Nervige Werbe Popups + WinFixer |
||
---|---|---|
#0
| ||
20.11.2005, 11:51
...neu hier
Beiträge: 5 |
||
|
||
20.11.2005, 12:48
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@hartfra
da ist mehr drauf, als der Winfixer, deshalb muss ich tiefer graben: Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. CCleaner http://virus-protect.org/temp.html lösche alle temp-Dateien kopiere hier die 4 Logs http://virus-protect.org/datfindbat.html kopiere das Log von Option 1 http://virus-protect.org/l2mfix.html ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - scannen - POST_THIS.TXT abkopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.11.2005, 15:33
...neu hier
Themenstarter Beiträge: 5 |
#3
Hi Sabina,
Die letzten beiden Links konnte ich nicht aufrufen. Die Seite konnte irgendwie nicht geladen werden. Hoffentlich kannst du hiermit schon mal was anfangen ich hoffe ich hab alles richtig gemacht....Vielen Dank für die Hilfe Moritz Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 013A-19F9 Verzeichnis von C:\WINDOWS\system32 20.11.2005 15:25 202.459 qppoq.ini2 20.11.2005 11:32 237.243 wctdecod.dll 20.11.2005 11:32 233.582 lv6609jse.dll 20.11.2005 01:00 233.509 xblparse.dll 20.11.2005 00:57 237.243 jtr4079qe.dll 19.11.2005 21:00 130.096 FNTCACHE.DAT 19.11.2005 20:41 233.660 sllwid.dll 19.11.2005 18:26 27.661 ljjkk.dll 19.11.2005 17:24 27.661 ursss.dll 19.11.2005 16:32 27.661 nnnkk.dll 19.11.2005 16:24 413.003 qppoq.bak2 19.11.2005 15:47 237.243 ugrar.dll 19.11.2005 15:42 27.661 ljjhe.dll 19.11.2005 13:07 235.933 fpj6031se.dll 19.11.2005 08:36 27.661 oppml.dll 18.11.2005 19:38 27.661 awttr.dll 18.11.2005 18:14 27.661 geefc.dll 17.11.2005 17:12 27.661 xxwtt.dll 17.11.2005 16:43 27.661 jkhhe.dll 17.11.2005 16:41 28.173 jkklj.dll 17.11.2005 16:20 28.173 mljjh.dll 16.11.2005 21:21 28.173 yaywt.dll 15.11.2005 21:49 28.173 fcyxx.dll 15.11.2005 18:46 28.173 fcyyy.dll 15.11.2005 17:55 28.173 qomlm.dll 15.11.2005 17:49 28.173 mljhf.dll 15.11.2005 17:47 28.173 ddcyv.dll 15.11.2005 16:57 28.173 qomki.dll 15.11.2005 15:34 28.173 wvutq.dll 15.11.2005 14:57 28.173 tussp.dll 14.11.2005 19:11 28.173 qopoo.dll 14.11.2005 18:14 28.173 yabxy.dll 14.11.2005 17:25 28.173 urssp.dll 14.11.2005 16:45 28.173 mljgg.dll 14.11.2005 15:58 28.173 geeda.dll 14.11.2005 15:39 28.173 wvwxu.dll 14.11.2005 09:46 28.173 tuvvv.dll 13.11.2005 16:23 28.173 ljjgd.dll 13.11.2005 16:07 28.173 efeff.dll 13.11.2005 13:24 28.173 nnnli.dll 13.11.2005 12:05 28.173 iifed.dll 13.11.2005 10:35 28.173 urqqo.dll 12.11.2005 20:29 28.173 qopnm.dll 12.11.2005 15:50 28.173 vtusq.dll 12.11.2005 15:49 28.173 fcyvv.dll 12.11.2005 15:48 28.173 byxvw.dll 12.11.2005 11:23 28.173 geebx.dll 11.11.2005 19:29 28.173 ljhfg.dll 11.11.2005 18:43 28.173 byxus.dll 11.11.2005 18:07 28.173 urspm.dll 10.11.2005 21:48 28.173 cbxvu.dll 10.11.2005 17:32 28.173 cbaxw.dll 10.11.2005 17:16 28.173 awvss.dll 10.11.2005 17:13 28.173 pmkhh.dll 10.11.2005 16:22 28.173 ljjhh.dll 10.11.2005 15:43 28.173 iiihi.dll 10.11.2005 15:17 28.173 cbabc.dll 10.11.2005 15:16 28.173 ljhhg.dll 10.11.2005 15:14 28.173 iiffc.dll 10.11.2005 15:13 28.173 vtuuv.dll 10.11.2005 15:10 28.173 mllih.dll 10.11.2005 14:42 28.173 fcywu.dll 10.11.2005 12:33 28.173 jkhfd.dll 10.11.2005 12:15 28.173 nnnmk.dll 09.11.2005 20:45 28.173 awtqr.dll 09.11.2005 19:40 28.173 xxwtr.dll 09.11.2005 19:13 28.173 iifeb.dll 09.11.2005 18:15 28.173 ddcyx.dll 09.11.2005 17:11 28.173 urspn.dll 09.11.2005 16:59 28.173 hgdbx.dll 09.11.2005 16:34 28.173 fccyx.dll 08.11.2005 18:57 28.173 xxyab.dll 08.11.2005 17:22 28.173 qomjk.dll 08.11.2005 16:22 28.173 iiijj.dll 08.11.2005 15:17 28.173 ddcaw.dll 08.11.2005 15:07 202.297 qppoq.ini 08.11.2005 14:56 202.297 qppoq.tmp 08.11.2005 14:51 0 TFTP1520 08.11.2005 14:32 28.173 cbxvt.dll 07.11.2005 20:10 28.173 sstqr.dll 07.11.2005 19:37 28.173 tuvsr.dll 07.11.2005 19:36 28.173 xxwur.dll 07.11.2005 19:19 28.173 qopml.dll 07.11.2005 18:50 28.173 pmkli.dll 07.11.2005 15:49 28.173 vturr.dll 07.11.2005 13:30 28.173 yabaa.dll 07.11.2005 13:14 28.173 iifdb.dll 06.11.2005 21:58 28.173 yayax.dll 06.11.2005 21:05 28.173 rqrqq.dll 06.11.2005 17:44 28.173 xxwwv.dll 06.11.2005 14:51 28.173 vtusp.dll 06.11.2005 13:51 28.173 xxwut.dll 06.11.2005 11:11 28.173 fcccc.dll 06.11.2005 10:40 193.944 qppoq.bak1 06.11.2005 10:40 544.788 qoppq.dll 06.11.2005 10:39 28.173 khhgg.dll 05.11.2005 21:19 28.173 hgdda.dll 05.11.2005 15:11 28.173 cbaxv.dll 05.11.2005 13:34 28.173 tusts.dll 05.11.2005 12:56 28.173 rqrrp.dll 05.11.2005 12:19 28.173 wvwvs.dll 04.11.2005 17:53 2.184 wpa.dbl 02.11.2005 00:44 127.574 tsuninst.exe 