Hallo,
also ich bin ja kein Freund von schnellem formatieren, wirklich nicht, aber das was Du Dir da alles gesammelt hast
Zitat:
|
Zitat von Summit C:\WINDOWS\S2Fyc3Rlbg\command.exe
C:\WINDOWS\system32\paytime.exe
C:\mousepad2.exe
C:\WINDOWS\ieredir.exe
C:\winstall.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\PROGRA~1\GEMEIN~1\koof\koofm.exe
C:\PROGRA~1\GEMEIN~1\koof\koofa.exe
C:\Programme\Gemeinsame Dateien\Windows\services32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0407/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 - REG:system.ini: Shell=explorer.exe "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Programme\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys2.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [IE Redir] C:\WINDOWS\ieredir.exe
O4 - HKCU\..\Run: [Shell] "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [koof] C:\PROGRA~1\GEMEIN~1\koof\koofm.exe
O4 - HKCU\..\Run: [services32] C:\Programme\Gemeinsame Dateien\Windows\mc-110-12-0000228.exe
O4 - Startup: Contour 6.0 Databank.lnk = ?
O4 - Global Startup: AmadeusPrinter.lnk = C:\Programme\Amadeus\Pro Printer\autosrv.exe
O4 - Global Startup: Vista IE User.lnk = C:\Install\Vista\Daten\Skript1\setregistry.bat
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: http://*.amadeusvista.de
O15 - Trusted Zone: http://www.portevo.de
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - file://C:\Install\Vista\AUInstall\AutoUpdateATL.CAB
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://amadeusvista.com/vwp/common/cabs/VistaPWComms.CAB
O16 - DPF: {3D518D7D-422F-4787-AC71-10BB552E897B} (Amadeus_SP2_Patcher Class) - http://amadeusvista.com/vwp/common/cabs/SP2Patch.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139241705546
O16 - DPF: {665C05C1-517D-11D3-BE4A-00008322ED5D} (MSIInspect.Inspector) - http://amadeusvista.com/vwp/common/cabs/MSIInspect.CAB
O16 - DPF: {74344641-0CD3-4DFB-8154-F2C08D481964} (VistaEasyInstall Class) - https://www.portevo.de/plugins/vistainst/VistaEasyInstall.cab
O16 - DPF: {EBE01DF7-D451-11D5-A842-000102A97CAB} (AmadeusInit.Init) - http://amadeusvista.com/vwp/common/cabs/AmadeusInit.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7A7AA58-9DF7-462F-ADA8-08F08803089A}: NameServer = 192.168.97.254,194.25.2.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{B7A7AA58-9DF7-462F-ADA8-08F08803089A}: NameServer = 192.168.97.254,194.25.2.129
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\ckpbk32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2Fyc3Rlbg\command.exe
O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - C:\WINDOWS\winlogon.exe" -service (file missing) |
um jetzt mal nur die eindeutigen Einträge stehen zu lassen, bei denen es außer Frage steht, was sie machen.
Also, Neuaufsetzen, alles andere macht dumm
Gruß
Schrulli
13.03.2006, 18:18
Baum-Darstellung