Programm lässt sich nicht deinstallieren

lotusomega · 1. Juni 2007

Hi,
leider lässt sich eins von mir installiertes Programm nicht mehr deinstallieren.

Programm: BearShare

Wenn ich es deinstallieren will, kommt folgende Fehlermeldung:

Invalid INSTALL.LOG file.

Kann mir vllt. jemand helfen?

Danke!!!

Mopao · 1. Juni 2007

Hallo,

#Bearbeite mal die Punkte 5 , 6 & 7 ,dann Ergebnisse posten
http://www.paules-pc-forum.de/phpBB2/topic,98281.html

#Lade dir Registry Search hier http://www.bleepingcomputer.com/files/regsearch.php auf dem Desktop speichern & entpacken,doppelklick auf RegSearch.exe
Oben klicke auf search strings eingeben oder reinkopieren BearShare dann klicke auf OK,am Ende Scan Report speichern & hier posten.

#Lade dir WinPFind hier http://virus-protect.org/zip/WinPFind.zip auf dem Desktop speichern und entpacken.

WinPFind Ordner öffnen.
WinPFind.exe doppelklicken.
Configure Scan Option (beide Seite Select All).
Starte scan klicken
Am Ende Scan Report speichern & hier posten

Gruss
Mopao

lotusomega · 21. August 2007

Hi,
sry das ich mich erst jetzt melde, war bissl im stress und das in den ferien^^

1. Navilog1

Search Navipromo version 2.0.9 began on 21.08.2007 at 12:54:28,64

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Programme\navilog1
Updated on 20.08.2007 at 22h30 by IL-MAFIOSO

Done in normal mode

*** Searching for installed Software ***

*** Search folders in C:\WINDOWS ***

*** Search folders in C:\Programme ***

*** Search folders in C:\Dokumente und Einstellungen\All Users\Application Data ***

*** Search folders in C:\Dokumente und Einstellungen\Matze\Anwendungsdaten ***

*** Search with BlackLight Engine/F-secure ***
BlackLight Engine is a product of F-secure, for more info:
http://www.f-secure.com/blacklight/blacklight_help.html

F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 08/21/07 at 12:54:30.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 08/21/07 at 13:00:05 (return code = 0).

*** Search with GenericNaviSearch ***
!!! Possibility of legitims files in the result !!!
!!! To be always checked before manually deleting !!!

Files found :

No File found !

Suspicious Files :

No Suspicious File found !

*** Search files ***

*** Search registry keys ***

Search in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

Search in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

Search Magic Control Key

*** Complementary Search ***
(Search specifics files)

1)Search known files:

2)Heuristic Search :
*
**
***
****
*****
******
*******
********

3)Certificates Search :

Certificate Egroup not found !

*** Search completed on 21.08.2007 at 13:01:11,35 ***

2. WindowsScan

Die 30 neuesten Dateien im Ordner Windows:

21.08.2007 0.log 12 02:0
21.08.2007 wiadebug.log 12 02:159
21.08.2007 WindowsUpdate.log 12 02:1.693.945
21.08.2007 wiaservc.log 12 02:50
21.08.2007 bootstat.dat 12 02:2.048
21.08.2007 SchedLgU.Txt 12 01:32.622
21.08.2007 win.ini 12 00:709
21.08.2007 system.ini 12 00:2.366
21.08.2007 QTFont.qfn 11 45:54.156
20.08.2007 NeroDigital.ini 23 29:116
19.08.2007 setupapi.log 12 13:758
24.07.2007 mngui.INI 19 32:0
Ericsson 24.07.2007 ModemLog_Sony 19 32:11.898
06.07.2007 photos.zip 20 30:22
02.07.2007 QTFont.for 20 35:1.409
24.06.2007 msicpl.ini 12 11:133
15.06.2007 Thumbs.db 23 22:7.680
13.06.2007 explorer.exe 15 21:1.036.288
05.06.2007 iun6002.exe 19 38:724.992
26.03.2007 EPISMG00.SWB 11 38:12.862
23.01.2007 KHALMNPR.Exe 15 44:101.136
01.11.2006 WMSysPr9.prx 22 16:316.640
29.10.2006 d3dx.dat 18 57:4.096
05.10.2006 cdplayer.ini 17 25:574
14.07.2006 UNRecode.exe 16 29:966.656
14.07.2006 UNNeroBackItUp.exe 16 29:966.656
14.07.2006 UNNeroShowTime.exe 16 29:966.656

Die 50 neuesten Dateien im Ordner Windows\system32:

