WinFixer2005 / Winfix-Meldung |
||
---|---|---|
#0
| ||
09.08.2005, 00:42
Ehrenmitglied
Beiträge: 6028 |
||
|
||
09.08.2005, 10:14
Member
Beiträge: 4730 |
#17
hmmm... CounterSpy - ich hab damit auch mal gescannt... da kann man ja gleich das AntiSpy von Microsoft verwenden. Ist dasselbe - nur kostenlos
Wir müssen das Problem also woanders suchen... __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
09.08.2005, 10:58
Ehrenmitglied
Beiträge: 29434 |
#18
Hallo@Managor
kannst du mal die 4 Dateibloecke von DOS posten? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.08.2005, 12:58
Ehrenmitglied
Beiträge: 6028 |
||
|
||
09.08.2005, 13:34
Ehrenmitglied
Beiträge: 29434 |
||
|
||
09.08.2005, 13:49
Ehrenmitglied
Beiträge: 6028 |
#21
Mmmmm http://www.google.de/search?hl=de&q=UWFX5LP_0001_0802&btnG=Google-Suche&meta=
__________ MfG Argus |
|
|
||
09.08.2005, 14:08
Ehrenmitglied
Beiträge: 29434 |
#22
Interessant ist:
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0802] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe" O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/W...nnerInstall.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer2005ScannerInstall.cab C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe Zitat in Temp standen noch 2 Dateien: _1414D2N.temp und NI.UWFX5LP_0001_0802C:\DOCUME~1\t40p\LOCALS~1\Temp 04.08.2005 08:36 793 pcf9.tmp 04.08.2005 08:32 2.234.435 WinFixer2005ScannerSetup.exe __________ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.08.2005, 14:30
...neu hier
Beiträge: 6 |
#23
Hilfe liebe Leute, auch ich habe das Problem mit dem Winfixer.
Habe mal hijack installiert und ausgeführt, hier das Ergebnis, bitte helft mir. Logfile of HijackThis v1.99.1 Scan saved at 14:28:57, on 09.08.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\D-Tools\daemon.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\OutLaster\shhost.exe C:\WINDOWS\System32\rundll32.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe C:\Programme\SlySoft\CloneCD\CloneCDTray.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Programme\Winamp\winampa.exe C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Programme\Logitech\SetPoint\KEM.exe C:\Programme\OnlineControlfgfgfgf\ocontrol.exe C:\Programme\Logitech\SetPoint\KHALMNPR.EXE C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\DfrgNtfs.exe C:\Programme\Mozilla Firefox\firefox.exe D:\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_72.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [shhost] C:\Programme\OutLaster\shhost.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [eDonkey2000] D:\tools\eDonkey2000\eDonkey2000.exe -t O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [mmtask] "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControlfgfgfgf\ocontrol.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {38F90ABC-4CB6-49EC-B4F4-C8A63700771B} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {38F90ABC-4CB6-49EC-B4F4-C8A63700771B} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\rIsdlg.dll O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\MQSTDFMT.DLL O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\rIsdlg.dll O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\rIsdlg.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Marmiko ZeroConfig Controller (MZCCntrl) - Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
|
|
||
09.08.2005, 15:22
Ehrenmitglied
Beiträge: 29434 |
#24
Hallo@
•LSPfix.exe http://www.spychecker.com/program/lspfix.html hake an: "I know what Im doing"-->Remove und loesche die newdotnet6_72.dll (eventuell musst du die dll von links nach rechts bringen) #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_72.dll O4 - HKLM\..\Run: [shhost] C:\Programme\OutLaster\shhost.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {38F90ABC-4CB6-49EC-B4F4-C8A63700771B} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {38F90ABC-4CB6-49EC-B4F4-C8A63700771B} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\rIsdlg.dll O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\MQSTDFMT.DLL O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\rIsdlg.dll O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\rIsdlg.dll PC neustarten •Deinstallieren: "Start -> Einstellungen -> Systemsteuerung -> Software" -->NewDotNet arbeite das bitte ab und poste alles http://virus-protect.org/L2mfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.08.2005, 16:11
...neu hier
Beiträge: 6 |
#25
Habe alles soweit gemacht wie du es gesagt hast aber leider öffnet sich der ... immer noch.
Hier nochmal aktuelles Log. Logfile of HijackThis v1.99.1 Scan saved at 16:17:07, on 09.08.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\D-Tools\daemon.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe C:\Programme\SlySoft\CloneCD\CloneCDTray.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Programme\Winamp\winampa.exe C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe C:\Programme\Logitech\SetPoint\KEM.exe C:\Programme\OnlineControlfgfgfgf\ocontrol.exe C:\Programme\Logitech\SetPoint\KHALMNPR.EXE C:\Programme\Mozilla Firefox\firefox.exe D:\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [eDonkey2000] D:\tools\eDonkey2000\eDonkey2000.exe -t O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [mmtask] "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControlfgfgfgf\ocontrol.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\rIsdlg.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Marmiko ZeroConfig Controller (MZCCntrl) - Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Dieser Beitrag wurde am 09.08.2005 um 16:13 Uhr von Milchi01 editiert.
|
|
|
||
09.08.2005, 22:55
Ehrenmitglied
Beiträge: 29434 |
#26
Hallo@Milchi01
warum hast du mir nicht die ganzen Scans vom L2mfix gepostet, wie ich erbeten hatte ??????? Fixe mit dem HijackTHis. O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\rIsdlg.dll neustarten Start--> Ausfuehren--> cmd--> DOS wird sich oeffnen-->kopiere nur die Eintraege der 30 letzten Tage raus (mit pfad) einzeln reinkopieren:--> dann abkopieren, was im Text editor erscheint cd\ cd %windir%\system32 dir /a:-d /o:-d > %systemdrive%\system32.txt start %systemdrive%\system32.txt cls exit cd\ cd %temp%\ dir /a:-d /o:-d > %systemdrive%\systemtemp.txt start %systemdrive%\systemtemp.txt cls exit cd\ cd %windir% dir /a:-d /o:-d > %systemdrive%\system.txt start %systemdrive%\system.txt cls exit cd\ dir /a:-d /o:-d > %systemdrive%\sys.txt start %systemdrive%\sys.txt cls exit __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.08.2005, 09:21
...neu hier
Beiträge: 6 |
#27
Sorry, habe den link wohl irgendwie übersehen, habe das mal nachgeholt. Hoffentlich kannst du damit was anfangen.
