C:\Dokumente und Einstellungen\susan\Lokale Einstellungen\Temp\ginstall.dll Status: 0xc0000034 File C:\WINDOWS\IE4 Error Log.txt deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
|
||
18.02.2007, 14:52
Ehrenmitglied
Beiträge: 29434 |
#24
««
hast du den Firefox installiert ? «« Browser verliert Internetverbindung - Aufruf von "www"-Seiten ist nicht mehr möglich, Ping funktioniert aber. Ebenso können Seiten über ihre IP-Adresse aufgerufen werden (PC ist im LAN, IP wird via DHCP zugeteilt): Abhilfe:: Bei der LAN-Verbindung: Eigenschaften von TCP/IP - Erweitert/DNS: Häkchen bei "Adressen dieser Verbindung in DNS registrieren" entfernen. dann berichte, ob es besser laueft __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.02.2007, 14:57
Member
Themenstarter Beiträge: 18 |
#25
Jepp, Firefox ist installiert und das Haekchen hab ich auch entfernt.
Leider hat sich nichts geaendert und das Problem besteht immer noch. Kannst du einen Virus ausschliessen? |
|
|
||
18.02.2007, 15:02
Ehrenmitglied
Beiträge: 29434 |
#26
es kann...sein - dass es ein noch unbekannter Rootkit ist, den auch die Rootkitscanner nicht erkennen, eigenartig ist die Startseite mit dem w*w, anstelle www.
allerdings zeigen alle weiteren Logs ein www. es kann auch an deinem Winbond liegen, du solltest mal sehen, ob die treiber korrekt sind , nicht veraltet usw.. (im Geraetemanager nachpruefen) C:\Programme\winbond\w89c33 --------------- http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\wuauclt.exe - knnst du mit virustotal ueberpruefen. _________ poste dieses log http://virus-protect.org/artikel/tools/comboscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.02.2007, 15:39
Ehrenmitglied
Beiträge: 6028 |
#27
Vielleicht geht es mit Counterspy auch so http://go.sunbelt-software.com/?linkid=410
__________ MfG Argus |
|
|
||
18.02.2007, 15:52
Member
Themenstarter Beiträge: 18 |
#28
Hm, wegen dem Windbond, das scheint alles in Ordnung zu sein.
STATUS: FINISHEDComplete scanning result of "wuauclt.exe", received in VirusTotal at 02.18.2007, 15:43:22 (CET). Antivirus Version Update Result AntiVir 7.3.1.37 02.18.2007 no virus found Authentium 4.93.8 02.16.2007 no virus found Avast 4.7.936.0 02.18.2007 no virus found AVG 386 02.17.2007 no virus found BitDefender 7.2 02.18.2007 no virus found CAT-QuickHeal 9.00 02.16.2007 no virus found ClamAV devel-20060426 02.18.2007 no virus found DrWeb 4.33 02.18.2007 no virus found eSafe 7.0.14.0 02.18.2007 no virus found eTrust-Vet 30.4.3410 02.18.2007 no virus found Ewido 4.0 02.18.2007 no virus found Fortinet 2.85.0.0 02.18.2007 no virus found F-Prot 4.2.1.29 02.16.2007 no virus found F-Secure 6.70.13030.0 02.17.2007 no virus found Ikarus T3.1.0.31 02.18.2007 no virus found Kaspersky 4.0.2.24 02.18.2007 no virus found McAfee 4965 02.16.2007 no virus found Microsoft 1.2204 02.18.2007 no virus found NOD32v2 2068 02.18.2007 no virus found Norman 5.80.02 02.16.2007 no virus found Panda 9.0.0.4 02.18.2007 no virus found Prevx1 V2 02.18.2007 no virus found Sophos 4.14.0 02.18.2007 no virus found Sunbelt 2.2.907.0 02.17.2007 no virus found Symantec 10 02.18.2007 no virus found TheHacker 6.1.6.059 02.16.2007 no virus found UNA 1.83 02.16.2007 no virus found VBA32 3.11.2 02.17.2007 no virus found VirusBuster 4.3.19:9 02.17.2007 no virus found Aditional Information File size: 124184 bytes MD5: ebf1ab7e4fc05cabf2f4680d2a45f827 ComboScan v20070212.14 run by Susan on 2007-02-18 at 15:12:53 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis log (run as Susan.com) -------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 15:17:23, on 18.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehSched.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wbsecsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\ehome\ehtray.