21.08.2007 wpa.dbl 12 02:13.744
21.08.2007 nvapps.xml 12 02:87.736
20.08.2007 gnc.exe 23 50:3.290
03.08.2007 MRT.exe 06 34:16.789.464
19.07.2007 mshtml.dll 08 56:3.583.488
18.07.2007 Mswinsck.ocx 01 08:124.688
27.06.2007 wininet.dll 16 05:823.808
27.06.2007 webcheck.dll 16 05:232.960
27.06.2007 urlmon.dll 16 05:1.152.000
27.06.2007 occache.dll 16 05:102.400
27.06.2007 url.dll 16 05:105.984
27.06.2007 mstime.dll 16 05:671.232
27.06.2007 msrating.dll 16 05:193.024
27.06.2007 mshtmled.dll 16 05:477.696
27.06.2007 msfeedsbs.dll 16 05:52.224
27.06.2007 msfeeds.dll 16 05:459.264
27.06.2007 inetcpl.cpl 16 05:1.824.256
27.06.2007 jsproxy.dll 16 05:27.648
27.06.2007 iertutil.dll 16 04:267.776
27.06.2007 ieframe.dll 16 04:6.058.496
27.06.2007 iernonce.dll 16 04:44.544
27.06.2007 iedkcs32.dll 16 04:384.512
27.06.2007 ieapfltr.dll 16 04:383.488
27.06.2007 ieaksie.dll 16 04:230.400
27.06.2007 ieakeng.dll 16 04:153.088
27.06.2007 advpack.dll 16 04:124.928
27.06.2007 extmgr.dll 16 04:132.608
27.06.2007 ieudinit.exe 10 27:13.824
27.06.2007 ie4uinit.exe 10 27:63.488
27.06.2007 ieakui.dll 09 00:161.792
26.06.2007 msxml3.dll 08 08:1.104.896
19.06.2007 gdi32.dll 15 31:282.112
11.06.2007 wmp.dll 23 51:10.834.944
01.06.2007 perfc009.dat 12 49:52.764
01.06.2007 perfh009.dat 12 49:380.350
01.06.2007 perfh007.dat 12 49:391.000
01.06.2007 perfc007.dat 12 49:63.580
01.06.2007 PerfStringBackup.INI 12 49:897.954
17.05.2007 oleaut32.dll 13 28:549.376
16.05.2007 inetcomm.dll 17 11:683.520
08.05.2007 msxml4.dll 15 03:1.275.392
27.04.2007 QuickTime.qts 09 42:49.152
27.04.2007 QuickTimeVR.qtx 09 42:65.536
25.04.2007 schannel.dll 16 22:144.896
22.04.2007 Log_20070422_184451_65C.txt 18 44:120
22.04.2007 Log_20070422_184450_D60.txt 18 44:120
22.04.2007 Log_20070422_184449_454.txt 18 44:120

# Copyright (c) 1993-1999 Microsoft Corp.
#
# Dies ist eine HOSTS-Beispieldatei, die von Microsoft TCP/IP
# für Windows 2000 verwendet wird.
#
# Diese Datei enthält die Zuordnungen der IP-Adressen zu Hostnamen.
# Jeder Eintrag muss in einer eigenen Zeile stehen. Die IP-
# Adresse sollte in der ersten Spalte gefolgt vom zugehörigen
# Hostnamen stehen.
# Die IP-Adresse und der Hostname müssen durch mindestens ein
# Leerzeichen getrennt sein.
#
# Zusätzliche Kommentare (so wie in dieser Datei) können in
# einzelnen Zeilen oder hinter dem Computernamen eingefügt werden,
# aber müssen mit dem Zeichen '#' eingegeben werden.
#
# Zum Beispiel:
#
# 102.54.94.97 rhino.acme.com # Quellserver
# 38.25.63.10 x.acme.com # x-Clienthost

127.0.0.1 localhost

3. Hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:06:56, on 21.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