L2MFIX find log 1.02b These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\rIsdlg.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{8FAC15E9-1CD4-0F12-AD51-9C0FC809D5C4}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}"="IZArc DragDrop Menu" "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"="IZArc Shell Context Menu" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{2E295FF5-4256-46BB-8588-5335DBD90165}"="" "{802B5A16-81A5-4D55-A326-20440FA34803}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2E295FF5-4256-46BB-8588-5335DBD90165}] @="" [HKEY_CLASSES_ROOT\CLSID\{2E295FF5-4256-46BB-8588-5335DBD90165}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2E295FF5-4256-46BB-8588-5335DBD90165}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2E295FF5-4256-46BB-8588-5335DBD90165}\InprocServer32] @="C:\\WINDOWS\\system32\\CbdLineExt03.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{802B5A16-81A5-4D55-A326-20440FA34803}] @="" [HKEY_CLASSES_ROOT\CLSID\{802B5A16-81A5-4D55-A326-20440FA34803}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{802B5A16-81A5-4D55-A326-20440FA34803}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{802B5A16-81A5-4D55-A326-20440FA34803}\InprocServer32] @="C:\\WINDOWS\\system32\\plspl.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ aeledit.dll Mon 1 Aug 2005 11:39:32 ..S.R 417.792 408,00 K atl71.dll Wed 6 Jul 2005 17:17:28 A.... 89.088 87,00 K ayicap32.dll Sun 10 Jul 2005 14:56:46 ..S.R 417.792 408,00 K cbdlin~1.dll Thu 14 Jul 2005 19:17:58 ..S.R 417.792 408,00 K cdm.dll Thu 26 May 2005 4:16:24 A.... 75.544 73,77 K cfyptdlg.dll Mon 1 Aug 2005 20:56:52 ..S.R 417.792 408,00 K cipbk32.dll Tue 5 Jul 2005 11:52:30 ..S.R 417.792 408,00 K cjmrepl.dll Mon 1 Aug 2005 19:07:30 ..S.R 417.792 408,00 K cvmpstui.dll Tue 5 Jul 2005 18:57:36 ..S.R 417.792 408,00 K diwsock.dll Sun 10 Jul 2005 14:51:06 ..S.R 417.792 408,00 K dzsshlex.dll Tue 9 Aug 2005 8:11:32 ..... 417.792 408,00 K eccdec.dll Sat 23 Jul 2005 20:50:22 ..S.R 417.792 408,00 K hr23msp.dll Sun 10 Jul 2005 16:16:22 ..S.R 417.792 408,00 K igssvcs.dll Mon 25 Jul 2005 9:05:02 ..S.R 417.792 408,00 K ioitpki.dll Mon 1 Aug 2005 18:55:10 ..S.R 417.792 408,00 K iuengine.dll Thu 26 May 2005 4:16:24 A.... 198.424 193,77 K ivmp.dll Sun 10 Jul 2005 10:28:26 ..S.R 417.792 408,00 K kedtuq.dll Mon 1 Aug 2005 19:16:14 ..S.R 417.792 408,00 K mdvcrtd.dll Mon 8 Aug 2005 14:46:52 ..S.R 417.792 408,00 K mfstdfmt.dll Sun 10 Jul 2005 20:04:32 ..S.R 417.792 408,00 K mgd32.dll Sun 10 Jul 2005 15:12:16 ..S.R 417.792 408,00 K mhmefilt.dll Sun 10 Jul 2005 15:05:56 ..S.R 417.792 408,00 K mj4sdmod.dll Sun 10 Jul 2005 14:52:58 ..S.R 417.792 408,00 K mkvcrt40.dll Mon 8 Aug 2005 19:19:54 ..S.R 417.792 408,00 K mlcms.dll Sun 10 Jul 2005 14:59:42 ..S.R 417.792 408,00 K mpgina.dll Thu 7 Jul 2005 12:55:22 ..S.R 417.792 408,00 K mqstdfmt.dll Mon 8 Aug 2005 19:19:44 ..S.R 417.792 408,00 K mrv1_0.dll Mon 1 Aug 2005 19:03:46 ..S.R 417.792 408,00 K muweb.dll Thu 26 May 2005 4:19:32 A.... 178.408 174,23 K mzc71fra.dll Sun 10 Jul 2005 19:24:26 ..S.R 417.792 408,00 K nbgpio.dll Mon 1 Aug 2005 17:31:46 ..S.R 417.792 408,00 K ncmctray.dll Sat 23 Jul 2005 22:26:16 ..S.R 417.792 408,00 K ngopenal.dll Sat 6 Aug 2005 9:42:42 ..S.R 417.792 408,00 K nltrap.dll Mon 1 Aug 2005 18:53:08 ..S.R 417.792 408,00 K nnrshe.dll Mon 25 Jul 2005 9:00:54 ..S.R 417.792 408,00 K norshu.dll Sun 24 Jul 2005 9:42:02 ..S.R 417.792 408,00 K npgpio.dll Mon 11 Jul 2005 12:42:06 ..S.R 417.792 408,00 K obeaut32.dll Mon 11 Jul 2005 22:13:50 ..S.R 417.792 408,00 K ogfox32.dll Mon 11 Jul 2005 22:13:44 ..S.R 417.792 408,00 K ooeacc.dll Mon 11 Jul 2005 22:33:34 ..S.R 417.792 408,00 K otdbse32.dll Sun 10 Jul 2005 14:54:32 ..S.R 417.792 408,00 K oubcjt32.dll Thu 14 Jul 2005 11:46:18 ..S.R 417.792 408,00 K pbtorec.dll Mon 25 Jul 2005 11:01:58 ..S.R 417.792 408,00 K plspl.dll Wed 10 Aug 2005 9:20:46 ..S.R 417.792 408,00 K pqrfctrs.dll Mon 4 Jul 2005 16:25:58 ..S.R 417.792 408,00 K qqv.dll Mon 1 Aug 2005 18:58:16 ..S.R 417.792 408,00 K risdlg.dll Mon 8 Aug 2005 11:13:10 ..S.R 417.792 408,00 K salwoa.dll Fri 29 Jul 2005 10:22:36 ..S.R 417.792 408,00 K selsrv32.dll Mon 11 Jul 2005 18:41:34 ..S.R 417.792 408,00 K sjdll.dll Mon 11 Jul 2005 18:41:28 ..S.R 417.792 408,00 K ubnphost.dll Mon 11 Jul 2005 17:19:32 ..S.R 417.792 408,00 K ujrcntra.dll Mon 11 Jul 2005 17:19:40 ..S.R 417.792 408,00 K vrajet32.dll Sun 7 Aug 2005 1:06:12 ..S.R 417.792 408,00 K wivemsp.dll Sun 7 Aug 2005 1:06:22 ..S.R 417.792 408,00 K wuapi.dll Thu 26 May 2005 4:16:22 A.... 466.200 455,27 K wuaueng.dll Thu 26 May 2005 4:16:30 A.... 1.343.768 1,28 M wuaueng1.dll Thu 26 May 2005 4:16:22 A.... 194.840 190,27 K wucltui.dll Thu 26 May 2005 4:16:22 A.... 128.280 125,27 K wups.dll Thu 26 May 2005 4:16:30 A.... 41.240 40,27 K wups2.dll Thu 26 May 2005 4:16:30 A.... 18.200 17,77 K wuweb.dll Thu 26 May 2005 4:19:32 A.... 173.536 169,47 K 61 items found: 61 files (49 H/S), 0 directories. Total of file sizes: 23.797.128 bytes 22,69 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Sat 9 Jul 2005 0:37:26 ..S.R 417.792 408,00 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 417.792 bytes 408,00 K ********************************************************************************** Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C8D0-4216 Verzeichnis von C:\WINDOWS\System32 