Isearch Suchmaschine -wie werde ich die wieder los?

#0
01.02.2005, 01:29
...neu hier

Beiträge: 5
#31 Ergebnis von {950238FB-C706-4791-8674-4D429F85897E}:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "{950238FB-C706-4791-8674-4D429F85897E}" 31.01.2005 21:56:03

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html]
"CLSID"="{950238FB-C706-4791-8674-4D429F85897E}"

---------------------------------------------------------------------------

Ergebnis von {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}" 31.01.2005 21:58:33

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}\Programmable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}]

[HKEY_USERS\S-1-5-21-823518204-57989841-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}]

[HKEY_USERS\S-1-5-21-823518204-57989841-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}\iexplore]

---------------------------------------------------------------------------

Ergebnis von {DE910060-8EFB-44B9-B492-75180696643F}:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "{DE910060-8EFB-44B9-B492-75180696643F}" 31.01.2005 22:00:11

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE910060-8EFB-44B9-B492-75180696643F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE910060-8EFB-44B9-B492-75180696643F}\Control]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE910060-8EFB-44B9-B492-75180696643F}\Implemented Categories]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE910060-8EFB-44B9-B492-75180696643F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE910060-8EFB-44B9-B492-75180696643F}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE910060-8EFB-44B9-B492-75180696643F}\MiscStatus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE910060-8EFB-44B9-B492-75180696643F}\MiscStatus\1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE910060-8EFB-44B9-B492-75180696643F}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE910060-8EFB-44B9-B492-75180696643F}\Programmable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE910060-8EFB-44B9-B492-75180696643F}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE910060-8EFB-44B9-B492-75180696643F}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE910060-8EFB-44B9-B492-75180696643F}\Version]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE910060-8EFB-44B9-B492-75180696643F}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE910060-8EFB-44B9-B492-75180696643F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE910060-8EFB-44B9-B492-75180696643F}\Contains]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE910060-8EFB-44B9-B492-75180696643F}\Contains\Files]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE910060-8EFB-44B9-B492-75180696643F}\DownloadInformation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE910060-8EFB-44B9-B492-75180696643F}\InstalledVersion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/hsrb.dll]
".Owner"="{DE910060-8EFB-44B9-B492-75180696643F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/hsrb.dll]
"{DE910060-8EFB-44B9-B492-75180696643F}"=""

[HKEY_USERS\S-1-5-21-823518204-57989841-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DE910060-8EFB-44B9-B492-75180696643F}]

[HKEY_USERS\S-1-5-21-823518204-57989841-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DE910060-8EFB-44B9-B492-75180696643F}\iexplore]

---------------------------------------------------------------------------

Ergebnis von {12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF}:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "{12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF}" 31.01.2005 22:01:40

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF}\Contains]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF}\Contains\Files]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF}\DownloadInformation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF}\InstalledVersion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/NrsgroupUD.dll]
".Owner"="{12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/NrsgroupUD.dll]
"{12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF}"=""

---------------------------------------------------------------------------

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.souldoom.de/index.php?go=news_start
--> war nciht mehr dabei

---------------------------------------------------------------------------

Ergebnis vom Scan (Scan Log) von AdAware:

Ad-Aware SE Build 1.05
Logfile Created on:Montag, 31. Januar 2005 22:40:59
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R26 25.01.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):15 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


31.01.2005 22:40:59 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-823518204-57989841-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-823518204-57989841-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-823518204-57989841-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-823518204-57989841-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-823518204-57989841-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-823518204-57989841-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-823518204-57989841-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-823518204-57989841-725345543-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-823518204-57989841-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-823518204-57989841-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-823518204-57989841-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\kunde\recent
Description : list of recently opened documents