lotusomega · 21. August 2007

4. Registry Search

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 21.08.2007 13:11:46 for strings:
; 'bearshare'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BearShare.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}]
@="BearShare"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BearShare.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BearShare.exe\shell]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BearShare.exe\shell\open]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BearShare.exe\shell\open\command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BearShare.exe\shell\open\command]
"(Default)"="\"D:\\Programme\\BearShare.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.AudioCD]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.AudioCD\Shell]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.AudioCD\Shell\Play]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.AudioCD\Shell\Play\Command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.AudioCD\Shell\Play\Command]
@="D:\\PROGRA~1\\BearShare.exe --playdrive %L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.AudioCD\Shell\Rip]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.AudioCD\Shell\Rip\Command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.AudioCD\Shell\Rip\Command]
@="D:\\PROGRA~1\\BearShare.exe --ripdrive %L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.AudioCD\Shell\Show]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.AudioCD\Shell\Show\Command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.AudioCD\Shell\Show\Command]
@="D:\\PROGRA~1\\BearShare.exe --showdrive %L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file\DefaultIcon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file\DefaultIcon]
"(Default)"="D:\\Programme\\BearShare.exe,1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file\shell]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file\shell\open]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file\shell\open\command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file\shell\open\command]
"(Default)"="\"D:\\Programme\\BearShare.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler\CurVer]
@="BearShare.LauncherEventHandler.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A4A19A-00AC-473c-8225-1B97D1FDD43E}\ProgID]
@="BearShare.LauncherEventHandler.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A4A19A-00AC-473c-8225-1B97D1FDD43E}\VersionIndependentProgID]
@="BearShare.LauncherEventHandler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\BearShare]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\BearShare\DEBUG]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{438214DB-BB3C-4813-89F3-B3757D52B28E}]
"AppName"="BearShare.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://search.bearshare.com/sidebar.html?src=ssb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"DefaultIcon"="D:\\PROGRA~1\\BearShare.exe, 0"
"Provider"="BearShare"
"ProgID"="BearShare.LauncherEventHandler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"DefaultIcon"="D:\\PROGRA~1\\BearShare.exe, 0"
"Provider"="BearShare"
"InvokeProgID"="BearShare.AudioCD"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"DefaultIcon"="D:\\PROGRA~1\\BearShare.exe, 0"
"Provider"="BearShare"
"InvokeProgID"="BearShare.AudioCD"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"DefaultIcon"="D:\\PROGRA~1\\BearShare.exe, 0"
"Provider"="BearShare"
"InvokeProgID"="BearShare.AudioCD"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
"DisplayName"="BearShare"
"Publisher"="BearShare"
"URLInfoAbout"="www.bearshare.com"

[HKEY_CURRENT_USER\Software\BearShare]

[HKEY_CURRENT_USER\Software\BearShare\General]

[HKEY_CURRENT_USER\Software\BearShare\General]
"DownloadDir"="F:\\\\My Music\\BearShare"
"AppData"="C:\\Dokumente und Einstellungen\\Matze\\Anwendungsdaten\\BearShare"
"StatisticsFileName"="C:\\Dokumente und Einstellungen\\Matze\\Anwendungsdaten\\BearShare\\Statistics.xml"
"CreativesFileName"="C:\\Dokumente und Einstellungen\\Matze\\Anwendungsdaten\\BearShare\\Creatives.xml"

[HKEY_CURRENT_USER\Software\BearShare\Machine]

[HKEY_CURRENT_USER\Software\BearShare\Network]

[HKEY_CURRENT_USER\Software\BearShare\Network\IM2Net]

[HKEY_CURRENT_USER\Software\BearShare\Network\Proxy]

[HKEY_CURRENT_USER\Software\BearShare\Player]

[HKEY_CURRENT_USER\Software\BearShare\Player\Downloaded]

[HKEY_CURRENT_USER\Software\BearShare\Player\Library]

[HKEY_CURRENT_USER\Software\BearShare\Player\Purchased]

[HKEY_CURRENT_USER\Software\BearShare\Player\QuickPlay]

[HKEY_CURRENT_USER\Software\BearShare\Player\Top25]

[HKEY_CURRENT_USER\Software\BearShare\Preferences]

[HKEY_CURRENT_USER\Software\BearShare\Preferences]
"IMHistoryFolderPath"="C:\\Dokumente und Einstellungen\\Matze\\Anwendungsdaten\\BearShare\\IMHistory\\"
"CreativesFiles"="C:\\Dokumente und Einstellungen\\Matze\\Anwendungsdaten\\BearShare\\IMPictures\\"

[HKEY_CURRENT_USER\Software\BearShare\Preferences\Artwork]

[HKEY_CURRENT_USER\Software\BearShare\Preferences\Bubbles]

[HKEY_CURRENT_USER\Software\BearShare\Preferences\CDSupport]

[HKEY_CURRENT_USER\Software\BearShare\Preferences\CheckExpiredLicense]

[HKEY_CURRENT_USER\Software\BearShare\Preferences\FileList]

[HKEY_CURRENT_USER\Software\BearShare\Preferences\IEHomepage]

[HKEY_CURRENT_USER\Software\BearShare\Preferences\IEHomepage]
"IEHomepage"="http://google.bearshare.com/de/"