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\dllhost.exe C:\Programme\winbond\w89c33\wwu.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\Susan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KHQ7S1IF\comboscan[1].exe C:\DOKUME~1\Susan\LOKALE~1\Temp\~pqmyswi.tmp\Susan.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [PestPatrol Control Center] C-\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WWU.lnk = C:\Programme\winbond\w89c33\wwu.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143122975250 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NPOBUT - Unknown owner - C:\DOKUME~1\Susan\LOKALE~1\Temp\NPOBUT.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 0 ACPIEC (Microsoft Embedded Controllertreiber) - system32\DRIVERS\ACPIEC.sys 3 AgereSoftModem (Creatix 2.0 AC'97 Soft Modem) - system32\DRIVERS\AGRSM.sys 3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - system32\drivers\ALCXWDM.SYS 0 AliIde - system32\DRIVERS\aliide.sys 1 AmdK8 (AMD Athlon64-Prozessortreiber) - system32\DRIVERS\AmdK8.sys 3 Arp1394 (1394-ARP-Clientprotokoll) - system32\DRIVERS\arp1394.sys 3 ati2mtag - system32\DRIVERS\ati2mtag.sys 1 avgio - \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys 3 avgntflt - \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys 0 INO_FLPY - system32\Drivers\ino_flpy.sys 2 INO_FLTR - \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys 3 Iviaspi (IVI ASPI Shell) - system32\drivers\iviaspi.sys 3 MHNDRV (MHN-Treiber) - system32\DRIVERS\mhndrv.sys 3 NIC1394 (1394-Netzwerktreiber) - system32\DRIVERS\nic1394.sys 0 ohci1394 (Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller) - system32\DRIVERS\ohci1394.sys 0 Pcmcia - system32\DRIVERS\pcmcia.sys 0 PxHelp20 - System32\Drivers\PxHelp20.sys 3 Sfloppy (High-Capacity-Diskettenlaufwerk) - system32\DRIVERS\sfloppy.sys 3 SynTP (Synaptics TouchPad Driver) - system32\DRIVERS\SynTP.sys 3 ULI5261XP (ULi M526X Ethernet NT Driver) - system32\DRIVERS\ULILAN51.SYS 3 usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - system32\DRIVERS\usbehci.sys 3 usbohci (Miniporttreiber für Microsoft USB Open Host-Controller) - system32\DRIVERS\usbohci.sys 3 USBSTOR (USB-Massenspeichertreiber) - system32\DRIVERS\USBSTOR.SYS 3 W33ND (W89C33 mPCI 802.11 Wireless LAN Adapter Driver) - system32\DRIVERS\W33ND.SYS 3 wanatw (WAN Miniport (ATW)) - system32\DRIVERS\wanatw4.sys 1 wbsecdrv (wbsecdrv Protocol Driver) - system32\DRIVERS\wbsecdrv.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - C:\Programme\AntiVir PersonalEdition Classic\sched.exe 2 AntiVirService (AntiVir PersonalEdition Classic Guard) - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe 2 AOL ACS (AOL Connectivity Service) - "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" 3 aspnet_state (ASP.NET-Zustandsdienst) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 2 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe 3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 2 ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe 2 ehSched (Media Center-Planerdienst) - C:\WINDOWS\eHome\ehSched.exe 2 Fax - %systemroot%\system32\fxssvc.exe 3 gusvc (Google Updater Service) - "C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe" 3 IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe" 2 InoRPC (eTrust Antivirus RPC Server) - "C:\Programme\CA\eTrust Antivirus\InoRpc.exe" 2 InoRT (eTrust Antivirus Realtime Server) - "C:\Programme\CA\eTrust Antivirus\InoRT.exe" 2 InoTask (eTrust Antivirus Job Server) - "C:\Programme\CA\eTrust Antivirus\InoTask.exe" 2 LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe" 2 McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe 2 MDM (Machine Debug Manager) - "C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE" 