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 432
ThreadCreationTime : 31.01.2005 21:40:36
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 31.01.2005 21:40:39
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 31.01.2005 21:40:40
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 31.01.2005 21:40:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 31.01.2005 21:40:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 31.01.2005 21:40:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 792
ThreadCreationTime : 31.01.2005 21:40:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 856
ThreadCreationTime : 31.01.2005 21:40:41
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 904
ThreadCreationTime : 31.01.2005 21:40:41
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 952
ThreadCreationTime : 31.01.2005 21:40:41
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1240
ThreadCreationTime : 31.01.2005 21:40:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [userinit.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1328
ThreadCreationTime : 31.01.2005 21:40:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Userinit-Anmeldeanwendung
InternalName : userinit
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : USERINIT.EXE

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1344
ThreadCreationTime : 31.01.2005 21:40:42
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:14 [jusched.exe]
FilePath : C:\Programme\Java\j2re1.4.2_05\bin\
ProcessID : 1444
ThreadCreationTime : 31.01.2005 21:40:43
BasePriority : Normal


#:15 [icqlite.exe]
FilePath : D:\Programme\ICQLite\
ProcessID : 1452
ThreadCreationTime : 31.01.2005 21:40:43
BasePriority : Normal
FileVersion : 555
ProductVersion : 1, 0, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright (C) 2002
OriginalFilename : ICQLite.exe

#:16 [lvcoms.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\
ProcessID : 1460
ThreadCreationTime : 31.01.2005 21:40:43
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : (c) 1996-2002 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:17 [logitray.exe]
FilePath : C:\Programme\Logitech\ImageStudio\
ProcessID : 1476
ThreadCreationTime : 31.01.2005 21:40:43
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : (c) 1996-2002 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe

#:18 [avgnt.exe]
FilePath : D:\Programme\AVPersonal\
ProcessID : 1520
ThreadCreationTime : 31.01.2005 21:40:44
BasePriority : Normal


#:19 [desktop.exe]
FilePath : C:\WINDOWS\isrvs\
ProcessID : 1536
ThreadCreationTime : 31.01.2005 21:40:44
BasePriority : Normal
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search

#:20 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1544
ThreadCreationTime : 31.01.2005 21:40:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:21 [winsweep.exe]
FilePath : D:\Programme\WinSweep\
ProcessID : 1552
ThreadCreationTime : 31.01.2005 21:40:44
BasePriority : Normal
FileVersion : 3.04.0056
ProductVersion : 3.04.0056
ProductName : WINSWEEP 3
CompanyName : Software-Entwicklung Frank-Oliver Dzewas
InternalName : WinSweep
LegalCopyright : (c) 2003-2004 Software-Entwicklung Frank-Oliver Dzewas
LegalTrademarks : WINSWEEP
OriginalFilename : WinSweep.Exe

#:22 [wsmonitor.exe]
FilePath : D:\Programme\WinSweep\
ProcessID : 1632
ThreadCreationTime : 31.01.2005 21:40:45
BasePriority : Normal
FileVersion : 3.04.0056
ProductVersion : 3.04.0056
ProductName : WINSWEEP
InternalName : WSMonitor
LegalCopyright : (c) 2003-2004 Software-Entwicklung Frank-Oliver Dzewas
LegalTrademarks : WINSWEEP
OriginalFilename : WSMonitor.Exe

#:23 [hpotdd01.exe]
FilePath : D:\Programme\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1640
ThreadCreationTime : 31.01.2005 21:40:45
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:24 [startviewer.exe]
FilePath : D:\Programme\Jeanette Player\
ProcessID : 1660
ThreadCreationTime : 31.01.2005 21:40:46
BasePriority : Normal


#:25 [ad-aware.exe]
FilePath : D:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 412
ThreadCreationTime : 31.01.2005 21:40:50
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15



Deep scanning and examining files (C;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Deep scanning and examining files (D;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
4 entries scanned.
New critical objects:0
Objects found so far: 15




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

22:53:32 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:32.531
Objects scanned:151217
Objects identified:0
Objects ignored:0
New critical objects:0

---------------------------------------------------------------------------

#McAfee FreeScan (Online):
C:\Dokumente und Einstellungen\...\tiger.exe AdClicker-BY