[HKEY_CURRENT_USER\Software\BearShare\Preferences\Invite]

[HKEY_CURRENT_USER\Software\BearShare\Preferences\PortablePlayers]

[HKEY_CURRENT_USER\Software\BearShare\Preferences\PortablePlayers\0]

[HKEY_CURRENT_USER\Software\BearShare\Preferences\Search]

[HKEY_CURRENT_USER\Software\BearShare\Preferences\Security]

[HKEY_CURRENT_USER\Software\BearShare\UI]

[HKEY_CURRENT_USER\Software\BearShare\UI\DownloadPane]

[HKEY_CURRENT_USER\Software\BearShare\UI\ListHeaders]

[HKEY_CURRENT_USER\Software\BearShare\UI\ListHeaders\AudioOnly]

[HKEY_CURRENT_USER\Software\BearShare\UI\ListHeaders\Both]

[HKEY_CURRENT_USER\Software\BearShare\UI\ListHeaders\Docked]

[HKEY_CURRENT_USER\Software\BearShare\UI\ListHeaders\Playlists]

[HKEY_CURRENT_USER\Software\BearShare\UI\ListHeaders\ShowAlbum]

[HKEY_CURRENT_USER\Software\BearShare\UI\ListHeaders\ShowAlbumAudio]

[HKEY_CURRENT_USER\Software\BearShare\UI\ListHeaders\ShowArtist]

[HKEY_CURRENT_USER\Software\BearShare\UI\ListHeaders\ShowArtistAudio]

[HKEY_CURRENT_USER\Software\BearShare\UI\ListHeaders\VideoOnly]

[HKEY_CURRENT_USER\Software\BearShare\UI\MainWindow]

[HKEY_CURRENT_USER\Software\BearShare\UI\Messenger]

[HKEY_CURRENT_USER\Software\BearShare\UI\MiniPlayer]

[HKEY_CURRENT_USER\Software\BearShare\UI\Panes]

[HKEY_CURRENT_USER\Software\BearShare\UI\Panes\Sizes]

[HKEY_CURRENT_USER\Software\BearShare\UI\Panes\Visibility]

[HKEY_CURRENT_USER\Software\BearShare\UI\Sizes]

[HKEY_CURRENT_USER\Software\BearShare\UI\SortListHeaders]

[HKEY_CURRENT_USER\Software\BearShare\UI\WebSystems]

[HKEY_CURRENT_USER\Software\BearShare\Users]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://search.bearshare.com/sidebar.html?src=ssb"
"Search Bar"="http://search.bearshare.com/sidebar.html?src=ssb"
"SearchAssistant"="http://search.bearshare.com/sidebar.html?src=ssb"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BearShare]

; End Of The Log...

5. WinPFind

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 7.0.5730.11

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
aspack 18.03.2005 18:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 26.05.2005 16:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack 22.07.2005 20:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
aspack 05.12.2005 19:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
aspack 03.02.2006 09:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll
aspack 31.03.2006 13:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll
aspack 28.09.2006 17:05:20 2414360 C:\WINDOWS\SYSTEM32\d3dx9_31.dll
PEC2 04.08.2004 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 15.02.2007 19:01:04 1476992 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 03.08.2007 06:34:10 16789464 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 03.08.2007 06:34:10 16789464 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 14:00:00 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04.08.2004 14:00:00 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 04.08.2004 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 15.02.2007 19:01:30 337280 C:\WINDOWS\SYSTEM32\WgaTray.exe
aspack 10.04.2007 20:00:18 18944 C:\WINDOWS\SYSTEM32\wk32.dll
PEC2 24.10.2006 21:33:16 8282112 C:\WINDOWS\SYSTEM32\wmploc.dll