3 MHN - %SystemRoot%\System32\svchost.exe -k netsvcs 3 NPOBUT - C:\DOKUME~1\Susan\LOKALE~1\Temp\NPOBUT.exe 3 ose (Office Source Engine) - "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE" 2 UleadBurningHelper (Ulead Burning Helper) - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe 3 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe 2 wbsecsvc - C:\WINDOWS\system32\wbsecsvc.exe /service 3 WMConnectCDS (Windows Media Connect-Dienst) - C:\Programme\Windows Media Connect 2\wmccds.exe -- Files created between 2007-01-18 and 2007-02-18 ------------------------------ 2007-02-18 14:05:43 0 d-------- C:\avenger 2007-02-18 13:48:10 0 d-------- C:\Programme\Mozilla Firefox<MOZILL~1> 2007-02-17 23:09:05 126976 --a------ C:\WINDOWS\system32\zip.exe<Unsigned: n/a> 2007-02-17 23:09:05 175616 --a------ C:\WINDOWS\system32\strings.exe<Unsigned: n/a> 2007-02-17 23:09:05 16384 --a------ C:\WINDOWS\system32\restart.exe<Unsigned: WareSoft Software> 2007-02-17 23:09:05 73728 --a------ C:\WINDOWS\system32\pv.exe<Unsigned: n/a> 2007-02-17 23:09:05 39184 --a------ C:\WINDOWS\system32\Ntrights.exe<Unsigned: n/a> 2007-02-17 23:09:05 11254 --a------ C:\WINDOWS\system32\locate.com 2007-02-16 18:04:29 0 d-------- C:\Dokumente und Einstellungen\Susan\OnlyOnRequest<ONLYON~1> 2007-02-16 17:29:26 2814 --a------ C:\WINDOWS\system32\tmp.reg 2007-02-16 17:28:57 79360 --a------ C:\WINDOWS\system32\swxcacls.exe<Unsigned: SteelWerX> 2007-02-16 17:28:57 40960 --a------ C:\WINDOWS\system32\swsc.exe<Unsigned: n/a> 2007-02-16 17:28:57 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe<Unsigned: S!Ri> 2007-02-16 17:28:57 51200 --a------ C:\WINDOWS\system32\dumphive.exe<Unsigned: n/a> 2007-02-16 17:28:32 135168 --a------ C:\WINDOWS\system32\swreg.exe<Unsigned: SteelWerX> 2007-02-16 17:28:32 53248 --a------ C:\WINDOWS\system32\Process.exe<Unsigned: http://www.beyondlogic.org> 2007-02-15 15:48:59 0 d-------- C:\SDFix 2007-02-13 23:40:11 0 d-------- C:\WINDOWS\pss 2007-02-13 15:09:46 14848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys<Unsigned: H+BEDV Datentechnik GmbH> 2007-02-13 15:09:46 32768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys<Unsigned: AVIRA GmbH> 2007-02-13 15:09:10 0 d-------- C:\Programme\AntiVir PersonalEdition Classic<ANTIVI~1> -- Find3M Report ---------------------------------------------------------------- 2007-02-18 14:04:30 0 d-------- C:\Programme\PestPatrol<PESTPA~1> 2007-02-18 13:49:01 0 d-------- C:\Dokumente und Einstellungen\Susan\Anwendungsdaten\Mozilla 2007-02-15 16:14:07 421620 --a------ C:\WINDOWS\system32\perfh007.dat 2007-02-15 16:14:07 77856 --a------ C:\WINDOWS\system32\perfc007.dat 2007-02-15 03:43:38 0 d-------- C:\Programme\Google 2007-02-14 15:01:48 0 d-------- C:\Programme\ICQLite 2007-02-13 15:02:31 0 d---s---- C:\Dokumente und Einstellungen\Susan\Anwendungsdaten\Microsoft<MICROS~1> 2007-01-19 16:23:57 0 d-------- C:\Dokumente und Einstellungen\Susan\Anwendungsdaten\Viewpoint<VIEWPO~1> 2006-12-14 15:13:06 1864 --a------ C:\Dokumente und Einstellungen\Susan\Anwendungsdaten\wklnhst.dat -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "updateMgr"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1" "swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "ATIPTA"="\"C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "AGRSMMSG"="AGRSMMSG.exe" "AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe" "Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s" "PestPatrol Control Center"="C-\\PROGRA~1\\PESTPA~1\\PPControl.exe" "PPMemCheck"="C:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe" "CookiePatrol"="C:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SoundMan"="SOUNDMAN.EXE" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TeaTimer" "hkey"="HKCU" "command"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" "inimapping"="0" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 -- End of ComboScan: finished at 2007-02-18 at 15:27:49 ------------------------- ComboScan v20070212.14 run by Susan on 2007-02-18 at 15:12:53 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ----------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: German CPU 0: Mobile AMD Sempron(tm) Processor 3300+ Percentage of Memory in Use: 43% Physical Memory (total/avail): 895.48 MiB / 502.54 MiB Pagefile Memory (total/avail): 2168.48 MiB / 1833.18 MiB Virtual Memory (total/avail): 2047.88 MiB / 1997.59 MiB C: is Fixed (NTFS) - 62.82 GiB total, 46.69 GiB free. D: is Fixed (FAT32) - 11.73 GiB total, 4.88 GiB free. E: is CDROM (CDFS) -- Security Center -------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is unknown. FirstRunDisabled is set. AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) [COLOR=RED]Outdated[/COLOR] -- Environment Variables -------------------------------------------------------- ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users APPDATA=C:\Dokumente und Einstellungen\Susan\Anwendungsdaten AVENGINE=C:\PROGRA~1\CA\SHARED~1\SCANEN~1 CLASSPATH=C:\Programme\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Programme\Gemeinsame Dateien COMPUTERNAME=SUSI ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Dokumente und Einstellungen\Susan INOCULAN=C:\PROGRA~1\CA\ETRUST~1 LOGONSERVER=\\SUSI NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Programme\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\QuickTime\QTSystem\;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;;C:\PROGRA~1\GEMEIN~1\MUVEET~1\030625 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2c02 ProgramFiles=C:\Programme PROMPT=$P$G QTJAVA=C:\Programme\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOKUME~1\Susan\LOKALE~1\Temp TMP=C:\DOKUME~1\Susan\LOKALE~1\Temp USERDOMAIN=SUSI USERNAME=Susan USERPROFILE=C:\Dokumente und Einstellungen\Susan windir=C:\WINDOWS -- User Profiles ---------------------------------------------------------------- Susan (admin) Administrator (admin) -- Add/Remove Programs ---------------------------------------------------------- --> "C:\Programme\InstallShield Installation Information\{3AD59E07-5D54-4142-8505-62889FEDFA59}\setup.exe" REMOVEALL --> C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNNMP.exe /UNINSTALL --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FA7621DC-7144-4A24-973C-B9BC0E945628}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Download Manager 2.0 (Nur entfernen) --> "C:\Programme\Gemeinsame Dateien\Adobe\ESD\uninst.exe" Adobe Reader 7.0.8 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70700000002} ALDI Online Druck Service (Sued) --> C:\PROGRA~1\ALDION~1\ALDI_ODS\UNWISE.EXE C:\PROGRA~1\ALDION~1\ALDI_ODS\INSTALL.LOG ALDI Sued Foto Manager (D) --> C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Manager\instslct.exe ALDI Sued Foto Service (D) --> C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\instslct.exe AOL Coach Version 1.0(Build:20040229.1 de) --> "C:\Programme\Gemeinsame Dateien\aolshare\Coach\AolCInUn.exe" -lang="de-de" AOL Deutschland --> C:\Programme\Gemeinsame Dateien\aolshare\Aolunins_de.exe AOL Meine Fotos Bildschirmschoner --> C:\Programme\Gemeinsame Dateien\AOL\Screensaver\uninst_ygpss.exe AOL Optimized Dial-In --> "C:\Programme\Gemeinsame Dateien\AOL\ACS\AcsUninstall.exe" /c Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x7 ATI - Dienstprogramm zur Deinstallation der Software --> C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean ATI Systemsteuerung --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" Avira AntiVir PersonalEdition Classic --> C:\Programme\AntiVir