10.08.2005 09:20 417.792 plspl.dll 09.08.2005 22:36 <DIR> dllcache 08.08.2005 19:19 417.792 mkvcrt40.dll 08.08.2005 19:19 417.792 MQSTDFMT.DLL 08.08.2005 14:46 417.792 MDVCRTD.DLL 08.08.2005 11:13 417.792 rIsdlg.dll 07.08.2005 01:06 417.792 wIvemsp.dll 07.08.2005 01:06 417.792 vrajet32.dll 06.08.2005 09:42 417.792 ngopenal.dll 01.08.2005 20:56 417.792 cfyptdlg.dll 01.08.2005 19:16 417.792 kedtuq.dll 01.08.2005 19:07 417.792 cjmrepl.dll 01.08.2005 19:03 417.792 mrv1_0.dll 01.08.2005 18:58 417.792 qqv.dll 01.08.2005 18:55 417.792 ioitpki.dll 01.08.2005 18:53 417.792 nltrap.dll 01.08.2005 17:31 417.792 Nbgpio.dll 01.08.2005 11:39 417.792 aeledit.dll 29.07.2005 10:22 417.792 salwoa.dll 25.07.2005 11:01 417.792 pbtorec.dll 25.07.2005 09:05 417.792 iGssvcs.dll 25.07.2005 09:00 417.792 nnrshe.dll 24.07.2005 09:42 417.792 norshu.dll 23.07.2005 22:26 417.792 ncmctray.dll 23.07.2005 20:50 417.792 eccdec.dll 14.07.2005 19:17 417.792 CbdLineExt03.dll 14.07.2005 11:46 417.792 oubcjt32.dll 11.07.2005 22:33 417.792 ooeacc.dll 11.07.2005 22:13 417.792 obeaut32.dll 11.07.2005 22:13 417.792 ogfox32.dll 11.07.2005 18:41 417.792 selsrv32.dll 11.07.2005 18:41 417.792 sjdll.dll 11.07.2005 17:19 417.792 ujrcntra.dll 11.07.2005 17:19 417.792 ubnphost.dll 11.07.2005 12:42 417.792 Npgpio.dll 10.07.2005 20:04 417.792 MFSTDFMT.DLL 10.07.2005 19:24 417.792 MZC71FRA.DLL 10.07.2005 16:16 417.792 hR23msp.dll 10.07.2005 15:12 417.792 mgd32.dll 10.07.2005 15:05 417.792 mhmefilt.dll 10.07.2005 14:59 417.792 mlcms.dll 10.07.2005 14:56 417.792 ayicap32.dll 10.07.2005 14:54 417.792 otdbse32.dll 10.07.2005 14:52 417.792 mj4sdmod.dll 10.07.2005 14:51 417.792 diwsock.dll 10.07.2005 10:28 417.792 ivmp.dll 09.07.2005 00:37 417.792 guard.tmp 07.07.2005 12:55 417.792 mpgina.dll 05.07.2005 18:57 417.792 cvmpstui.dll 05.07.2005 11:52 417.792 cipbk32.dll 04.07.2005 16:25 417.792 pqrfctrs.dll 06.11.2004 16:16 10.022 KGyGaAvL.sys 04.11.2004 19:46 <DIR> Microsoft 51 Datei(en) 20.899.622 Bytes 2 Verzeichnis(se), 13.863.698.432 Bytes frei ------------------------------------------------------------------------------ So, nachdem ausführen des Progs sieht es dann so aus. So, nachdem ausführen des Progs sieht es dann so aus. C:\ C:\ System Rebooted! Running From: C:\ killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Killing PID 1792 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 212 'rundll32.exe' Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Backing Up: C:\WINDOWS\system32\aeledit.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\aeledit.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ayicap32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ayicap32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\CbdLineExt03.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\CbdLineExt03.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\cfyptdlg.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\cfyptdlg.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\cipbk32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\cipbk32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\cjmrepl.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\cjmrepl.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\cvmpstui.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\cvmpstui.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\diwsock.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\diwsock.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\dzsshlex.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\dzsshlex.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\eccdec.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\eccdec.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\hR23msp.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\hR23msp.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\iGssvcs.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\iGssvcs.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ioitpki.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ioitpki.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ivmp.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ivmp.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\kedtuq.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\kedtuq.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\MDVCRTD.DLL 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\MDVCRTD.DLL 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\MFSTDFMT.DLL 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\MFSTDFMT.DLL 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mgd32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mgd32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mhmefilt.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mhmefilt.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mj4sdmod.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mj4sdmod.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mkvcrt40.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mkvcrt40.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mlcms.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mlcms.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mpgina.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mpgina.