---------------------------------------------------------------------------

#<Online-Scann (Panda):
Incident Status Location

Virus:W32/Sasser.ftp Disinfected C:\WINDOWS\system32\cmd.ftp
Virus:Trj/WmvDownloader.B Disinfected D:\Programme\Shareaza\
Complete\Porno - 19 -
Zwei lesben-1.wmv

---------------------------------------------------------------------------

#BitDefender Scan:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AdshooterDrs.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AdshooterDrs.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AdshooterDrs1.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AdshooterDrs1.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BlazeFindSearchEnhancerISTbar.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BlazeFindSearchEnhancerISTbar.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BPSSpywareRemover.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BPSSpywareRemover.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DialerActiveX.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DialerActiveX.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit10.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit10.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit11.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit11.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit12.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit12.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit13.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit13.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit14.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit14.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit15.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit15.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit16.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit16.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit17.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit17.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit18.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit18.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit19.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit19.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit20.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit20.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit21.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit21.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit22.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit22.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit23.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit23.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit24.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit24.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit25.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit25.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit26.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit26.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit27.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit27.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit28.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit28.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit29.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit29.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit5.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit5.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit6.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit6.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit7.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit7.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit8.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit8.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit9.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit9.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iSearchToolbar.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iSearchToolbar.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iSearchToolbar1.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iSearchToolbar1.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iSearchToolbar2.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iSearchToolbar2.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iSearchToolbar3.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iSearchToolbar3.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iSearchToolbar4.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iSearchToolbar4.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iSearchToolbar5.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iSearchToolbar5.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MainPean.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MainPean.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SearchForIt.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SearchForIt.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SearchForIt1.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SearchForIt1.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SearchForIt2.zip=>sbRecovery.reg: password protected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SearchForIt2.zip=>sbRecovery.ini: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>arrow1.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>arrow2.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bck1.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bck2.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt11.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt12.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt13.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt21.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt22.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt23.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt31.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt32.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt33.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt41.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt42.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt43.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt51.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt52.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt53.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt61.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>bt62.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>checkbox1.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>checkbox2.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>checkbox3.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>checkbox4.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>default.skn: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>defbtn1.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>defbtn2.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>defbtn3.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>glyph1.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>glyph2.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>glyph3.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>glyph4.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>glyph5.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>glyph6.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>glyph7.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>main.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>preview.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>sprite1.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>tab1.bmp: password protected
C:\Dokumente und Einstellungen\kunde\Desktop\aawsepersonal.exe=>wise0023=>tab2.bmp: password protected
D:\Downloads\e-Mule\Jeanette_-_Merry_Christmas_for_www.goldesel.to.rar=>Jeanette_-_Merry_Christmas_for_www.goldesel.to\00_jeanette_-_merry_christmas-2004-back-mod.jpg: password protected
D:\Downloads\e-Mule\Jeanette_-_Merry_Christmas_for_www.goldesel.to.rar=>Jeanette_-_Merry_Christmas_for_www.goldesel.to\00_jeanette_-_merry_christmas-2004-front-mod.jpg: password protected