PersonalEdition Classic\setup.exe /REMOVE CA eTrust Antivirus --> MsiExec.exe /X{CC55BD24-C1A6-4397-8EA3-2F30E74BDA2B} Creatix 2.0 AC'97 Modem --> agrsmdel DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Pro --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX User Guide --> C:\Programme\DivX\DivXUserGuideUninstall /USERGUIDE Google Earth --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x7 -removeonly Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programme\google\googletoolbar4.dll" HijackThis 1.99.1 --> C:\DOKUME~1\Susan\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis[1].zip\HijackThis.exe /uninstall Hotfix für Windows XP (KB888795) --> "C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe" Hotfix für Windows XP (KB891593) --> "C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe" Hotfix für Windows XP (KB899337) --> "C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe" Hotfix für Windows XP (KB899510) --> "C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe" Hotfix für Windows XP (KB902841) --> "C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe" Hotfix für Windows XP (KB912024) --> "C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe" ICQ Toolbar --> regsvr32 /u /s "C:\Programme\ICQToolbar\toolbaru.dll" InterVideo MediaOne Gallery --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{34F0D55F-C386-4195-9A5B-961D3F6ACD46}\setup.exe" REMOVEALL InterVideo WinDVD 7 --> "C:\Programme\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL IrfanView (remove only) --> C:\Programme\IrfanView\iv_uninstall.exe J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Language pack for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG Learn2 Player (Uninstall Only) --> C:\Programme\Learn2.com\StRunner\stuninst.exe LetsTrade Komponenten --> C:\WINDOWS\fpuninst.exe -uninstall:"c:\programme\letstrade\uninst\uninst.ini" Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log MEDION Fotos auf CD Sued (D) --> C:\Programme\ALDI Sued Foto Service\MEDION_Fotos_auf_CD\instslct.exe Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9} Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120407-6000-11D3-8CFE-0150048383C9} Microsoft Windows-Journal-Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Microsoft Works --> MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3} Mozilla Firefox (2.0) --> C:\Programme\Mozilla Firefox\uninstall\uninst.exe MSN Messenger 7.5 --> MsiExec.exe /I{0D93041A-03EC-11DA-BFBD-00065BBDC0B5} Nero Suite --> C:\Programme\Gemeinsame Dateien\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726} PLAYMOBIL-Rasenschoner Screen Saver --> C:\WINDOWS\PLAYMOBIL-Rasenschoner.scr /u QuickTime --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1031 RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7 -removeonly Sicherheitsupdate für Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe" Skype 2.0 --> "C:\Programme\Skype\Phone\unins000.exe" SmartSound Quicktracks Plugin --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} Spybot - Search & Destroy 1.4 --> "C:\Programme\Spybot - Search & Destroy\unins000.exe" Synaptics Pointing Device Driver --> rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Ulead FilmBrennerei 4.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}\setup.exe" -l0x7 Ulead PhotoImpact 8 SE --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3D960387-76B3-4758-BAF7-D156B14A032F}\setup.exe" -l0x7 Ulead VideoStudio 9.