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\MQSTDFMT.DLL 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\MQSTDFMT.DLL 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mrv1_0.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\mrv1_0.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\MZC71FRA.DLL 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\MZC71FRA.DLL 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\Nbgpio.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\Nbgpio.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ncmctray.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ncmctray.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ngopenal.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ngopenal.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\nltrap.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\nltrap.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\nnrshe.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\nnrshe.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\norshu.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\norshu.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\Npgpio.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\Npgpio.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\obeaut32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\obeaut32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ogfox32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ogfox32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ooeacc.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ooeacc.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\otdbse32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\otdbse32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\oubcjt32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\oubcjt32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\pbtorec.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\pbtorec.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\plspl.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\plspl.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\pqrfctrs.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\pqrfctrs.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\qqv.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\qqv.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\rIsdlg.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\rIsdlg.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\rZsdlg.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\rZsdlg.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\salwoa.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\salwoa.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\selsrv32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\selsrv32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\sjdll.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\sjdll.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ubnphost.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ubnphost.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ujrcntra.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\ujrcntra.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\vrajet32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\vrajet32.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\wIvemsp.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\wIvemsp.dll 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\guard.tmp 1 Datei(en) kopiert. Backing Up: C:\WINDOWS\system32\guard.tmp 1 Datei(en) kopiert. deleting: C:\WINDOWS\system32\aeledit.dll Successfully Deleted: C:\WINDOWS\system32\aeledit.dll deleting: C:\WINDOWS\system32\aeledit.dll Successfully Deleted: C:\WINDOWS\system32\aeledit.dll deleting: C:\WINDOWS\system32\ayicap32.dll Successfully Deleted: C:\WINDOWS\system32\ayicap32.dll deleting: C:\WINDOWS\system32\ayicap32.dll Successfully Deleted: C:\WINDOWS\system32\ayicap32.dll deleting: C:\WINDOWS\system32\CbdLineExt03.dll Successfully Deleted: C:\WINDOWS\system32\CbdLineExt03.dll deleting: C:\WINDOWS\system32\CbdLineExt03.dll Successfully Deleted: C:\WINDOWS\system32\CbdLineExt03.dll deleting: C:\WINDOWS\system32\cfyptdlg.dll Successfully Deleted: C:\WINDOWS\system32\cfyptdlg.dll deleting: C:\WINDOWS\system32\cfyptdlg.dll Successfully Deleted: C:\WINDOWS\system32\cfyptdlg.dll deleting: C:\WINDOWS\system32\cipbk32.dll Successfully Deleted: C:\WINDOWS\system32\cipbk32.dll deleting: C:\WINDOWS\system32\cipbk32.dll Successfully Deleted: C:\WINDOWS\system32\cipbk32.dll deleting: C:\WINDOWS\system32\cjmrepl.dll Successfully Deleted: C:\WINDOWS\system32\cjmrepl.dll deleting: C:\WINDOWS\system32\cjmrepl.dll Successfully Deleted: C:\WINDOWS\system32\cjmrepl.dll deleting: C:\WINDOWS\system32\cvmpstui.dll Successfully Deleted: C:\WINDOWS\system32\cvmpstui.dll deleting: C:\WINDOWS\system32\cvmpstui.dll Successfully Deleted: C:\WINDOWS\system32\cvmpstui.dll deleting: C:\WINDOWS\system32\diwsock.dll Successfully Deleted: C:\WINDOWS\system32\diwsock.dll deleting: C:\WINDOWS\system32\diwsock.dll Successfully Deleted: C:\WINDOWS\system32\diwsock.dll deleting: C:\WINDOWS\system32\dzsshlex.dll Successfully Deleted: C:\WINDOWS\system32\dzsshlex.dll deleting: C:\WINDOWS\system32\dzsshlex.dll Successfully Deleted: C:\WINDOWS\system32\dzsshlex.dll deleting: C:\WINDOWS\system32\eccdec.dll Successfully