D:\Downloads\e-Mule\Jeanette_-_Merry_Christmas_for_www.goldesel.to.rar=>Jeanette_-_Merry_Christmas_for_www.goldesel.to\00_jeanette_-_merry_christmas-2004-mod.m3u: password protected
D:\Downloads\e-Mule\Jeanette_-_Merry_Christmas_for_www.goldesel.to.rar=>Jeanette_-_Merry_Christmas_for_www.goldesel.to\01_christmas_time-www.goldesel.to.mp3: password protected
D:\Downloads\e-Mule\Jeanette_-_Merry_Christmas_for_www.goldesel.to.rar=>Jeanette_-_Merry_Christmas_for_www.goldesel.to\02_o_come_all_ye_faithful-www.goldesel.to.mp3: password protected
D:\Downloads\e-Mule\jeanette_rock_my_life_gold_edition_by_dark_cali_for_www.goldesel.6x.to.rar=>Jeanette_Rock_my_life_gold_edition_by_cali_for_www.goldesel.6x.to\01 - Rock My Life.mp3: password protected
D:\Downloads\e-Mule\jeanette_rock_my_life_gold_edition_by_dark_cali_for_www.goldesel.6x.to.rar=>Jeanette_Rock_my_life_gold_edition_by_cali_for_www.goldesel.6x.to\02 - Right Now.mp3: password protected
D:\Downloads\e-Mule\jeanette_rock_my_life_gold_edition_by_dark_cali_for_www.goldesel.6x.to.rar=>Jeanette_Rock_my_life_gold_edition_by_cali_for_www.goldesel.6x.to\03 - Jean.mp3: password protected
D:\Downloads\e-Mule\jeanette_rock_my_life_gold_edition_by_dark_cali_for_www.goldesel.6x.to.rar=>Jeanette_Rock_my_life_gold_edition_by_cali_for_www.goldesel.6x.to\04 - Don't Treat Me Badly.mp3: password protected
D:\Programme\eMule\Incoming\Erotic_Empire_German_for_www.goldesel.to.rar=>Erotic_Empire_German_for_www.goldesel.to\eroticempire_for_www.goldesel.to.bin: password protected
D:\Programme\eMule\Incoming\Erotic_Empire_German_for_www.goldesel.to.rar=>Erotic_Empire_German_for_www.goldesel.to\eroticempire_for_www.goldesel.to.cue: password protected
D:\Programme\eMule\Incoming\Erotic_Empire_German_for_www.goldesel.to.rar=>Erotic_Empire_German_for_www.goldesel.to\Erotic_Empire_German_GAME_INFO.txt: password protected
D:\Programme\eMule\Incoming\Erotic_Empire_German_for_www.goldesel.to.rar=>Erotic_Empire_German_for_www.goldesel.to\GoldEsel_-_visit_us_for_more_brandnew_stuff.url: password protected
D:\Programme\eMule\Incoming\Erotic_Empire_German_for_www.goldesel.to.rar=>Erotic_Empire_German_for_www.goldesel.to\Wichtig_Lesen_Goldesel_Adressen.txt: password protected
D:\Programme\eMule\Incoming\Nu_Pagadi_-_Your_Dark_Side_for_www.goldesel.to.rar=>Nu_Pagadi_-_Your_Dark_Side_for_www.goldesel.to\00_nu_pagadi_-_your_dark_side-2005-backcover-mod-mod.jpg: password protected
D:\Programme\eMule\Incoming\Nu_Pagadi_-_Your_Dark_Side_for_www.goldesel.to.rar=>Nu_Pagadi_-_Your_Dark_Side_for_www.goldesel.to\00_nu_pagadi_-_your_dark_side-2005-frontcover-mod-mod.jpg: password protected
D:\Programme\eMule\Incoming\Nu_Pagadi_-_Your_Dark_Side_for_www.goldesel.to.rar=>Nu_Pagadi_-_Your_Dark_Side_for_www.goldesel.to\00_nu_pagadi_-_your_dark_side-2005-inlay1-mod.jpg: password protected
D:\Programme\eMule\Incoming\Nu_Pagadi_-_Your_Dark_Side_for_www.goldesel.to.rar=>Nu_Pagadi_-_Your_Dark_Side_for_www.goldesel.to\00_nu_pagadi_-_your_dark_side-2005-inlay2-mod.jpg: password protected
D:\Programme\eMule\Incoming\Nu_Pagadi_-_Your_Dark_Side_for_www.goldesel.to.rar=>Nu_Pagadi_-_Your_Dark_Side_for_www.goldesel.to\00_nu_pagadi_-_your_dark_side-2005-inlay3-mod.jpg: password protected
D:\Programme\eMule\Incoming\Nu_Pagadi_-_Your_Dark_Side_for_www.goldesel.to.rar=>Nu_Pagadi_-_Your_Dark_Side_for_www.goldesel.to\00_nu_pagadi_-_your_dark_side-2005-inlay4-mod.jpg: password protected
D:\Programme\eMule\Incoming\The_Dome_32_inkl_covers_for_www.goldesel.to.rar=>The_Dome_32_inkl_covers_for_www.goldesel.to\CD1\101_jeanette_-_run_with_me-mod.mp3: password protected
D:\Programme\eMule\Temp\008.part=>03 - Jeanette Biedermann - You Call Me On The Phone.mp3: bad crc
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck2.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>default.skn: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab1.bmp: password protected
D:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab2.bmp: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>WPWIN.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>123.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>1942.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>2200AD.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>3DFX.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>3DHOME.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>3DLAND.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>3DMARK.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>A.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>A2W.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>A5.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AB3.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ABC.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Abcflow.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ACCUSET.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ACDSEE32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ACLT.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ACME.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ACRODIST.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Acroexch.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>acrord32.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ACROREAD.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ACROUK.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Act.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ACTPMNT.OCX: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Actwin2.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AD.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AD_NET.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ADAPTER.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ADDDEPTH.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ADDRBOOK.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ADMIN.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ADOBE GAMMA LOADER.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ADOBEREG32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ADVANTGE.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Adw30.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Agds16.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Agent.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Agent95.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AHD3.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AHD4.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Ai41.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AIRMOS.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AL.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ALMANAC.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ALMANC32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ALUNSER.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AMIFM.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Amipro.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AMS4.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AMW.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AMW4.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ANGEL.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ANNOUNCE.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ANT.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ANYCLEAN.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AOL.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AOLPHX.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AOLTRAY.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AOLUNINS.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>APP.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>APPARCHV.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>APPCLEAN.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>APPDEL.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>APPLETVIEWER.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>APPMOVE.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>APPROACH.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>APPTPORT.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>APSTUDIO.