13.10.2005 08:11 118.784 sirenacm.dll 11.10.2005 11:57 39.992 perfc009.dat 11.10.2005 11:57 726.486 PerfStringBackup.INI 11.10.2005 11:57 311.604 perfh009.dat 11.10.2005 11:57 319.870 perfh007.dat 11.10.2005 11:57 49.856 perfc007.dat 15.09.2005 19:08 16.184 GlyphInfo.bin 15.09.2005 19:08 47.812 FontInfo.bin 12.09.2005 21:00 1.401 atrc8parb.ini 11.09.2005 14:09 2.014.592 TUKernel.exe 06.09.2005 20:52 5 c5t_bcuzZ.txt 05.09.2005 14:31 0 TFTP6096 22.08.2005 14:05 28.672 ZXCRT.exe 10.08.2005 18:48 8.192 goot.exe 06.07.2005 17:17 89.088 atl71.dll 04.07.2005 15:29 0 TFTP2432 02.07.2005 11:59 0 TFTP2580 27.06.2005 18:15 3.725 qtplugin.log 15.06.2005 16:38 0 TFTP2472 07.06.2005 12:10 0 TFTP4048 02.06.2005 15:41 0 TFTP3932 Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 013A-19F9 Verzeichnis von C:\WINDOWS 20.11.2005 11:31 159 wiadebug.log 20.11.2005 11:31 2.048 bootstat.dat 20.11.2005 01:03 32.618 SchedLgU.Txt 20.11.2005 01:03 50 wiaservc.log 19.11.2005 17:15 1.138 win.ini 17.11.2005 17:51 1.065 winamp.ini 17.11.2005 16:25 0 timessquare1.dat 17.11.2005 16:25 40 teller2.chk 17.11.2005 16:25 69.888 adtech2005.exe 17.11.2005 16:24 38 drsmartload.dat 17.11.2005 16:24 41.216 timessquare.exe 15.11.2005 22:17 2.510 Microsoft.MIF 10.11.2005 17:20 99.970 UninstallFirefox.exe 10.11.2005 17:20 13.403 mozver.dat 01.11.2005 19:07 3.932.214 Firefox Wallpaper.bmp 29.10.2005 16:49 85 WSST_Screen_Saver.ini 05.10.2005 18:04 253.952 Setup1.exe 05.10.2005 18:04 74.752 ST6UNST.EXE 05.10.2005 18:02 2.339 ST6UNST.002 05.10.2005 18:00 2.339 ST6UNST.001 05.10.2005 17:57 3.162 ST6UNST.000 30.09.2005 18:58 2.464 $_hpcst$.hpc 30.09.2005 18:55 748 ODBC.INI 11.09.2005 13:54 45 DGLHMK.ini 11.09.2005 13:17 339 system.ini 05.09.2005 14:27 32.768 unstall.exe 22.08.2005 12:23 2 tempf.txt 31.07.2005 14:44 134 cdplayer.ini 30.07.2005 15:24 533 QTW.INI 09.07.2005 12:30 3.165 symantec.css 09.07.2005 12:17 1.523 start_virus_over.gif 09.07.2005 12:00 173 nav_help-over.gif 09.07.2005 11:59 247 nav_solutions-over.gif 09.07.2005 11:59 248 nav_alert-over.gif 09.07.2005 11:57 253 nav_info-over.gif 07.07.2005 16:24 1.490 start_security_over.gif 07.07.2005 16:24 27.581 home_bg3.jpg 07.07.2005 16:24 2.561 logo_home.gif 07.07.2005 16:24 1.947 logo_symantec.gif 05.07.2005 04:11 363 icon_security_scan.gif 05.07.2005 04:11 419 icon_virus_detection.gif Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 013A-19F9 Verzeichnis von C:\ 20.11.2005 15:28 0 sys.txt 20.11.2005 15:27 10.237 system.txt 20.11.2005 15:27 136 systemtemp.txt 20.11.2005 15:25 109.997 system32.txt 20.11.2005 11:31 402.247.680 hiberfil.sys 20.11.2005 11:31 201.326.592 pagefile.sys 17.11.2005 16:26 48 LSWMV.INI 17.11.2005 16:23 77.824 ecsiin.stub.exe 17.11.2005 16:22 25.105 mte3ndi6odoxng.exe 17.11.2005 16:22 14.848 stub_113_4_0_4_0.exe 17.11.2005 16:21 578.560 installer.exe 15.09.2005 19:58 242 TO_InstallLog.txt 11.09.2005 14:09 355 boot.ini 10.09.2005 18:52 588 asdf.txt 30.08.2005 11:46 3.937 det.exe 28.08.2005 12:15 0 DBS.TXT 27.08.2005 09:50 144.213 fsdgh.exe 21.08.2005 13:41 144.213 ct45.exe 11.08.2005 19:18 402 socks.exe 10.07.2005 18:20 15.360 Thumbs.db 30.06.2005 11:44 203 msprss32.exe 27.06.2005 18:20 1.260 INSTALL.LOG 27.06.2005 13:48 29.397 mswcom.exe 06.05.2005 18:15 84 RobotError.log 04.05.2005 14:31 38.388 op.exe |
|
|
||
20.11.2005, 16:03
Ehrenmitglied
Beiträge: 29434 |
#4
der Server setzt manchmal aus (ueberlastet.... ? )...nun geht es wieder
kopiere das Log von Option 1 http://virus-protect.org/l2mfix.html ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - scannen - POST_THIS.TXT abkopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.11.2005, 16:21
Ehrenmitglied
Beiträge: 29434 |
#5
Gehe in die Registry
Start-->Ausfuehren--> regedit HKEY_LOCAL_MACHINE\Software\Microsoft\ActiveSetup\Installed Components StubPath C:\WINDOWS\System32\Scanstartup.exe <--loeschen ------------------------------------------------------------------------------------ VundoFix.exe http://www.atribune.org/downloads/VundoFix.exe http://virus-protect.org/artikel/tools/vundofix.html reinkopieren: C:\WINDOWS\system32\qoppq.dll # Enter -> F6 --> Enter # dann wird erscheinen: Please type in the second filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix. # Enter --> dann die F6 Taste --> Enter reinkopieren: C:\WINDOWS\system32\qppoq.* # Enter --> F6 --> Enter # HijackThis wird sich oeffnen # In HijackThis --> Haekchen setzen vor diese Eintraege --> FIX CHECKED: R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\fcccc.dll O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\qoppq.dll O4 - HKLM\..