Deleted: C:\WINDOWS\system32\eccdec.dll deleting: C:\WINDOWS\system32\eccdec.dll Successfully Deleted: C:\WINDOWS\system32\eccdec.dll deleting: C:\WINDOWS\system32\hR23msp.dll Successfully Deleted: C:\WINDOWS\system32\hR23msp.dll deleting: C:\WINDOWS\system32\hR23msp.dll Successfully Deleted: C:\WINDOWS\system32\hR23msp.dll deleting: C:\WINDOWS\system32\iGssvcs.dll Successfully Deleted: C:\WINDOWS\system32\iGssvcs.dll deleting: C:\WINDOWS\system32\iGssvcs.dll Successfully Deleted: C:\WINDOWS\system32\iGssvcs.dll deleting: C:\WINDOWS\system32\ioitpki.dll Successfully Deleted: C:\WINDOWS\system32\ioitpki.dll deleting: C:\WINDOWS\system32\ioitpki.dll Successfully Deleted: C:\WINDOWS\system32\ioitpki.dll deleting: C:\WINDOWS\system32\ivmp.dll Successfully Deleted: C:\WINDOWS\system32\ivmp.dll deleting: C:\WINDOWS\system32\ivmp.dll Successfully Deleted: C:\WINDOWS\system32\ivmp.dll deleting: C:\WINDOWS\system32\kedtuq.dll Successfully Deleted: C:\WINDOWS\system32\kedtuq.dll deleting: C:\WINDOWS\system32\kedtuq.dll Successfully Deleted: C:\WINDOWS\system32\kedtuq.dll deleting: C:\WINDOWS\system32\MDVCRTD.DLL Successfully Deleted: C:\WINDOWS\system32\MDVCRTD.DLL deleting: C:\WINDOWS\system32\MDVCRTD.DLL Successfully Deleted: C:\WINDOWS\system32\MDVCRTD.DLL deleting: C:\WINDOWS\system32\MFSTDFMT.DLL Successfully Deleted: C:\WINDOWS\system32\MFSTDFMT.DLL deleting: C:\WINDOWS\system32\MFSTDFMT.DLL Successfully Deleted: C:\WINDOWS\system32\MFSTDFMT.DLL deleting: C:\WINDOWS\system32\mgd32.dll Successfully Deleted: C:\WINDOWS\system32\mgd32.dll deleting: C:\WINDOWS\system32\mgd32.dll Successfully Deleted: C:\WINDOWS\system32\mgd32.dll deleting: C:\WINDOWS\system32\mhmefilt.dll Successfully Deleted: C:\WINDOWS\system32\mhmefilt.dll deleting: C:\WINDOWS\system32\mhmefilt.dll Successfully Deleted: C:\WINDOWS\system32\mhmefilt.dll deleting: C:\WINDOWS\system32\mj4sdmod.dll Successfully Deleted: C:\WINDOWS\system32\mj4sdmod.dll deleting: C:\WINDOWS\system32\mj4sdmod.dll Successfully Deleted: C:\WINDOWS\system32\mj4sdmod.dll deleting: C:\WINDOWS\system32\mkvcrt40.dll Successfully Deleted: C:\WINDOWS\system32\mkvcrt40.dll deleting: C:\WINDOWS\system32\mkvcrt40.dll Successfully Deleted: C:\WINDOWS\system32\mkvcrt40.dll deleting: C:\WINDOWS\system32\mlcms.dll Successfully Deleted: C:\WINDOWS\system32\mlcms.dll deleting: C:\WINDOWS\system32\mlcms.dll Successfully Deleted: C:\WINDOWS\system32\mlcms.dll deleting: C:\WINDOWS\system32\mpgina.dll Successfully Deleted: C:\WINDOWS\system32\mpgina.dll deleting: C:\WINDOWS\system32\mpgina.dll Successfully Deleted: C:\WINDOWS\system32\mpgina.dll deleting: C:\WINDOWS\system32\MQSTDFMT.DLL Successfully Deleted: C:\WINDOWS\system32\MQSTDFMT.DLL deleting: C:\WINDOWS\system32\MQSTDFMT.DLL Successfully Deleted: C:\WINDOWS\system32\MQSTDFMT.DLL deleting: C:\WINDOWS\system32\mrv1_0.dll Successfully Deleted: C:\WINDOWS\system32\mrv1_0.dll deleting: C:\WINDOWS\system32\mrv1_0.dll Successfully Deleted: C:\WINDOWS\system32\mrv1_0.dll deleting: C:\WINDOWS\system32\MZC71FRA.DLL Successfully Deleted: C:\WINDOWS\system32\MZC71FRA.DLL deleting: C:\WINDOWS\system32\MZC71FRA.DLL Successfully Deleted: C:\WINDOWS\system32\MZC71FRA.DLL deleting: C:\WINDOWS\system32\Nbgpio.dll Successfully Deleted: C:\WINDOWS\system32\Nbgpio.dll deleting: C:\WINDOWS\system32\Nbgpio.dll Successfully Deleted: C:\WINDOWS\system32\Nbgpio.dll deleting: C:\WINDOWS\system32\ncmctray.dll Successfully Deleted: C:\WINDOWS\system32\ncmctray.dll deleting: C:\WINDOWS\system32\ncmctray.dll Successfully Deleted: C:\WINDOWS\system32\ncmctray.dll deleting: C:\WINDOWS\system32\ngopenal.dll Successfully Deleted: C:\WINDOWS\system32\ngopenal.dll deleting: C:\WINDOWS\system32\ngopenal.dll Successfully Deleted: C:\WINDOWS\system32\ngopenal.dll deleting: C:\WINDOWS\system32\nltrap.dll Successfully Deleted: C:\WINDOWS\system32\nltrap.dll deleting: C:\WINDOWS\system32\nltrap.dll Successfully Deleted: C:\WINDOWS\system32\nltrap.dll deleting: C:\WINDOWS\system32\nnrshe.dll Successfully Deleted: C:\WINDOWS\system32\nnrshe.dll deleting: C:\WINDOWS\system32\nnrshe.dll Successfully Deleted: C:\WINDOWS\system32\nnrshe.dll deleting: C:\WINDOWS\system32\norshu.dll Successfully Deleted: C:\WINDOWS\system32\norshu.dll deleting: C:\WINDOWS\system32\norshu.dll Successfully Deleted: C:\WINDOWS\system32\norshu.dll deleting: C:\WINDOWS\system32\Npgpio.dll Successfully Deleted: C:\WINDOWS\system32\Npgpio.dll deleting: C:\WINDOWS\system32\Npgpio.dll Successfully Deleted: C:\WINDOWS\system32\Npgpio.dll deleting: C:\WINDOWS\system32\obeaut32.dll Successfully Deleted: C:\WINDOWS\system32\obeaut32.dll deleting: C:\WINDOWS\system32\obeaut32.dll Successfully Deleted: C:\WINDOWS\system32\obeaut32.dll deleting: C:\WINDOWS\system32\ogfox32.dll Successfully Deleted: C:\WINDOWS\system32\ogfox32.dll deleting: C:\WINDOWS\system32\ogfox32.dll Successfully Deleted: C:\WINDOWS\system32\ogfox32.dll deleting: C:\WINDOWS\system32\ooeacc.dll Successfully Deleted: C:\WINDOWS\system32\ooeacc.dll deleting: C:\WINDOWS\system32\ooeacc.dll Successfully Deleted: C:\WINDOWS\system32\ooeacc.dll deleting: C:\WINDOWS\system32\otdbse32.dll Successfully Deleted: C:\WINDOWS\system32\otdbse32.dll deleting: C:\WINDOWS\system32\otdbse32.dll Successfully Deleted: C:\WINDOWS\system32\otdbse32.dll deleting: C:\WINDOWS\system32\oubcjt32.dll Successfully Deleted: C:\WINDOWS\system32\oubcjt32.dll deleting: C:\WINDOWS\system32\oubcjt32.dll Successfully Deleted: C:\WINDOWS\system32\oubcjt32.dll deleting: C:\WINDOWS\system32\pbtorec.dll Successfully Deleted: C:\WINDOWS\system32\pbtorec.dll deleting: C:\WINDOWS\system32\pbtorec.dll Successfully Deleted: C:\WINDOWS\system32\pbtorec.dll deleting: C:\WINDOWS\system32\plspl.dll Successfully Deleted: C:\WINDOWS\system32\plspl.dll deleting: C:\WINDOWS\system32\plspl.dll Successfully Deleted: C:\WINDOWS\system32\plspl.dll deleting: C:\WINDOWS\system32\pqrfctrs.dll Successfully Deleted: C:\WINDOWS\system32\pqrfctrs.dll deleting: C:\WINDOWS\system32\pqrfctrs.dll Successfully Deleted: C:\WINDOWS\system32\pqrfctrs.dll deleting: C:\WINDOWS\system32\qqv.dll Successfully Deleted: C:\WINDOWS\system32\qqv.dll deleting: C:\WINDOWS\system32\qqv.dll Successfully Deleted: C:\WINDOWS\system32\qqv.dll deleting: C:\WINDOWS\system32\rIsdlg.dll Successfully Deleted: C:\WINDOWS\system32\rIsdlg.dll deleting: C:\WINDOWS\system32\rIsdlg.dll Successfully Deleted: C:\WINDOWS\system32\rIsdlg.dll deleting: C:\WINDOWS\system32\rZsdlg.dll Successfully Deleted: C:\WINDOWS\system32\rZsdlg.dll deleting: C:\WINDOWS\system32\rZsdlg.dll Successfully Deleted: C:\WINDOWS\system32\rZsdlg.dll deleting: C:\WINDOWS\system32\salwoa.dll Successfully Deleted: C:\WINDOWS\system32\salwoa.dll deleting: C:\WINDOWS\system32\salwoa.dll Successfully Deleted: C:\WINDOWS\system32\salwoa.dll deleting: C:\WINDOWS\system32\selsrv32.dll Successfully Deleted: C:\WINDOWS\system32\selsrv32.dll deleting: C:\WINDOWS\system32\selsrv32.dll Successfully Deleted: C:\WINDOWS\system32\selsrv32.dll deleting: C:\WINDOWS\system32\sjdll.dll Successfully Deleted: C:\WINDOWS\system32\sjdll.dll deleting: C:\WINDOWS\system32\sjdll.dll Successfully Deleted: C:\WINDOWS\system32\sjdll.dll deleting: C:\WINDOWS\system32\ubnphost.dll Successfully Deleted: C:\WINDOWS\system32\ubnphost.dll deleting: C:\WINDOWS\system32\ubnphost.dll Successfully Deleted: C:\WINDOWS\system32\ubnphost.dll deleting: C:\WINDOWS\system32\ujrcntra.dll Successfully Deleted: C:\WINDOWS\system32\ujrcntra.dll deleting: C:\WINDOWS\system32\ujrcntra.dll Successfully Deleted: C:\WINDOWS\system32\ujrcntra.dll deleting: C:\WINDOWS\system32\vrajet32.dll Successfully Deleted: C:\WINDOWS\system32\vrajet32.dll deleting: C:\WINDOWS\system32\vrajet32.dll Successfully Deleted: C:\WINDOWS\system32\vrajet32.dll deleting: C:\WINDOWS\system32\wIvemsp.dll Successfully Deleted: C:\WINDOWS\system32\wIvemsp.dll deleting: C:\WINDOWS\system32\wIvemsp.dll Successfully Deleted: C:\WINDOWS\system32\wIvemsp.dll deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp Zipping up files for submission: adding: aeledit.dll (188 bytes security) (deflated 48%) adding: ayicap32.dll (188 bytes security) (deflated 48%) adding: CbdLineExt03.dll (188 bytes security) (deflated 48%) adding: cfyptdlg.dll (188 bytes security) (deflated 48%) adding: cipbk32.dll (188 bytes security) (deflated 48%) adding: cjmrepl.dll (188 bytes security) (deflated 48%) adding: cvmpstui.dll (188 bytes security) (deflated 48%) adding: diwsock.dll (188 bytes security) (deflated 48%) adding: dzsshlex.dll (188 bytes security) (deflated 48%) adding: eccdec.dll (188 bytes security) (deflated 48%) adding: hR23msp.dll (188 bytes security) (deflated 48%) adding: iGssvcs.dll (188 bytes security) (deflated 48%) adding: ioitpki.dll (188 bytes security) (deflated 48%) adding: ivmp.dll (188 bytes security) (deflated 48%) adding: kedtuq.dll (188 bytes security) (deflated 48%) adding: MDVCRTD.DLL (188 bytes security) (deflated 48%) adding: MFSTDFMT.DLL (188 bytes security) (deflated 48%) adding: mgd32.dll (188 bytes security) (deflated 48%) adding: mhmefilt.dll (188 bytes security) (deflated 48%) adding: mj4sdmod.dll (188 bytes security) (deflated 48%) adding: mkvcrt40.dll (188 bytes security) (deflated 48%) adding: mlcms.dll (188 bytes security) (deflated 48%) adding: mpgina.dll (188 bytes security) (deflated 48%) adding: MQSTDFMT.DLL (188 bytes security) (deflated 48%) adding: mrv1_0.dll (188 bytes security) (deflated 48%) adding: MZC71FRA.DLL (188 bytes security) (deflated 48%) adding: Nbgpio.dll (188 bytes security) (deflated 48%) adding: ncmctray.dll (188 bytes security) (deflated 48%) adding: ngopenal.dll (188 bytes security) (deflated 48%) adding: nltrap.dll (188 bytes security) (deflated 48%) adding: nnrshe.dll (188 bytes security) (deflated 48%) adding: norshu.dll (188 bytes security) (deflated 48%) adding: Npgpio.dll (188 bytes security) (deflated 48%) adding: obeaut32.dll (188 bytes security) (deflated 48%) adding: ogfox32.dll (188 bytes security) (deflated 48%) adding: ooeacc.dll (188 bytes security) (deflated 48%) adding: otdbse32.dll (188 bytes security) (deflated 48%) adding: oubcjt32.dll (188 bytes security) (deflated 48%) adding: pbtorec.dll (188 bytes security) (deflated 48%) adding: plspl.dll (188 bytes security) (deflated 48%) adding: pqrfctrs.dll (188 bytes security) (deflated 48%) adding: qqv.dll (188 bytes security) (deflated 48%) adding: rIsdlg.dll (188 bytes security) (deflated 48%) adding: rZsdlg.dll (188 bytes security) (deflated 48%) adding: salwoa.dll (188 bytes security) (deflated 48%) adding: selsrv32.dll (188 bytes security) (deflated 48%) adding: sjdll.dll (188 bytes security) (deflated 48%) adding: ubnphost.dll (188 bytes