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
21.08.2007 12:02:10 S 2048 C:\WINDOWS\bootstat.dat
21.08.2007 11:45:52 H 54156 C:\WINDOWS\QTFont.qfn
26.06.2007 08:21:20 S 11284 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB936021.cat
19.07.2007 10:19:58 S 29530 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB937143-IE7.cat
13.07.2007 01:44:18 S 11284 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB938127-IE7.cat
28.06.2007 04:06:50 S 11192 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem25.CAT
19.07.2007 20:31:48 S 7868 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem426.CAT
19.07.2007 20:31:50 S 33145 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem427.CAT
19.07.2007 20:31:50 S 39029 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem428.CAT
19.07.2007 20:31:50 S 39029 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem429.CAT
19.07.2007 20:31:50 S 39029 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem430.CAT
21.08.2007 13:17:34 H 1024 C:\WINDOWS\system32\config\default.LOG
21.08.2007 12:02:12 H 1024 C:\WINDOWS\system32\config\SAM.LOG
21.08.2007 12:03:52 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
21.08.2007 13:24:36 H 1024 C:\WINDOWS\system32\config\software.LOG
21.08.2007 13:00:16 H 1024 C:\WINDOWS\system32\config\system.LOG
02.07.2007 21:33:48 S 552 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\3130B1871A126520A8C47861EFE3ED4D
02.07.2007 21:33:48 S 616 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5
02.07.2007 21:33:48 S 132 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D
02.07.2007 21:33:48 S 136 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5
14.08.2007 06:37:08 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\60ab0ec1-bf9d-40cf-a676-44ba32203523
14.08.2007 06:37:08 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
21.08.2007 12:02:18 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
25.05.2004 17:06:58 417792 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 04.08.2004 14:00:00 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04.08.2004 14:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04.08.2004 14:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 14:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 14:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 14:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 27.06.2007 16:05:04 1824256 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 14:00:00 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 14:00:00 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 14:00:00 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10.11.2005 14:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 04.08.2004 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 14:00:00 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 04.08.2004 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 14:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 14:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 19.04.2007 13:26:00 69632 C:\WINDOWS\SYSTEM32\nvcpl.cpl
19.04.2007 13:26:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 04.08.2004 14:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04.08.2004 14:00:00 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 04.08.2004 14:00:00 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 04.08.2004 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 14:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 14:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 16.04.2007 22:45:40 216408 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 04.08.2004 14:00:00 70656 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 04.08.2004 14:00:00 555008 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 04.08.2004 14:00:00 138240 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 04.08.2004 14:00:00 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 04.08.2004 14:00:00 157184 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 27.06.2007 16:05:04 1824256 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 04.08.2004 14:00:00 133120 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 04.08.2004 14:00:00 69632 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 04.08.2004 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 04.08.2004 14:00:00 625152 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 04.08.2004 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 04.08.2004 14:00:00 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 04.08.2004 14:00:00 260096 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 04.08.2004 14:00:00 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 04.08.2004 14:00:00 117248 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 04.08.2004 14:00:00 159744 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 04.08.2004 14:00:00 303104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 04.08.2004 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 04.08.2004 14:00:00 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 04.08.2004 14:00:00 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 16.04.2007 22:45:40 216408 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
24.09.2005 19:39:04 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
22.04.2007 00:51:32 635 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
13.09.2006 00:31:30 305 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
24.09.2005 20:13:34 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
20.05.2006 19:44:12 1382 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
24.09.2005 19:39:04 HS 84 C:\Dokumente und Einstellungen\Matze\Startmenü\Programme\Autostart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
24.09.2005 20:13:34 HS 62 C:\Dokumente und Einstellungen\Matze\Anwendungsdaten\desktop.ini
01.07.2007 21:29:18 112120 C:\Dokumente und Einstellungen\Matze\Anwendungsdaten\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = D:\Programme\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programme\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programme\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = D:\Programme\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programme\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56B38F40-4E70-11d4-A076-0080AD86BA2F}
WebCGMHlprObj Class = C:\WINDOWS\cgmopenbho.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B4946F7-FE38-A794-4AD2-F3CA9D2DE69E}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Windows Live Sign-in Helper = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security : C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8B69DB2E-015D-4c4f-B97E-95EF5326BDA8}
ButtonText = eBay Startseite : http://adfarm.mediaplex.com/ad…2?mpre=http://www.ebay.de
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}
ButtonText = ICQ Lite : D:\Programme\ICQLite\ICQLite.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
MenuText = @xpsp3res.dll,-20001 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
IE Search Band = C:\WINDOWS\system32\ieframe.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security : C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{F2CF5485-4E02-4F68-819C-B92DE9277049} = &Links : C:\WINDOWS\system32\ieframe.dll
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
NVCLOCK rundll32 nvclock.dll,fnNvclock
Verknüpfung mit der High Definition Audio-Eigenschaftenseite HDAudPropShortcut.exe
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
EPSON Stylus C84 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
Microsoft Works Update Detection C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
ccApp "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
Logitech Hardware Abstraction Layer KHALMNPR.EXE
Kernel and Hardware Abstraction Layer KHALMNPR.EXE
QuickTime Task "D:\Programme\QuickTime\qttask.exe" -atboottime
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Symantec PIF AlertEng "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
DJSNetCN C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
ICQ Lite D:\Programme\ICQLite\ICQLite.exe -trayboot

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader - Schnellstart
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader - Schnellstart