\Run: [ecsiin] c:\ecsiin.stub.exe O4 - HKLM\..\Run: [timessquare] c:\windows\timessquare.exe O4 - HKLM\..\Run: [adtech2005] c:\windows\adtech2005.exe O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe O4 - HKLM\..\Run: [Norton Antivirus] nortonav.exe O4 - HKLM\..\Run: [AVTray] "C:\Programme\WinAntiVirus 2005\AVTray.exe" O4 - HKLM\..\RunServices: [Norton Antivirus] nortonav.exe O20 - Winlogon Notify: fcccc - C:\WINDOWS\SYSTEM32\fcccc.dll O20 - Winlogon Notify: qoppq - C:\WINDOWS\System32\qoppq.dll O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\jtr4079qe.dll # schliesse Hijackthis, druecke irgendeine Taste und der PC wird neustarten # es wird einen"Blue Screen of Death" geben, das ist normal KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\wctdecod.dll C:\WINDOWS\System32\fcccc.dll C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\lv6609jse.dll C:\WINDOWS\system32\xblparse.dll C:\WINDOWS\system32\jtr4079qe.dll C:\WINDOWS\system32\sllwid.dll C:\WINDOWS\system32\ljjkk.dll C:\WINDOWS\system32\ursss.dll C:\WINDOWS\system32\nnnkk.dll weiter reinkopieren...aber ohne das Datum 19.11.2005 15:47 237.243 C:\WINDOWS\system32\ugrar.dll 19.11.2005 15:42 27.661 C:\WINDOWS\system32\ljjhe.dll 19.11.2005 13:07 235.933 C:\WINDOWS\system32\fpj6031se.dll 19.11.2005 08:36 27.661 C:\WINDOWS\system32\oppml.dll 18.11.2005 19:38 27.661 C:\WINDOWS\system32\awttr.dll 18.11.2005 18:14 27.661 C:\WINDOWS\system32\geefc.dll 17.11.2005 17:12 27.661 C:\WINDOWS\system32\xxwtt.dll 17.11.2005 16:43 27.661 C:\WINDOWS\system32\jkhhe.dll 17.11.2005 16:41 28.173 C:\WINDOWS\system32\jkklj.dll 17.11.2005 16:20 28.173 C:\WINDOWS\system32\mljjh.dll 16.11.2005 21:21 28.173 C:\WINDOWS\system32\yaywt.dll 15.11.2005 21:49 28.173 C:\WINDOWS\system32\fcyxx.dll 15.11.2005 18:46 28.173 C:\WINDOWS\system32\fcyyy.dll 15.11.2005 17:55 28.173 C:\WINDOWS\system32\qomlm.dll 15.11.2005 17:49 28.173 C:\WINDOWS\system32\mljhf.dll 15.11.2005 17:47 28.173 C:\WINDOWS\system32\ddcyv.dll 15.11.2005 16:57 28.173 C:\WINDOWS\system32\qomki.dll 15.11.2005 15:34 28.173 C:\WINDOWS\system32\wvutq.dll 15.11.2005 14:57 28.173 C:\WINDOWS\system32\tussp.dll 14.11.2005 19:11 28.173 C:\WINDOWS\system32\qopoo.dll 14.11.2005 18:14 28.173 C:\WINDOWS\system32\yabxy.dll 14.11.2005 17:25 28.173 C:\WINDOWS\system32\urssp.dll 14.11.2005 16:45 28.173 C:\WINDOWS\system32\mljgg.dll 14.11.2005 15:58 28.173 C:\WINDOWS\system32\geeda.dll 14.11.2005 15:39 28.173 C:\WINDOWS\system32\wvwxu.dll 14.11.2005 09:46 28.173 C:\WINDOWS\system32\tuvvv.dll 13.11.2005 16:23 28.173 C:\WINDOWS\system32\ljjgd.dll 13.11.2005 16:07 28.173 C:\WINDOWS\system32\efeff.dll 13.11.2005 13:24 28.173 C:\WINDOWS\system32\nnnli.dll 13.11.2005 12:05 28.173 C:\WINDOWS\system32\iifed.dll 13.11.2005 10:35 28.173 C:\WINDOWS\system32\urqqo.dll 12.11.2005 20:29 28.173 C:\WINDOWS\system32\qopnm.dll 12.11.2005 15:50 28.173 C:\WINDOWS\system32\vtusq.dll 12.11.2005 15:49 28.173 C:\WINDOWS\system32\fcyvv.dll 12.11.2005 15:48 28.173 C:\WINDOWS\system32\byxvw.dll 12.11.2005 11:23 28.173 C:\WINDOWS\system32\geebx.dll 11.11.2005 19:29 28.173 C:\WINDOWS\system32\ljhfg.dll 11.11.2005 18:43 28.173 C:\WINDOWS\system32\byxus.dll 11.11.2005 18:07 28.173 C:\WINDOWS\system32\urspm.dll 10.11.2005 21:48 28.173 C:\WINDOWS\system32\cbxvu.dll 10.11.2005 17:32 28.173 C:\WINDOWS\system32\cbaxw.dll 10.11.2005 17:16 28.173 C:\WINDOWS\system32\awvss.dll 10.11.2005 17:13 28.173 C:\WINDOWS\system32\pmkhh.dll 10.11.2005 16:22 28.173 C:\WINDOWS\system32\ljjhh.dll 10.11.2005 15:43 28.173 C:\WINDOWS\system32\iiihi.dll 10.11.2005 15:17 28.173 C:\WINDOWS\system32\cbabc.dll 10.11.2005 15:16 28.173 C:\WINDOWS\system32\ljhhg.dll 10.11.2005 15:14 28.173 C:\WINDOWS\system32\iiffc.dll 10.11.2005 15:13 28.173 C:\WINDOWS\system32\vtuuv.dll 10.11.2005 15:10 28.173 C:\WINDOWS\system32\mllih.dll 10.11.2005 14:42 28.173 C:\WINDOWS\system32\fcywu.dll 10.11.2005 12:33 28.173 C:\WINDOWS\system32\jkhfd.dll 10.11.2005 12:15 28.173 C:\WINDOWS\system32\nnnmk.dll 09.11.2005 20:45 28.173 C:\WINDOWS\system32\awtqr.dll 09.11.2005 19:40 28.173 C:\WINDOWS\system32\xxwtr.dll 09.11.2005 19:13 28.173 C:\WINDOWS\system32\iifeb.dll 09.11.2005 18:15 28.173 C:\WINDOWS\system32\ddcyx.dll 09.11.2005 17:11 28.173 C:\WINDOWS\system32\urspn.dll 09.11.2005 16:59 28.173 C:\WINDOWS\system32\hgdbx.dll 09.11.2005 16:34 28.173 C:\WINDOWS\system32\fccyx.dll 08.11.2005 18:57 28.173 C:\WINDOWS\system32\xxyab.dll 08.11.2005 17:22 28.173 C:\WINDOWS\system32\qomjk.dll C:\WINDOWS\system32\iiijj.dll C:\WINDOWS\system32\ddcaw.dll C:\WINDOWS\system32\TFTP1520 C:\WINDOWS\system32\cbxvt.dll