security) (deflated 48%) adding: ujrcntra.dll (188 bytes security) (deflated 48%) adding: vrajet32.dll (188 bytes security) (deflated 48%) adding: wIvemsp.dll (188 bytes security) (deflated 48%) adding: guard.tmp (188 bytes security) (deflated 48%) adding: clear.reg (188 bytes security) (deflated 37%) adding: lo2.txt (188 bytes security) (deflated 93%) adding: test.txt (188 bytes security) (deflated 91%) adding: test2.txt (188 bytes security) (deflated 17%) adding: test3.txt (188 bytes security) (deflated 17%) adding: test5.txt (188 bytes security) (deflated 17%) adding: ToCaclLg.txt (188 bytes security) (deflated 59%) adding: TO_InstallLog.txt (188 bytes security) (deflated 44%) adding: xfind.txt (188 bytes security) (deflated 88%) Restoring Registry Permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for really "Everyone" Registry permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332 deleting local copy: aeledit.dll deleting local copy: aeledit.dll deleting local copy: ayicap32.dll deleting local copy: ayicap32.dll deleting local copy: CbdLineExt03.dll deleting local copy: CbdLineExt03.dll deleting local copy: cfyptdlg.dll deleting local copy: cfyptdlg.dll deleting local copy: cipbk32.dll deleting local copy: cipbk32.dll deleting local copy: cjmrepl.dll deleting local copy: cjmrepl.dll deleting local copy: cvmpstui.dll deleting local copy: cvmpstui.dll deleting local copy: diwsock.dll deleting local copy: diwsock.dll deleting local copy: dzsshlex.dll deleting local copy: dzsshlex.dll deleting local copy: eccdec.dll deleting local copy: eccdec.dll deleting local copy: hR23msp.dll deleting local copy: hR23msp.dll deleting local copy: iGssvcs.dll deleting local copy: iGssvcs.dll deleting local copy: ioitpki.dll deleting local copy: ioitpki.dll deleting local copy: ivmp.dll deleting local copy: ivmp.dll deleting local copy: kedtuq.dll deleting local copy: kedtuq.dll deleting local copy: MDVCRTD.DLL deleting local copy: MDVCRTD.DLL deleting local copy: MFSTDFMT.DLL deleting local copy: MFSTDFMT.DLL deleting local copy: mgd32.dll deleting local copy: mgd32.dll deleting local copy: mhmefilt.dll deleting local copy: mhmefilt.dll deleting local copy: mj4sdmod.dll deleting local copy: mj4sdmod.dll deleting local copy: mkvcrt40.dll deleting local copy: mkvcrt40.dll deleting local copy: mlcms.dll deleting local copy: mlcms.dll deleting local copy: mpgina.dll deleting local copy: mpgina.dll deleting local copy: MQSTDFMT.DLL deleting local copy: MQSTDFMT.DLL deleting local copy: mrv1_0.dll deleting local copy: mrv1_0.dll deleting local copy: MZC71FRA.DLL deleting local copy: MZC71FRA.DLL deleting local copy: Nbgpio.dll deleting local copy: Nbgpio.dll deleting local copy: ncmctray.dll deleting local copy: ncmctray.dll deleting local copy: ngopenal.dll deleting local copy: ngopenal.dll deleting local copy: nltrap.dll deleting local copy: nltrap.dll deleting local copy: nnrshe.dll deleting local copy: nnrshe.dll deleting local copy: norshu.dll deleting local copy: norshu.dll deleting local copy: Npgpio.dll deleting local copy: Npgpio.dll deleting local copy: obeaut32.dll deleting local copy: obeaut32.dll deleting local copy: ogfox32.dll deleting local copy: ogfox32.dll deleting local copy: ooeacc.dll deleting local copy: ooeacc.dll deleting local copy: otdbse32.dll deleting local copy: otdbse32.dll deleting local copy: oubcjt32.dll deleting local copy: oubcjt32.dll deleting local copy: pbtorec.dll deleting local copy: pbtorec.dll deleting local copy: plspl.dll deleting local copy: plspl.dll deleting local copy: pqrfctrs.dll deleting local copy: pqrfctrs.dll deleting local copy: qqv.dll deleting local copy: qqv.dll deleting local copy: rIsdlg.dll deleting local copy: rIsdlg.dll deleting local copy: rZsdlg.dll deleting local copy: rZsdlg.dll deleting local copy: salwoa.dll deleting local copy: salwoa.dll deleting local copy: selsrv32.dll deleting local copy: selsrv32.dll deleting local copy: sjdll.dll deleting local copy: sjdll.dll deleting local copy: ubnphost.dll deleting local copy: ubnphost.dll deleting local copy: ujrcntra.dll deleting local copy: ujrcntra.dll deleting local copy: vrajet32.dll deleting local copy: vrajet32.dll deleting local copy: wIvemsp.dll deleting local copy: wIvemsp.dll deleting local copy: guard.tmp deleting local copy: guard.tmp The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] The following are the files found: **************************************************************************** C:\WINDOWS\system32\aeledit.dll C:\WINDOWS\system32\aeledit.dll C:\WINDOWS\system32\ayicap32.dll C:\WINDOWS\system32\ayicap32.dll C:\WINDOWS\system32\CbdLineExt03.dll C:\WINDOWS\system32\CbdLineExt03.dll C:\WINDOWS\system32\cfyptdlg.dll C:\WINDOWS\system32\cfyptdlg.dll C:\WINDOWS\system32\cipbk32.dll C:\WINDOWS\system32\cipbk32.dll C:\WINDOWS\system32\cjmrepl.dll C:\WINDOWS\system32\cjmrepl.dll C:\WINDOWS\system32\cvmpstui.dll C:\WINDOWS\system32\cvmpstui.dll C:\WINDOWS\system32\diwsock.dll C:\WINDOWS\system32\diwsock.dll C:\WINDOWS\system32\dzsshlex.dll C:\WINDOWS\system32\dzsshlex.dll C:\WINDOWS\system32\eccdec.dll C:\WINDOWS\system32\eccdec.dll C:\WINDOWS\system32\hR23msp.dll C:\WINDOWS\system32\hR23msp.dll C:\WINDOWS\system32\iGssvcs.dll C:\WINDOWS\system32\iGssvcs.dll C:\WINDOWS\system32\ioitpki.dll C:\WINDOWS\system32\ioitpki.dll