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Arcbkup.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ARCHIVER.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ARDIAL32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ARTGALRY.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ART-SCAN.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ARTSHOW4.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ARUPLD32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ASAP.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ASBROWSE.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Ascend50.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ASPELL.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ASTEROID.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>ATMCNTRL.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Atmfm.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AUTMANIA.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AUTO.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AUTOSTRT.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AUTOXL.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AVCONSOL.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AW.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AWEDIT32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AWGATE.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AWHOST32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AWONL32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AWRAS32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>AWREM32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>B17.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BAB.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BACKIT.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BACKLOG.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BACKTRAC.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BACKWEB.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BAILEY.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BALDUR.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BANNER.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BASH1.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BATHROOM.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BATTLE2.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BC4000.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BCC.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BCR.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BD40.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Beast.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BGH2.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BGHCFG.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BIBLE.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BIGGAME.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BILLMIND.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BINDER.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BIZFORMS.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BLOODNET.COM: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BODY3WIN.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BOOKMARK.OCX: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BPBOX.OCX: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BRAVO.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BRIDGE.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BS9532.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BTNMENU.OCX: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BUD.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BW.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>BYLEAVE.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>C&c.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>C7.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>C86.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Cafe.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CANVAS.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CAPEZE.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CAPPRO32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CAPTURE.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CARMEN.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CASINO21.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CAW2.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CBW.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CCHAT.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CCMAIL.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CCPLUS.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CCREGMOD.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CCRITTER.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CCWIN.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CDISSS.OCX: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CENTRAL.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CERTCONS.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CF_ENG.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CFSCONV.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CG16EH.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CG32EH.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CGMAIN.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CGMENU.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CGW.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CHANGER.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CHEM.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CHEMDRAW.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CHESS.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CHEXNOW.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CHKVXD.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CHMAGENT.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CHOMP.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CIV.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CKANLYST.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CKRUN.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CKRUN.PIF: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CLARION3.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CLIKAPP.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CLINK.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CLIPPER.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CLNSWEEP.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CM4000.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CMAGENT.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CMAPPFRM.OCX: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CMDLAGNT.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CMUSRPFL.OCX: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CNFNOT32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CNNTC94.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>COM32UPD.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>COMBATFS.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>COMCTL32.OCX: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>COMPAT.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Conf.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CONQUEST.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CONVDSN.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Convert.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>COPYDEFS.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>Coreldrw.exe: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CORELFLW.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CORELGAL.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CORELPNT.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CPAV.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CPD.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CPRTST16.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CPRTST32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CPTEST16.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CPTEST32.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CRAYONS.EXE: password protected
D:\RECYCLER\NPROTECT\00000984.cfg=>CROSSWD.EXE: password
Seitenanfang Seitenende
01.02.2005, 01:49
...neu hier