C:\WINDOWS\system32\sstqr.dll C:\WINDOWS\system32\tuvsr.dll C:\WINDOWS\system32\jtr4079qe.dll C:\WINDOWS\system32\nortonav.exe 07.11.2005 19:36 28.173 C:\WINDOWS\system32\xxwur.dll 07.11.2005 19:19 28.173 C:\WINDOWS\system32\qopml.dll 07.11.2005 18:50 28.173 C:\WINDOWS\system32\pmkli.dll 07.11.2005 15:49 28.173 C:\WINDOWS\system32\vturr.dll 07.11.2005 13:30 28.173 C:\WINDOWS\system32\yabaa.dll 07.11.2005 13:14 28.173 C:\WINDOWS\system32\iifdb.dll 06.11.2005 21:58 28.173 C:\WINDOWS\system32\yayax.dll 06.11.2005 21:05 28.173 C:\WINDOWS\system32\rqrqq.dll 06.11.2005 17:44 28.173 C:\WINDOWS\system32\xxwwv.dll 06.11.2005 14:51 28.173 C:\WINDOWS\system32\vtusp.dll 06.11.2005 13:51 28.173 C:\WINDOWS\system32\xxwut.dll 06.11.2005 11:11 28.173 C:\WINDOWS\system32\fcccc.dll 06.11.2005 10:39 28.173 C:\WINDOWS\system32\khhgg.dll 05.11.2005 21:19 28.173 C:\WINDOWS\system32\hgdda.dll 05.11.2005 15:11 28.173 C:\WINDOWS\system32\cbaxv.dll 05.11.2005 13:34 28.173 C:\WINDOWS\system32\tusts.dll 05.11.2005 12:56 28.173 C:\WINDOWS\system32\rqrrp.dll 05.11.2005 12:19 28.173 C:\WINDOWS\system32\wvwvs.dll C:\WINDOWS\system32\tsuninst.exe C:\WINDOWS\system32\atrc8parb.ini C:\WINDOWS\system32\TFTP6096 C:\WINDOWS\system32\ZXCRT.exe C:\WINDOWS\system32\goot.exe C:\WINDOWS\system32\TFTP2432 C:\WINDOWS\system32\TFTP2580 C:\WINDOWS\system32\TFTP2472 C:\WINDOWS\system32\TFTP4048 C:\WINDOWS\system32\TFTP3932 C:\WINDOWS\timessquare1.dat c:\windows\timessquare.exe C:\WINDOWS\teller2.chk C:\WINDOWS\adtech2005.exe C:\WINDOWS\drsmartload.dat C:\WINDOWS\WSST_Screen_Saver.ini C:\WINDOWS\unstall.exe C:\WINDOWS\tempf.txt C:\ecsiin.stub.exe C:\mte3ndi6odoxng.exe C:\stub_113_4_0_4_0.exe C:\installer.exe C:\det.exe C:\fsdgh.exe C:\ct45.exe C:\socks.exe C:\msprss32.exe C:\mswcom.exe C:\op.exe c:\ecsiin.stub.exe PC neustarten Killbox: DelTree (include SubDirectories) Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories). Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht. C:\Programme\WinAntiVirus 2005 C:\WINDOWS\System32\vidmon ------------------------------------------------------------------------------------ oben im Browser: Datei -- Seite speichern unter.. -- wähle "Desktop" -- speichern --> dann erscheint eine vundo.reg auf dem Desktop http://virus-protect.org/reg/vundo.reg Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "vundo.reg" auf dem Desktop doppelklicken und bestaetigen, dass sie der Registry beigefuegt wird ----------------------------------------------------------------------------------------- arbeite ab: Option 1, dann Option2 --> neustarten--> Option4 http://virus-protect.org/l2mfix.html scanne und poste die scanreport http://virus-protect.org/multiavtool.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.11.2005, 19:38
...neu hier
Themenstarter Beiträge: 5 |
#6
L2MFIX find log 1.04a
These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\lv6609jse.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fcccc] "Asynchronous"=dword:00000001 "DllName"="fcccc.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoppq] "Asynchronous"=dword:00000001 "DllName"="C:\\WINDOWS\\System32\\qoppq.dll" "Impersonate"=dword:00000000 "Startup"="SysLogon" "Logoff"="SysLogoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{0E1BCBED-6AAB-9B2A-4DF7-6C5C0D791D3F}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop-Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}"="Mobile" "{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}"="Mobile ContextMenuHandler" "{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}"="Mobile PropertySheetHandler" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{4B4604E0-8961-11D4-A0EC-009099164712}"="Mein MultiPASS" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1" "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter" "{1FA6F4CC-B909-479F-B624-97CB683958AE}"="" "{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{923733A7-37F1-4C39-9384-B2F582F2F570}"="" "{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}"="" "{781E71DD-1D5A-4305-857D-8152CF9ACEB6}"="" "{264A39A1-5ED6-47CD-B6DE-8BB534293915}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\InprocServer32] @="C:\\WINDOWS\\system32\\vhr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}] @="" [HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\InprocServer32] @="C:\\WINDOWS\\system32\\pvustab.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}] @="" [HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}] @="" [HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\InprocServer32] @="C:\\WINDOWS\\system32\\MlRpSys.