C:\WINDOWS\system32\ivmp.dll C:\WINDOWS\system32\ivmp.dll C:\WINDOWS\system32\kedtuq.dll C:\WINDOWS\system32\kedtuq.dll C:\WINDOWS\system32\MDVCRTD.DLL C:\WINDOWS\system32\MDVCRTD.DLL C:\WINDOWS\system32\MFSTDFMT.DLL C:\WINDOWS\system32\MFSTDFMT.DLL C:\WINDOWS\system32\mgd32.dll C:\WINDOWS\system32\mgd32.dll C:\WINDOWS\system32\mhmefilt.dll C:\WINDOWS\system32\mhmefilt.dll C:\WINDOWS\system32\mj4sdmod.dll C:\WINDOWS\system32\mj4sdmod.dll C:\WINDOWS\system32\mkvcrt40.dll C:\WINDOWS\system32\mkvcrt40.dll C:\WINDOWS\system32\mlcms.dll C:\WINDOWS\system32\mlcms.dll C:\WINDOWS\system32\mpgina.dll C:\WINDOWS\system32\mpgina.dll C:\WINDOWS\system32\MQSTDFMT.DLL C:\WINDOWS\system32\MQSTDFMT.DLL C:\WINDOWS\system32\mrv1_0.dll C:\WINDOWS\system32\mrv1_0.dll C:\WINDOWS\system32\MZC71FRA.DLL C:\WINDOWS\system32\MZC71FRA.DLL C:\WINDOWS\system32\Nbgpio.dll C:\WINDOWS\system32\Nbgpio.dll C:\WINDOWS\system32\ncmctray.dll C:\WINDOWS\system32\ncmctray.dll C:\WINDOWS\system32\ngopenal.dll C:\WINDOWS\system32\ngopenal.dll C:\WINDOWS\system32\nltrap.dll C:\WINDOWS\system32\nltrap.dll C:\WINDOWS\system32\nnrshe.dll C:\WINDOWS\system32\nnrshe.dll C:\WINDOWS\system32\norshu.dll C:\WINDOWS\system32\norshu.dll C:\WINDOWS\system32\Npgpio.dll C:\WINDOWS\system32\Npgpio.dll C:\WINDOWS\system32\obeaut32.dll C:\WINDOWS\system32\obeaut32.dll C:\WINDOWS\system32\ogfox32.dll C:\WINDOWS\system32\ogfox32.dll C:\WINDOWS\system32\ooeacc.dll C:\WINDOWS\system32\ooeacc.dll C:\WINDOWS\system32\otdbse32.dll C:\WINDOWS\system32\otdbse32.dll C:\WINDOWS\system32\oubcjt32.dll C:\WINDOWS\system32\oubcjt32.dll C:\WINDOWS\system32\pbtorec.dll C:\WINDOWS\system32\pbtorec.dll C:\WINDOWS\system32\plspl.dll C:\WINDOWS\system32\plspl.dll C:\WINDOWS\system32\pqrfctrs.dll C:\WINDOWS\system32\pqrfctrs.dll C:\WINDOWS\system32\qqv.dll C:\WINDOWS\system32\qqv.dll C:\WINDOWS\system32\rIsdlg.dll C:\WINDOWS\system32\rIsdlg.dll C:\WINDOWS\system32\rZsdlg.dll C:\WINDOWS\system32\rZsdlg.dll C:\WINDOWS\system32\salwoa.dll C:\WINDOWS\system32\salwoa.dll C:\WINDOWS\system32\selsrv32.dll C:\WINDOWS\system32\selsrv32.dll C:\WINDOWS\system32\sjdll.dll C:\WINDOWS\system32\sjdll.dll C:\WINDOWS\system32\ubnphost.dll C:\WINDOWS\system32\ubnphost.dll C:\WINDOWS\system32\ujrcntra.dll C:\WINDOWS\system32\ujrcntra.dll C:\WINDOWS\system32\vrajet32.dll C:\WINDOWS\system32\vrajet32.dll C:\WINDOWS\system32\wIvemsp.dll C:\WINDOWS\system32\wIvemsp.dll C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{2E295FF5-4256-46BB-8588-5335DBD90165}"=- "{802B5A16-81A5-4D55-A326-20440FA34803}"=- [-HKEY_CLASSES_ROOT\CLSID\{2E295FF5-4256-46BB-8588-5335DBD90165}] [-HKEY_CLASSES_ROOT\CLSID\{802B5A16-81A5-4D55-A326-20440FA34803}] **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Dieser Beitrag wurde am 10.08.2005 um 09:26 Uhr von Milchi01 editiert.
|
|
|
||
10.08.2005, 10:26
Ehrenmitglied
Beiträge: 29434 |
#28
Hallo@Milchi01
suche und wenn es noch da ist: loesche: C:\WINDOWS\system32\guard.tmp CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html Ewido (scanne+ poste den Report) http://virus-protect.org/antivirenfree.html deinstalliere/loesche: C:\Programme\OutLaster http://virus-protect.org/artikel/spyware/outlaster.html ------------------------------------------------------------------------------ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.08.2005, 10:41
...neu hier
Beiträge: 6 |
#29
Hi Sabina, hat sich glaube ich nun erledigt. Keine popups mehr von winfixer... endlich wieder in Ruhe surfen.
Danke dir vielmals!!!! |
|
|
||
10.08.2005, 10:51
Ehrenmitglied
Beiträge: 29434 |
#30
Hallo@Milchi01
scanne bitte dennoch noch mal mit : CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html Ewido (scanne+ poste den Report) http://virus-protect.org/antivirenfree.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Während der Installation kam ein MSdos pop-up in der Taskleiste mit diesem tekst "Bnlink patch" und verschwand wieder.
Sonntag 208 Severe system Threats
Heute 109
Hab Clearprog,CounterSpy und Sygate Firewall runtergeladen danach kam Winfixer mit der mitteilung 123 Severe system Threats.
C:\Program files\Winfixer 2005\WFX5EXC.exe möchte gern ins Netz mit dieser mitteilung "to try send a packet to remote server 66.244.254.46"
Auch C:\Program files\Winfixer 2005\updater.exe wollte ins Netz
Habe beide geblockt mit Sygate darauf kam folgende Warnung von Sygate
Das Icon began zu blinkern und im Log stand
"Application Hijacking has been detected"
The Application C:\Program files\Winfixer 2005\WFX5EXC.exe try to launch an other application C:\Program files\Winfixer 2005\updater.exe
Danach ein scan gemacht mit NOD32,Spybot s&d es wurde nichts gefunden
Danach der Rechner gesaubert mit RegScrub98,Regcleaner,Clearprog
Habe Winfixer wieder entfernt,in Temp standen noch 2 Dateien: _1414D2N.temp und NI.UWFX5LP_0001_0802
Habe nebenbei noch gescant mit CounterSpy und da war ich überrascht
Hat wohl nichts mit WinFixer zu tun!
In HJ logfile war nichts zu sehen!
AntiLamer Light RAT in C:\Windows\Runwin32.exe
Xpehbam Dialer in C:\Windows\seksdialer
Tofger Trojan in C:\Windows\System.exe
Runwin32 Trojan in C:\Windows\Wininet32.exe
Unclassified Dialer A in C:\q.exe
CWS_Hputi Browser Hijacker in HKEY_Current_USER\Software\Microsoft\Internet Explorer\main hpded und in
HKEY_Current_USER\Software\Microsoft\Internet Explorer\main spded
__________
MfG Argus