Beiträge: 5
#32 So, hier der neue Logfile vom HijackThis:

Logfile of HijackThis v1.99.0
Scan saved at 01:46:39, on 01.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
D:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
D:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\WinSweep\WSMonitor.exe
D:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Programme\AVPersonal\AVGUARD.EXE
D:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
D:\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
D:\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
D:\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Programme\Internet Explorer\iexplore.exe
D:\Programme\Yahoo!\Messenger\YPager.exe
C:\Dokumente und Einstellungen\kunde\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://D:\Programme\WinSweep\ws.js
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &WINSWEEP Toolbar - {E915E62E-41DA-40D0-8106-3438B4D24394} - D:\Programme\WinSweep\SurfBar.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSWEEP] D:\Programme\WinSweep\WINSWEEP.Exe /AUTO
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Jeanette Player.lnk = D:\Programme\Jeanette Player\StartViewer.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4424/mcfscan.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B9F878A-CC9F-44BB-AFB0-4E57DEAAEFF4}: NameServer = 217.237.149.161 217.237.151.225
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - D:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe

dieses programm für den wurm von microsoft geht nur unter sp1 ... ich habe aber sp2 ...
Seitenanfang Seitenende
01.02.2005, 14:25
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#33 Hallo@taker

Fixe mit dem HijackThis:

O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

gehe in den abgesicherten Modus

und loesche.
C:\WINDOWS\isrvs\<---kompletten Ordner loeschen.

dann lade
Download and install WinPatrol.
http://www.winpatrol.com

und scanne (auch im abgesicherten Modus)

dann poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 01.02.2005 um 14:28 Uhr von Sabina editiert.
Seitenanfang Seitenende
02.02.2005, 13:51
...neu hier

Beiträge: 5
#34 Logfile of HijackThis v1.99.0
Scan saved at 13:50:24, on 02.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
D:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
D:\Programme\AVPersonal\AVGNT.EXE
D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Programme\WinSweep\WSMonitor.exe
D:\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
D:\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
D:\Programme\AVPersonal\AVGUARD.EXE
D:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\msiexec.exe
D:\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\kunde\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://D:\Programme\WinSweep\ws.js
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &WINSWEEP Toolbar - {E915E62E-41DA-40D0-8106-3438B4D24394} - D:\Programme\WinSweep\SurfBar.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] "D:\PROGRA~2\WinPatrol.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSWEEP] D:\Programme\WinSweep\WINSWEEP.Exe /AUTO
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Jeanette Player.lnk = D:\Programme\Jeanette Player\StartViewer.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4424/mcfscan.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B9F878A-CC9F-44BB-AFB0-4E57DEAAEFF4}: NameServer = 217.237.149.161 217.237.151.225
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - D:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ich habe versucht den ordner zu löschen geht nicht, und das programm hat auch nix gebracht, wird trotzdem geladen aber trotzdem haste da nochma den HijackThis Log
Seitenanfang Seitenende
02.02.2005, 13:59
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#35 Fixe mit dem HijackThis:

O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

PC neustarten--> in den abgesicherten Modus

Gehe in die Registry
Start<Ausfuehren<regedit

Bearbeiten-->Suchen

isrvs
ffisearch.exe
desktop.exe

poste mir, was du findest und unter welchem Pfad
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
benenne "isrvs" um und loesche die C:\WINDOWS\isrvs
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 02.02.2005 um 14:00 Uhr von Sabina editiert.
Seitenanfang Seitenende