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ wctdecod.dll Sun 20 Nov 2005 11:32:08 ..S.R 237.243 231,68 K lvro09~1.dll Sun 20 Nov 2005 18:29:10 ..S.R 237.243 231,68 K sirenacm.dll Thu 13 Oct 2005 8:11:06 A.... 118.784 116,00 K wvwvs.dll Sat 5 Nov 2005 12:19:04 ..SH. 28.173 27,51 K rqrrp.dll Sat 5 Nov 2005 12:56:10 ..SH. 28.173 27,51 K tusts.dll Sat 5 Nov 2005 13:34:52 ..SH. 28.173 27,51 K cbaxv.dll Sat 5 Nov 2005 15:11:30 ..SH. 28.173 27,51 K hgdda.dll Sat 5 Nov 2005 21:19:54 ..SH. 28.173 27,51 K lv6609~1.dll Sun 20 Nov 2005 11:32:08 ..S.R 233.582 228,11 K khhgg.dll Sun 6 Nov 2005 10:39:44 ..SH. 28.173 27,51 K qoppq.dll Sun 6 Nov 2005 10:40:22 ..SH. 544.788 532,02 K fcccc.dll Sun 6 Nov 2005 11:11:06 ..... 28.173 27,51 K xxwwv.dll Sun 6 Nov 2005 17:44:20 ..SH. 28.173 27,51 K xxwut.dll Sun 6 Nov 2005 13:51:52 ..SH. 28.173 27,51 K vtusp.dll Sun 6 Nov 2005 14:51:24 ..SH. 28.173 27,51 K yabaa.dll Mon 7 Nov 2005 13:30:44 ..SH. 28.173 27,51 K mljjh.dll Thu 17 Nov 2005 16:20:22 ..SH. 28.173 27,51 K qopml.dll Mon 7 Nov 2005 19:19:02 ..SH. 28.173 27,51 K rqrqq.dll Sun 6 Nov 2005 21:05:06 ..SH. 28.173 27,51 K yayax.dll Sun 6 Nov 2005 21:58:46 ..SH. 28.173 27,51 K iifdb.dll Mon 7 Nov 2005 13:14:50 ..SH. 28.173 27,51 K pmkli.dll Mon 7 Nov 2005 18:50:40 ..SH. 28.173 27,51 K vturr.dll Mon 7 Nov 2005 15:49:28 ..SH. 28.173 27,51 K sstqr.dll Mon 7 Nov 2005 20:10:24 ..SH. 28.173 27,51 K xxwur.dll Mon 7 Nov 2005 19:36:04 ..SH. 28.173 27,51 K tuvsr.dll Mon 7 Nov 2005 19:37:02 ..SH. 28.173 27,51 K fccyx.dll Wed 9 Nov 2005 16:34:34 ..SH. 28.173 27,51 K hgdbx.dll Wed 9 Nov 2005 16:59:26 ..SH. 28.173 27,51 K cbxvt.dll Tue 8 Nov 2005 14:32:54 ..SH. 28.173 27,51 K ddcaw.dll Tue 8 Nov 2005 15:17:38 ..SH. 28.173 27,51 K ddcyx.dll Wed 9 Nov 2005 18:15:38 ..SH. 28.173 27,51 K iifeb.dll Wed 9 Nov 2005 19:13:00 ..SH. 28.173 27,51 K iiijj.dll Tue 8 Nov 2005 16:22:36 ..SH. 28.173 27,51 K qomjk.dll Tue 8 Nov 2005 17:22:56 ..SH. 28.173 27,51 K xxyab.dll Tue 8 Nov 2005 18:57:04 ..SH. 28.173 27,51 K jkhfd.dll Thu 10 Nov 2005 12:33:02 ..SH. 28.173 27,51 K fcywu.dll Thu 10 Nov 2005 14:42:40 ..SH. 28.173 27,51 K xxwtr.dll Wed 9 Nov 2005 19:40:58 ..SH. 28.173 27,51 K urspn.dll Wed 9 Nov 2005 17:11:08 ..SH. 28.173 27,51 K nnnmk.dll Thu 10 Nov 2005 12:15:14 ..SH. 28.173 27,51 K qomki.dll Tue 15 Nov 2005 16:57:06 ..SH. 28.173 27,51 K awtqr.dll Wed 9 Nov 2005 20:45:02 ..SH. 28.173 27,51 K mllih.dll Thu 10 Nov 2005 15:10:52 ..SH. 28.173 27,51 K vtuuv.dll Thu 10 Nov 2005 15:13:24 ..SH. 28.173 27,51 K cbaxw.dll Thu 10 Nov 2005 17:32:26 ..SH. 28.173 27,51 K cbxvu.dll Thu 10 Nov 2005 21:48:44 ..SH. 28.173 27,51 K iiffc.dll Thu 10 Nov 2005 15:14:34 ..SH. 28.173 27,51 K ljhhg.dll Thu 10 Nov 2005 15:16:08 ..SH. 28.173 27,51 K cbabc.dll Thu 10 Nov 2005 15:17:14 ..SH. 28.173 27,51 K iiihi.dll Thu 10 Nov 2005 15:43:10 ..SH. 28.173 27,51 K pmkhh.dll Thu 10 Nov 2005 17:13:08 ..SH. 28.173 27,51 K awvss.dll Thu 10 Nov 2005 17:16:42 ..SH. 28.173 27,51 K ljjhh.dll Thu 10 Nov 2005 16:22:42 ..SH. 28.173 27,51 K urspm.dll Fri 11 Nov 2005 18:07:10 ..SH. 28.173 27,51 K byxus.dll Fri 11 Nov 2005 18:43:42 ..SH. 28.173 27,51 K qopnm.dll Sat 12 Nov 2005 20:29:04 ..SH. 28.173 27,51 K urqqo.dll Sun 13 Nov 2005 10:35:36 ..SH. 28.173 27,51 K ljhfg.dll Fri 11 Nov 2005 19:29:26 ..SH. 28.173 27,51 K geebx.dll Sat 12 Nov 2005 11:23:36 ..SH. 28.173 27,51 K fcyvv.dll Sat 12 Nov 2005 15:49:38 ..SH. 28.173 27,51 K vtusq.dll Sat 12 Nov 2005 15:50:42 ..SH. 28.173 27,51 K byxvw.dll Sat 12 Nov 2005 15:48:30 ..SH. 28.173 27,51 K ursss.dll Sat 19 Nov 2005 17:24:40 ..SH. 27.661 27,01 K iifed.dll Sun 13 Nov 2005 12:05:52 ..SH. 28.173 27,51 K nnnli.dll Sun 13 Nov 2005 13:24:56 ..SH. 28.173 27,51 K ljjgd.dll Sun 13 Nov 2005 16:23:56 ..SH. 28.173 27,51 K tuvvv.dll Mon 14 Nov 2005 9:46:22 ..SH. 28.173 27,51 K efeff.dll Sun 13 Nov 2005 16:07:08 ..SH. 28.173 27,51 K wvwxu.dll Mon 14 Nov 2005 15:39:12 ..SH. 28.173 27,51 K geeda.dll Mon 14 Nov 2005 15:58:02 ..SH. 28.173 27,51 K yaywt.dll Wed 16 Nov 2005 21:21:34 ..SH. 28.173 27,51 K geefc.dll Fri 18 Nov 2005 18:14:42 ..SH. 27.661 27,01 K qopoo.dll Mon 14 Nov 2005 19:11:54 ..SH. 28.173 27,51 K tussp.dll Tue 15 Nov 2005 14:57:32 ..SH. 28.173 27,51 K mljgg.dll Mon 14 Nov 2005 16:45:20 ..SH. 28.173 27,51 K urssp.dll Mon 14 Nov 2005 17:25:42 ..SH. 28.173 27,51 K yabxy.dll Mon 14 Nov 2005 18:14:40 ..SH. 28.173 27,51 K wvutq.dll Tue 15 Nov 2005 15:34:12 ..SH. 28.173 27,51 K mlrpsys.dll Sun 20 Nov 2005 18:55:18 ..S.R 233.582 228,11 K fcyyy.dll Tue 15 Nov 2005 18:46:34 ..SH. 28.173 27,51 K fcyxx.dll Tue 15 Nov 2005 21:49:54 ..SH. 28.173 27,51 K ddcyv.dll Tue 15 Nov 2005 17:47:06 ..SH. 28.173 27,51 K mljhf.dll Tue 15 Nov 2005 17:49:28 ..SH. 28.173 27,51 K qomlm.dll Tue 15 Nov 2005 17:55:08 ..SH. 28.173 27,51 K oppml.dll Sat 19 Nov 2005 8:36:22 ..SH. 27.661 27,01 K jkklj.dll Thu 17 Nov 2005 16:41:00 ..SH. 28.173 27,51 K jkhhe.dll Thu 17 Nov 2005 16:43:10 ..SH. 27.661 27,01 K sllwid.dll Sat 19 Nov 2005 20:41:56 ..S.R 233.660 228,18 K fpj603~1.dll Sat 19 Nov 2005 13:07:42 ..S.R 235.933 230,40 K ljjhe.dll Sat 19 Nov 2005 15:42:42 ..SH. 27.661 27,01 K awttr.dll Fri 18 Nov 2005 19:38:22 ..SH. 27.661 27,01 K xxwtt.dll Thu 17 Nov 2005 17:12:30 ..SH. 27.661 27,01 K nnnkk.dll Sat 19 Nov 2005 16:32:40 ..SH. 27.661 27,01 K ljjkk.dll Sat 19 Nov 2005 18:26:54 ..SH. 27.661 27,01 K ugrar.dll Sat 19 Nov 2005 15:47:04 ..S.R 237.243 231,68 K 95 items found: 95 files (93 H/S), 0 directories. Total of file sizes: 4.730.328 bytes 4,51 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Sun 20 Nov 2005 19:32:02 ..S.R 233.582 228,11 K qppoq.tmp Tue 8 Nov 2005 14:56:18 ..SH. 202.297 197,55 K 2 items found: 2 files (2 H/S), 0 directories. Total of file sizes: 435.879 bytes 425,66 K ********************************************************************************** Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 013A-19F9 Verzeichnis von C:\WINDOWS\System32 20.11.2005 19:35 418.182 qppoq.ini2 20.11.2005 19:34 418.649 qppoq.bak2 20.11.2005 19:32 233.582 guard.tmp 20.11.2005 18:55 233.582 MlRpSys.dll 20.11.2005 18:29 237.243 lvro0993e.dll 20.11.2005 11:32 237.243 wctdecod.dll 20.11.2005 11:32 233.582 lv6609jse.dll 19.11.2005 20:41 233.660 sllwid.dll 19.11.2005 18:26 27.661 ljjkk.dll 19.11.2005 17:24 27.661 ursss.dll 19.11.2005 16:32 27.661 nnnkk.dll 19.11.2005 15:47 237.243 ugrar.dll 19.11.2005 15:42 27.661 ljjhe.dll 19.11.2005 13:07 235.933 fpj6031se.dll 19.11.2005 08:36 27.661 oppml.dll 18.11.2005 19:38 27.661 awttr.dll 18.11.2005 18:14 27.661 geefc.dll 17.11.2005 17:12 27.661 xxwtt.dll 17.11.2005 16:43 27.661 jkhhe.dll 17.11.2005 16:41 28.173 jkklj.dll 17.11.2005 16:20 28.173 mljjh.dll 16.11.2005 21:21 28.173 yaywt.dll 15.11.2005 21:49 28.173 fcyxx.dll 15.11.2005 18:46 28.173 fcyyy.dll 15.11.2005 17:55 28.173 qomlm.dll 15.11.2005 17:49 28.173 mljhf.dll 15.11.2005 17:47 28.173 ddcyv.dll 15.11.2005 16:57 28.173 qomki.dll 15.11.2005 15:34 28.173 wvutq.dll 15.11.2005 14:57 28.173 tussp.dll 14.11.2005 19:11 28.173 qopoo.dll 14.11.2005 18:14 28.173 yabxy.dll 14.11.2005 17:25 28.173 urssp.dll 14.11.2005 16:45 28.173 mljgg.dll 14.11.2005 15:58 28.173 geeda.dll 14.11.2005 15:39 28.173 wvwxu.dll 14.11.2005 09:46 28.173 tuvvv.dll 13.11.2005 16:23 28.173 ljjgd.dll 13.11.2005 16:07 28.173 efeff.dll 13.11.2005 13:24 28.173 nnnli.dll 13.11.2005 12:05 28.173 iifed.dll 13.11.2005 10:35 28.173 urqqo.dll 12.11.2005 20:29 28.173 qopnm.dll 12.11.2005 15:50 28.173 vtusq.dll 12.11.2005 15:49 28.173 fcyvv.dll 12.11.2005 15:48 28.173 byxvw.dll 12.11.2005 11:23 28.173 geebx.dll 11.11.2005 19:29 28.173 ljhfg.dll 11.11.2005 18:43 28.173 byxus.dll 11.11.2005 18:07 28.173 urspm.dll 10.11.2005 21:48 28.173 cbxvu.dll 10.11.2005 17:32 28.173 cbaxw.dll 10.11.2005 17:16 28.173 awvss.dll 10.11.2005 17:13 28.173 pmkhh.dll 10.11.2005 16:22 28.173 ljjhh.dll 10.11.2005 15:43 28.173 iiihi.dll 10.11.2005 15:17 28.173 cbabc.dll 10.11.2005 15:16 28.173 ljhhg.dll 10.11.2005 15:14 28.173 iiffc.dll 10.11.2005 15:13 28.173 vtuuv.dll 10.11.2005 15:10 28.173 mllih.dll 10.11.2005 14:42 28.173 fcywu.dll 10.11.2005 12:33 28.173 jkhfd.dll 10.11.2005 12:15 28.173 nnnmk.dll 09.11.2005 20:45 28.173 awtqr.dll 09.11.2005 19:40 28.173 xxwtr.dll 09.11.2005 19:13 28.173 iifeb.dll 09.11.2005 18:15 28.173 ddcyx.dll 09.11.2005 17:11 28.173 urspn.dll 09.11.2005 16:59 28.173 hgdbx.dll 09.11.2005 16:34 28.173 fccyx.dll 08.11.2005 18:57 28.173 xxyab.dll 08.11.2005 17:22 28.173 qomjk.dll 08.11.2005 16:22 28.173 iiijj.dll 08.11.2005 15:17 28.173 ddcaw.dll 08.11.2005 15:07 202.297 qppoq.ini 08.11.2005 14:56 202.297 qppoq.tmp 08.11.2005 14:32 28.173 cbxvt.dll 07.11.2005 20:10 28.173 sstqr.dll 07.11.2005 19:37 28.173 tuvsr.dll 07.11.2005 19:36 28.173 xxwur.dll 07.11.2005 19:19 28.173 qopml.dll 07.11.2005 18:50 28.173 pmkli.dll 07.11.2005 15:49 28.173 vturr.dll 07.11.2005 13:30 28.173 yabaa.dll 07.11.2005 13:14 28.173 iifdb.dll 06.11.2005 21:58 28.173 yayax.dll 06.11.2005 21:05 28.173 rqrqq.dll 06.11.2005 17:44 28.173 xxwwv.dll 06.11.2005 14:51 28.173 vtusp.dll 06.11.2005 13:51 28.173 xxwut.dll 06.11.2005 10:40 193.944 qppoq.bak1 06.11.2005 10:40 544.788 qoppq.dll 06.11.2005 10:39 28.173 khhgg.dll 05.11.2005 21:19 28.173 hgdda.dll 05.11.2005 15:11 28.173 cbaxv.dll 05.11.2005 13:34 28.173 tusts.dll 05.11.2005 12:56 28.173 rqrrp.dll 05.11.2005 12:19 28.173 wvwvs.dll 13.03.2003 16:20 <DIR> Microsoft 02.08.2002 18:24 <DIR> dllcache 23.08.2001 12:00 230.912 nortonav.exe 100 Datei(en) 6.483.234 Bytes 2 Verzeichnis(se), 2.139.971.584 Bytes frei |