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^CDN Bay Office Start Center.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CDN Bay Office Start Center.lnk
backup C:\WINDOWS\pss\CDN Bay Office Start Center.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\CDNBAY~1\BAYOFF~1.EXE
item CDN Bay Office Start Center
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CDN Bay Office Start Center.lnk
backup C:\WINDOWS\pss\CDN Bay Office Start Center.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\CDNBAY~1\BAYOFF~1.EXE
item CDN Bay Office Start Center

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\MICROS~1\Office10\OSA.EXE -b -l
item Microsoft Office
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\MICROS~1\Office10\OSA.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PlexTools Professional.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PlexTools Professional.lnk
backup C:\WINDOWS\pss\PlexTools Professional.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\Plextor\PlexTool.exe Startup
item PlexTools Professional
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PlexTools Professional.lnk
backup C:\WINDOWS\pss\PlexTools Professional.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\Plextor\PlexTool.exe Startup
item PlexTools Professional

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^Matze^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk
path C:\Dokumente und Einstellungen\Matze\Startmenü\Programme\Autostart\OpenOffice.org 2.0.lnk
backup C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
location Startup
command C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE
item OpenOffice.org 2.0
path C:\Dokumente und Einstellungen\Matze\Startmenü\Programme\Autostart\OpenOffice.org 2.0.lnk
backup C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
location Startup
command C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE
item OpenOffice.org 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AnyDVD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AnyDVD
hkey HKLM
command C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AnyDVD
hkey HKLM
command C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NMBgMonitor
hkey HKCU
command "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NMBgMonitor
hkey HKCU
command "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDElbyCDFL
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ElbyCheck
hkey HKLM
command "D:\Programme\CloneCD\ElbyCheck.exe" /L ElbyCDFL
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ElbyCheck
hkey HKLM
command "D:\Programme\CloneCD\ElbyCheck.exe" /L ElbyCDFL
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CloneCDTray
hkey HKLM
command "D:\Programme\CloneCD\CloneCDTray.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CloneCDTray
hkey HKLM
command "D:\Programme\CloneCD\CloneCDTray.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ Lite
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command "D:\Programme\ICQLite\ICQLite.exe" -minimize
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command "D:\Programme\ICQLite\ICQLite.exe" -minimize
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "D:\Programme\iTunesHelper.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "D:\Programme\iTunesHelper.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Programme\MSN Messenger\msnmsgr.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Programme\MSN Messenger\msnmsgr.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "D:\Programme\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "D:\Programme\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony Ericsson PC Suite
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Application Launcher
hkey HKLM
command "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Application Launcher
hkey HKLM
command "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tweak UI
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RUNDLL32
hkey HKLM
command RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RUNDLL32
hkey HKLM
command RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoColorChoice 0
NoSizeChoice 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0
NoDispAppearancePage 0
NoDispBackgroundPage 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
WPDShServiceObj {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll
syshelps {49A6A2E6-C630-4B71-B953-C2C4093212E4} = syshelps.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 21.08.2007 13:24:52

Patient Hunter · 21. August 2007

die setup file is kaputt einfach nochmal neu downloaden installieren und deinstellieren
wenn nichts geht kannst du auch den eraser benutzen

lotusomega · 21. August 2007

Von welchenm Programm sprichst Du?

Patient Hunter · 21. August 2007

nein ich glaub er meint eraser das ist zum vollständigen löschen von dateien musst nur alles suchen was mit bearshare zu tuen hat
ich habs hier auf cd aber ich such dir nen url

Patient Hunter · 21. August 2007

http://www.chip.de/downloads/c1_downloads_12994923.html

Mopao · 21. August 2007

Hallo lotusomega,

Dein PC ist infiziert mit Spyware/Adware Bearshare,auf keinen Fall sie wieder installieren,melde mich später für die Reinigung bzw Bearshare deinstallation,wenn ich zu Hause bin.

Patient Hunter
Deine Idee war nicht gut,wieder installieren kann andere Infektion bzw Malware bringen

lotusomega · 21. August 2007

Hi,
also nochmal installiert habe ich es nicht.
Mal abwarten was Mopao sagt^^

Mopao · 21. August 2007

Noch Geduld

lotusomega · 22. August 2007

Is kein Thema, hab das nur geschrieben, dass du weißt, dass ich es nicht noch mal installiert habe.

Mopao · 23. August 2007

Hallo,

#Folgende Registry Key loeschen (Die Rote)
Gehe auf Start/Ausführen den Befehl regedit eingeben und bestätige mit OK,dann navigieren!

