Probleme mit CoolWWWSearch.WCADW

bregovic · 28.12.2005, 20:04

Hi,
danke erstmal für Deine schnelle Hilfe:-)

So, als erstes mal das erste Smitfraud

SmitFraudFix v2.10

Rapport fait à 18:16:23,09 le 28.12.2005
Executé à partir de C:\Dokumente und Einstellungen\***\Eigene Dateien\Audo\Neuer Ordner\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\

C:\secure32.html PRESENT !
C:\winstall.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

C:\WINDOWS\desktop.html PRESENT !
C:\WINDOWS\kl.exe PRESENT !
C:\WINDOWS\secure32.html PRESENT !
C:\WINDOWS\tool1.exe PRESENT !
C:\WINDOWS\tool2.exe PRESENT !
C:\WINDOWS\tool3.exe PRESENT !
C:\WINDOWS\tool4.exe PRESENT !
C:\WINDOWS\tool5.exe PRESENT !
C:\WINDOWS\toolbar.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

C:\WINDOWS\system32\paytime.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Dokumente und Einstellungen\***\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Programme

»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Das zweite Smitfraud

SmitFraudFix v2.10

Rapport fait à 18:20:40,03 le 28.12.2005
Executé à partir de C:\Dokumente und Einstellungen\***\Eigene Dateien\Audo\Neuer Ordner\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\secure32.html supprimé
C:\winstall.exe supprimé
C:\WINDOWS\desktop.html supprimé
C:\WINDOWS\kl.exe supprimé
C:\WINDOWS\secure32.html supprimé
C:\WINDOWS\tool1.exe supprimé
C:\WINDOWS\tool2.exe supprimé
C:\WINDOWS\tool3.exe supprimé
C:\WINDOWS\tool4.exe supprimé
C:\WINDOWS\tool5.exe supprimé
C:\WINDOWS\toolbar.exe supprimé
C:\WINDOWS\system32\paytime.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Das Ewido File
---------------------------------------------------------
ewido anti-malware - Scan Report
---------------------------------------------------------

+ Erstellt am: 19:24:26, 28.12.2005
+ Report-Checksumme: 57BFAED0

+ Scanergebnis:

HKU\S-1-5-21-1659004503-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{946B3E9E-E21A-49C8-9F63-900533FAFE14} -> Spyware.HotBar : Gesäubert mit Backup
HKU\S-1-5-21-1659004503-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E77EDA01-3C56-4A96-8D08-02B42891C169} -> Spyware.HotBar : Gesäubert mit Backup
HKU\S-1-5-21-1659004503-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{946B3E9E-E21A-49C8-9F63-900533FAFE14} -> Spyware.HotBar : Gesäubert mit Backup
HKU\S-1-5-21-1659004503-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E77EDA01-3C56-4A96-8D08-02B42891C169} -> Spyware.HotBar : Gesäubert mit Backup
:mozilla.17:C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\0jvp1m57.default\cookies.txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
:mozilla.20:C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\0jvp1m57.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.21:C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\0jvp1m57.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.22:C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\0jvp1m57.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.23:C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\0jvp1m57.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.24:C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\0jvp1m57.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.25:C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\0jvp1m57.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
D:\Programme\Microsoft AntiSpyware\Quarantine\300B23A3-36E3-49C7-A482-2C870F\536014E3-2AC7-4C12-A807-DF5A58 -> Spyware.HotBar : Gesäubert mit Backup
D:\Programme\Microsoft AntiSpyware\Quarantine\300B23A3-36E3-49C7-A482-2C870F\B87335B8-7ADB-4C37-A484-D7C977 -> Spyware.HotBar : Gesäubert mit Backup
D:\Programme\Microsoft AntiSpyware\Quarantine\656E9E46-0E8F-41EC-A620-D331E1\10090FDA-BC76-4DAB-8102-363340 -> Spyware.HotBar : Gesäubert mit Backup
D:\Programme\Microsoft AntiSpyware\Quarantine\656E9E46-0E8F-41EC-A620-D331E1\7ABE4148-492F-4A68-8014-B6EF14 -> Spyware.HotBar : Gesäubert mit Backup
D:\Programme\Microsoft AntiSpyware\Quarantine\656E9E46-0E8F-41EC-A620-D331E1\B145EB8F-E855-489E-8057-377D49 -> Spyware.HotBar : Gesäubert mit Backup