|
|
||
20.11.2005, 19:48
Ehrenmitglied
Beiträge: 29434 |
#7
das Log hab ich schon nicht mehr gebraucht
Arbeite alles weitere ab + alles mit der Killbox loeschen, wie oben angegeben VX2Finder XP/2000 http://www.downloads.subratam.org/VX2Finder.exe Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. spysweeper trial http://virus-protect.org/spysweeper.html arbeite ab: Option 1, dann Option2 --> neustarten--> Option4 http://virus-protect.org/l2mfix.html scanne und poste die scanreport http://virus-protect.org/multiavtool.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.11.2005, 13:46
...neu hier
Themenstarter Beiträge: 5 |
#8
L2MFIX find log 1.04a
These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\lvro0993e.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fcccc] "Asynchronous"=dword:00000001 "DllName"="fcccc.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoppq] "Asynchronous"=dword:00000001 "DllName"="C:\\WINDOWS\\System32\\qoppq.dll" "Impersonate"=dword:00000000 "Startup"="SysLogon" "Logoff"="SysLogoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{0E1BCBED-6AAB-9B2A-4DF7-6C5C0D791D3F}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop-Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}"="Mobile" "{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}"="Mobile ContextMenuHandler" "{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}"="Mobile PropertySheetHandler" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{4B4604E0-8961-11D4-A0EC-009099164712}"="Mein MultiPASS" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1" "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter" "{1FA6F4CC-B909-479F-B624-97CB683958AE}"="" "{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{923733A7-37F1-4C39-9384-B2F582F2F570}"="" "{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}"="" "{781E71DD-1D5A-4305-857D-8152CF9ACEB6}"="" "{264A39A1-5ED6-47CD-B6DE-8BB534293915}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\InprocServer32] @="C:\\WINDOWS\\system32\\vhr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}] @="" [HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\InprocServer32] @="C:\\WINDOWS\\system32\\pvustab.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}] @="" [HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\InprocServer32] @="C:\\WINDOWS\\system32\\Maassif.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}] @="" [HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\InprocServer32] @="C:\\WINDOWS\\system32\\MlRpSys.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ wctdecod.dll Sun 20 Nov 2005 11:32:08 ..... 237.243 231,68 K sirenacm.dll Thu 13 Oct 2005 8:11:06 A.... 118.784 116,00 K qoppq.dll Sun 6 Nov 2005 10:40:22 ..... 544.788 532,02 K mlrpsys.dll Sun 20 Nov 2005 18:55:18 ..S.R 233.582 228,11 K j86m0i~1.dll Sun 20 Nov 2005 19:32:02 ..S.R 233.582 228,11 K o0pqla~1.dll Mon 21 Nov 2005 12:41:58 ..S.R 237.243 231,68 K 6 items found: 6 files (3 H/S), 0 directories. Total of file sizes: 1.605.222 bytes 1,53 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 013A-19F9 Verzeichnis von C:\WINDOWS\System32 21.11.2005 13:45 1.135 qppoq.ini 21.11.2005 12:41 237.243 o0pqla751d.dll 20.11.2005 19:32 233.582 j86m0ij1e8o.dll 20.11.2005 18:55 233.582 MlRpSys.dll 13.03.2003 16:20 <DIR> Microsoft 02.08.2002 18:24 <DIR> dllcache 4 Datei(en) 705.542 Bytes 2 Verzeichnis(se), 2.121.670.656 Bytes frei |
|
|
||
21.11.2005, 14:57
Ehrenmitglied
Beiträge: 29434 |
#9
VundoFix.exe
http://www.atribune.org/downloads/VundoFix.exe http://virus-protect.org/artikel/tools/vundofix.html reinkopieren: C:\WINDOWS\system32\qoppq.dll # Enter -> F6 --> Enter # dann wird erscheinen: Please type in the second filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix. # Enter --> dann die F6 Taste --> Enter reinkopieren: C:\WINDOWS\system32\qppoq.