HKEY_LOCAL_MACHINE\SOFTWARE\BearShare

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BearShare.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}
@="BearShare"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BearShare.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.AudioCD

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A4A19A-00AC-473c-8225-1B97D1FDD43E}\ProgID
@="BearShare.LauncherEventHandler.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A4A19A-00AC-473c-8225-1B97D1FDD43E}\VersionIndependentProgID
@="BearShare.LauncherEventHandler"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\BearShare

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{438214DB-BB3C-4813-89F3-B3757D52B28E}
"AppName"="BearShare.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
"SearchAssistant"="http://search.bearshare.com/sidebar.html?src=ssb"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival
"DefaultIcon"="D:\\PROGRA~1\\BearShare.exe, 0"
"Provider"="BearShare"
"ProgID"="BearShare.LauncherEventHandler"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival
"DefaultIcon"="D:\\PROGRA~1\\BearShare.exe, 0"
"Provider"="BearShare"
"InvokeProgID"="BearShare.AudioCD"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival
"DefaultIcon"="D:\\PROGRA~1\\BearShare.exe, 0"
"Provider"="BearShare"
"InvokeProgID"="BearShare.AudioCD"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival
"DefaultIcon"="D:\\PROGRA~1\\BearShare.exe, 0"
"Provider"="BearShare"
"InvokeProgID"="BearShare.AudioCD"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BearShare

HKEY_CURRENT_USER\Software\BearShare

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://search.bearshare.com/sidebar.html?src=ssb"
"Search Bar"="http://search.bearshare.com/sidebar.html?src=ssb"
"SearchAssistant"="http://search.bearshare.com/sidebar.html?src=ssb"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BearShare

#PC neustarten!
#Neuer HijackThis log , [url=http://www.paules-pc-forum.de/phpBB2/topic,98281.html]Navilog1[/url] Ergebnis & WindowsScan Ergebnis posten

lotusomega · 23. August 2007

1. HijackThis v2.0.0 (BETA)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:43:25, on 23.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

2. Navilog1

Search Navipromo version 2.0.9 began on 23.08.2007 at 13:45:38,75

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Programme\navilog1
Updated on 20.08.2007 at 22h30 by IL-MAFIOSO

Done in normal mode

*** Searching for installed Software ***

*** Search folders in C:\WINDOWS ***

*** Search folders in C:\Programme ***

*** Search folders in C:\Dokumente und Einstellungen\All Users\Application Data ***

*** Search folders in C:\Dokumente und Einstellungen\Matze\Anwendungsdaten ***

*** Search with BlackLight Engine/F-secure ***
BlackLight Engine is a product of F-secure, for more info:
http://www.f-secure.com/blacklight/blacklight_help.html

F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

[+] Started on 08/23/07 at 13:45:41.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 08/23/07 at 13:51:21 (return code = 0).

*** Search with GenericNaviSearch ***
!!! Possibility of legitims files in the result !!!
!!! To be always checked before manually deleting !!!

Files found :

No File found !

Suspicious Files :

No Suspicious File found !

*** Search files ***

*** Search registry keys ***

Search in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

Search in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

Search Magic Control Key

*** Complementary Search ***
(Search specifics files)

1)Search known files:

2)Heuristic Search :
*
**
***
****
*****
******
*******
********

3)Certificates Search :

Certificate Egroup not found !

*** Search completed on 23.08.2007 at 13:52:24,89 ***

3. WindowsScan

Die 30 neuesten Dateien im Ordner Windows:

23.08.2007 NeroDigital.ini 13 41:116
23.08.2007 WindowsUpdate.log 13 41:1.745.006
23.08.2007 0.log 13 40:0
23.08.2007 wiadebug.log 13 40:159
23.08.2007 wiaservc.log 13 40:50
23.08.2007 bootstat.dat 13 40:2.048
23.08.2007 SchedLgU.Txt 13 39:32.622
22.08.2007 wmsetup.log 19 04:399
21.08.2007 setupact.log 13 42:240
21.08.2007 setuperr.log 13 41:0
21.08.2007 win.ini 12 00:709
21.08.2007 system.ini 12 00:2.366
19.08.2007 setupapi.log 12 13:758
24.07.2007 mngui.INI 19 32:0
Ericsson 24.07.2007 ModemLog_Sony 19 32:11.898
06.07.2007 photos.zip 20 30:22
24.06.2007 msicpl.ini 12 11:133
15.06.2007 Thumbs.db 23 22:7.680
13.06.2007 explorer.exe 15 21:1.036.288
05.06.2007 iun6002.exe 19 38:724.992
26.03.2007 EPISMG00.SWB 11 38:12.862
23.01.2007 KHALMNPR.Exe 15 44:101.136
01.11.2006 WMSysPr9.prx 22 16:316.640
29.10.2006 d3dx.dat 18 57:4.096
05.10.2006 cdplayer.ini 17 25:574
14.07.2006 UNNeroVision.exe 16 29:966.656
14.07.2006 UNRecode.exe 16 29:966.656