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}\setup.exe" -l0x7 ULi LAN Driver --> C:\WINDOWS\system32\UnLAN.EXE RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{143BE018-D8F8-4014-8CB6-AF63F5799D21}\Setup.exe" -uninst Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update für Windows XP (KB900930) --> "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe" Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Update für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update für Windows XP (KB912945) --> "C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe" Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update Rollup 2 für Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe videon --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{261D0486-9127-4071-BA1D-FE784310752E}\Setup.exe" -l0x7 Viewpoint Media Player --> C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Winbond WLAN --> C:\PROGRA~1\winbond\w89c33\UNWISE.EXE C:\PROGRA~1\winbond\w89c33\INSTALL.LOG Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Encoder 9-Reihe --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9-Reihe --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP-Hotfix - KB887797 --> C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP-Hotfix - KB895961 --> "C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB912067 --> "C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe" Windows XP Media Center Edition Screen Saver Screen Saver --> C:\WINDOWS\system32\WINDOW~1.SCR /U WISO Mein Geld 2006 Professional --> MsiExec.exe /I{20FD5B04-CE35-4F5B-A2F3-6D9FD644EB70} -- End of ComboScan: finished at 2007-02-18 at 15:27:49 ------------------------- |
|
|
||
18.02.2007, 16:40
Ehrenmitglied
Beiträge: 29434 |
#29
es ist alles i.o.- ich finde NICHTS
versuche noch mal mit dem Link von Arnold an den Counterspy zu kommen - poste dann hier den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.02.2007, 12:33
Member
Themenstarter Beiträge: 18 |
#30
Also ich hab jetzt mal einen schnellen Systemscan mit Counterspy gemacht, weil es bei dem anderen Scan einfach nicht klappt.
Koennte eigentlich eine Systemwiederherstellung etwas bringen? Also den Computer zu einem frueheren Zeitpunkt, an dem das Problem noch nicht bestand wiederherstellen? Scan History Details Start Date: 19.02.2007 09:41:37 End Date: 19.02.2007 09:45:56 Total Time: 4 Min 19 Sec Detected security risks Cookie: CGI-Bin Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\susan\cookies\susan@cgi-bin[10].txt c:\dokumente und einstellungen\susan\cookies\susan@cgi-bin[1].txt c:\dokumente und einstellungen\susan\cookies\susan@cgi-bin[2].txt c:\dokumente und einstellungen\susan\cookies\susan@cgi-bin[3].txt c:\dokumente und einstellungen\susan\cookies\susan@cgi-bin[4].txt c:\dokumente und einstellungen\susan\cookies\susan@cgi-bin[5].txt c:\dokumente und einstellungen\susan\cookies\susan@cgi-bin[6].txt c:\dokumente und einstellungen\susan\cookies\susan@cgi-bin[7].txt c:\dokumente und einstellungen\susan\cookies\susan@cgi-bin[9].txt Cookie: GeoCities Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\susan\cookies\susan@geocities[1].txt Cookie: LookSmart Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\susan\cookies\susan@looksmart[1].txt Cookie: Tracking.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\susan\cookies\susan@tracking[1].txt Cookie: cookie.monster Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\susan\cookies\susan@cookie.monster[2].txt Cookie: Radar Spy Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\susan\cookies\susan@yourmedia[1].txt Cookie: Ajan 1.0 Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\susan\cookies\susan@xiti[1].txt Cookie: ABetterInternet.Aurora Cookie Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\susan\cookies\susan@a[2].txt Cookie: DriveCleaner Cookie (General) more information... Status: Deleted Cookies detected c:\dokumente und einstellungen\susan\cookies\susan@drivecleaner[1].txt |
|
|
||
http://virus-protect.org/zip/WinPFind.zip
__________
MfG Sabina
rund um die PC-Sicherheit