::Report Ende

Dann Silent-Runners

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Spamihilator" = ""d:\Programme\Spamihilator\spamihilator.exe"" [file not found]
"H/PC Connection Agent" = ""D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"SpybotSD TeaTimer" = "D:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"WinDVR SchSvr" = ""C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe"" ["InterVideo Inc."]
"gcasServ" = ""D:\Programme\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"Alle meine Passworte" = "D:\PROGRA~1\AMP\AMP.EXE" ["Mirko Böer"]
"pccguide.exe" = ""D:\Programme\Trend Micro\Internet Security 12\pccguide.exe"" ["Trend Micro Incorporated."]
"SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"SunJavaUpdateSched" = "D:\Programme\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"FreePDF Assistant" = "C:\Programme\FreePDF_XP\fpassist.exe" [null data]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"iTunesHelper" = ""D:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{22E7934B-566D-47b5-AEC1-E91724A0B490}" = "AkasHook Sample"
-> {CLSID}\InProcServer32\(Default) = "AkasHook.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{48F45200-91E6-11CE-8A4F-0080C81A28D4}" = "TMD Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\Trend Micro\Internet Security 12\Tmdshell.dll" ["Trend Micro Incorporated."]
"{771A9DA0-731A-11CE-993C-00AA004ADB6C}" = "VBPropSheet"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\Trend Micro\Internet Security 12\VBProp.dll" ["Trend Micro Incorporated."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\WinRAR\rarext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\TagRename\TRshell.dll" ["Softpointer Inc"]
"{8932AEFE-9DB6-4f43-AFB2-5682F55E773A}" = "VPCHostCopyHook"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\Microsoft Virtual PC\VPCShExH.DLL" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}" = "Hex Editor Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"]
"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\a-squared\a2contmenu.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\Microsoft AntiSpyware\shellextension.dll" [MS]
INFECTION WARNING! "{22E7934B-566D-47b5-AEC1-E91724A0B490}" = "AkasHook Sample"
-> {CLSID}\InProcServer32\(Default) = "AkasHook.dll" [null data]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "Shell" = "explorer.exe "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"" [MS], [file not found], [file not found], [file not found], [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Hex Editor 3\(Default) = "{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\HHD Software\Hex Editor 3.x\heshell.dll" ["HHD Software"]
TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\TagRename\TRshell.dll" ["Softpointer Inc"]
UltraEdit-32\(Default) = "{b5eedee0-c06e-11cf-8c56-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\IDM Computer Solutions\UltraEdit-32\ue32ctmn.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\a-squared\a2contmenu.dll" [null data]
TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\TagRename\TRshell.dll" ["Softpointer Inc"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Startup items in "***" & "All Users" startup folders:
-----------------------------------------------------

C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart
"Microsoft Office OneNote 2003 Schnellstart" -> shortcut to: "D:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr" [MS]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader - Schnellstart" -> shortcut to: "D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"HyperSnap-DX 5" -> shortcut to: "D:\Programme\HyperSnap-DX 5\HprSnap5.exe" ["Hyperionics Technology LLC"]
"InterVideo WinCinema Manager" -> shortcut to: "D:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
"Logitech Desktop Messenger" -> shortcut to: "D:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Microsoft Office OneNote 2003 Schnellstart" -> shortcut to: "D:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Mobilen Favoriten erstellen"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\Microsoft ActiveSync\inetrepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Mobilen Favoriten erstellen..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "d:\Programme\Microsoft ActiveSync\inetrepl.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
ewido security suite control, ewido security suite control, "d:\Programme\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
iPodService, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Trend Micro Central Control Component, PcCtlCom, "D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe" ["Trend Micro Incorporated."]
Trend Micro Personal Firewall, TmPfw, "D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe" ["Trend Micro Inc."]
Trend Micro Proxy Service, tmproxy, "D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe" ["Trend Micro Inc."]
Trend Micro Real-time Service, Tmntsrv, "D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe" ["Trend Micro Incorporated."]
USBATool, USBATool, "C:\WINDOWS\USBATool.exe" ["concept/design GmbH"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Redirected Port\Driver = "redmonnt.dll" [null data]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 233 seconds, including 8 seconds for message boxes)

geht unten weiter...

Probleme mit CoolWWWSearch.WCADW

Log-Analyse und Auswertung: Probleme mit CoolWWWSearch.WCADW

Probleme mit CoolWWWSearch.WCADW

Ähnliche Themen: Probleme mit CoolWWWSearch.WCADW