Die 50 neuesten Dateien im Ordner Windows\system32:

23.08.2007 wpa.dbl 13 40:13.744
23.08.2007 nvapps.xml 13 40:87.736
21.08.2007 perfh009.dat 13 40:380.350
21.08.2007 perfc009.dat 13 40:52.764
21.08.2007 perfh007.dat 13 40:391.000
21.08.2007 perfc007.dat 13 40:63.580
21.08.2007 PerfStringBackup.INI 13 40:897.954
20.08.2007 gnc.exe 23 50:3.290
03.08.2007 MRT.exe 06 34:16.789.464
19.07.2007 mshtml.dll 08 56:3.583.488
18.07.2007 Mswinsck.ocx 01 08:124.688
27.06.2007 wininet.dll 16 05:823.808
27.06.2007 webcheck.dll 16 05:232.960
27.06.2007 urlmon.dll 16 05:1.152.000
27.06.2007 occache.dll 16 05:102.400
27.06.2007 url.dll 16 05:105.984
27.06.2007 mstime.dll 16 05:671.232
27.06.2007 msrating.dll 16 05:193.024
27.06.2007 mshtmled.dll 16 05:477.696
27.06.2007 msfeedsbs.dll 16 05:52.224
27.06.2007 msfeeds.dll 16 05:459.264
27.06.2007 jsproxy.dll 16 05:27.648
27.06.2007 inetcpl.cpl 16 05:1.824.256
27.06.2007 iertutil.dll 16 04:267.776
27.06.2007 iernonce.dll 16 04:44.544
27.06.2007 ieframe.dll 16 04:6.058.496
27.06.2007 iedkcs32.dll 16 04:384.512
27.06.2007 ieapfltr.dll 16 04:383.488
27.06.2007 ieaksie.dll 16 04:230.400
27.06.2007 advpack.dll 16 04:124.928
27.06.2007 ieakeng.dll 16 04:153.088
27.06.2007 extmgr.dll 16 04:132.608
27.06.2007 ieudinit.exe 10 27:13.824
27.06.2007 ie4uinit.exe 10 27:63.488
27.06.2007 ieakui.dll 09 00:161.792
26.06.2007 msxml3.dll 08 08:1.104.896
19.06.2007 gdi32.dll 15 31:282.112
11.06.2007 wmp.dll 23 51:10.834.944
17.05.2007 oleaut32.dll 13 28:549.376
16.05.2007 inetcomm.dll 17 11:683.520
08.05.2007 msxml4.dll 15 03:1.275.392
27.04.2007 QuickTimeVR.qtx 09 42:65.536
27.04.2007 QuickTime.qts 09 42:49.152
25.04.2007 schannel.dll 16 22:144.896
22.04.2007 Log_20070422_184451_65C.txt 18 44:120
22.04.2007 Log_20070422_184450_D60.txt 18 44:120
22.04.2007 Log_20070422_184449_454.txt 18 44:120

# Copyright (c) 1993-1999 Microsoft Corp.
#
# Dies ist eine HOSTS-Beispieldatei, die von Microsoft TCP/IP
# für Windows 2000 verwendet wird.
#
# Diese Datei enthält die Zuordnungen der IP-Adressen zu Hostnamen.
# Jeder Eintrag muss in einer eigenen Zeile stehen. Die IP-
# Adresse sollte in der ersten Spalte gefolgt vom zugehörigen
# Hostnamen stehen.
# Die IP-Adresse und der Hostname müssen durch mindestens ein
# Leerzeichen getrennt sein.
#
# Zusätzliche Kommentare (so wie in dieser Datei) können in
# einzelnen Zeilen oder hinter dem Computernamen eingefügt werden,
# aber müssen mit dem Zeichen '#' eingegeben werden.
#
# Zum Beispiel:
#
# 102.54.94.97 rhino.acme.com # Quellserver
# 38.25.63.10 x.acme.com # x-Clienthost

127.0.0.1 localhost

Mopao · 29. August 2007

Hallo lotusomega,

Poste mal dein aktuelle HijackThis Log

Programm lässt sich nicht deinstallieren

Jetzt mitmachen!

Teilen

Benutzer online in diesem Thema