* # Enter --> F6 --> Enter # HijackThis wird sich oeffnen # In HijackThis --> Haekchen setzen vor diese Eintraege --> FIX CHECKED: ?????????????????? O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\fcccc.dll O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\qoppq.dll O20 - Winlogon Notify: fcccc - C:\WINDOWS\SYSTEM32\fcccc.dll O20 - Winlogon Notify: qoppq - C:\WINDOWS\System32\qoppq.dll O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\jtr4079qe.dll # schliesse Hijackthis, druecke irgendeine Taste und der PC wird neustarten # es wird einen"Blue Screen of Death" geben, das ist normal KILLBOX Delete File on Reboot -- anhaken reinkopieren: C:\WINDOWS\system32\o0pqla751d.dll C:\WINDOWS\system32\pvustab.dll C:\WINDOWS\system32\wctdecod.dll C:\WINDOWS\system32\vhr.dll C:\WINDOWS\system32\mlrpsys.dll C:\WINDOWS\system32\j86m0ij1e8o.dll C:\WINDOWS\system32\MlRpSys.dll C:\WINDOWS\system32\Maassif.dll C:\WINDOWS\system32\guard.tmp und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" (oder du startest neu, wenn es nicht anders geht) VX2Finder XP/2000--> poste das Log http://www.downloads.subratam.org/VX2Finder.exe arbeite ab: Option2 --> neustarten--> Option4--> poste das Log http://virus-protect.org/l2mfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.11.2005, 17:11
...neu hier
Themenstarter Beiträge: 5 |
#10
Log for VX2.BetterInternet File Finder (ALL)
Files Found--- Additional Files--- Keys Under Notify--- crypt32chain cryptnet cscdll qoppq ScCertProp Schedule sclgntfy SensLogn termsrv Unimodem wlballoon Guardian Key--- is called: Guardian Key--- : User Agent String--- {0E1BCBED-6AAB-9B2A-4DF7-6C5C0D791D3F} L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoppq] "Asynchronous"=dword:00000001 "DllName"="C:\\WINDOWS\\System32\\qoppq.dll" "Impersonate"=dword:00000000 "Startup"="SysLogon" "Logoff"="SysLogoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Unimodem] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\t88ulil918q.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{0E1BCBED-6AAB-9B2A-4DF7-6C5C0D791D3F}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop-Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}"="Mobile" "{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}"="Mobile ContextMenuHandler" "{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}"="Mobile PropertySheetHandler" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{4B4604E0-8961-11D4-A0EC-009099164712}"="Mein MultiPASS" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1" "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter" "{1FA6F4CC-B909-479F-B624-97CB683958AE}"="" "{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{923733A7-37F1-4C39-9384-B2F582F2F570}"="" "{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}"="" "{781E71DD-1D5A-4305-857D-8152CF9ACEB6}"="" "{264A39A1-5ED6-47CD-B6DE-8BB534293915}"="" "{A94B01FB-DA33-422B-9AA3-F67AFBA510AC}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\InprocServer32] @="C:\\WINDOWS\\system32\\vhr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}] @="" [HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\InprocServer32] @="C:\\WINDOWS\\system32\\pvustab.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}] @="" [HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\InprocServer32] @="C:\\WINDOWS\\system32\\Maassif.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}] @="" [HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\InprocServer32] @="C:\\WINDOWS\\system32\\wliprop.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{A94B01FB-DA33-422B-9AA3-F67AFBA510AC}] @="" [HKEY_CLASSES_ROOT\CLSID\{A94B01FB-DA33-422B-9AA3-F67AFBA510AC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{A94B01FB-DA33-422B-9AA3-F67AFBA510AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{A94B01FB-DA33-422B-9AA3-F67AFBA510AC}\InprocServer32] @="C:\\WINDOWS\\system32\\onffilt.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ wliprop.dll Mon 21 Nov 2005 15:59:50 ..S.R 233.582 228,11 K wctdecod.dll Sun 20 Nov 2005 11:32:08 ..... 237.243 231,68 K sirenacm.dll Thu 13 Oct 2005 8:11:06 A.... 118.784 116,00 K onffilt.dll Mon 21 Nov 2005 17:09:20 ..S.R 235.570 230,05 K fp0803~1.dll Mon 21 Nov 2005 15:59:50 ..S.R 234.385 228,89 K qoppq.dll Sun 6 Nov 2005 10:40:22 ..... 544.788 532,02 K mvjol9~1.dll Mon 21 Nov 2005 16:31:12 ..S.R 234.901 229,39 K m8nq0i~1.dll Mon 21 Nov 2005 17:09:18 ..S.R 236.128 230,59 K t88uli~1.dll Mon 21 Nov 2005 17:03:48 ..S.R 235.570 230,05 K j86m0i~1.dll Sun 20 Nov 2005 19:32:02 ..... 233.582 228,11 K 10 items found: 10 files (6 H/S), 0 directories. Total of file sizes: 2.544.533 bytes 2,43 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 013A-19F9 Verzeichnis von C:\WINDOWS\System32 21.11.2005 17:11 811 qppoq.ini 21.11.2005 17:09 235.570 onffilt.dll 21.11.2005 17:09 236.128 m8nq0i55e8.dll 21.11.2005 17:03 235.570 t88ulil918q.dll 21.11.2005 16:31 234.901 mvjol9131.dll 21.11.2005 15:59 234.385 fp0803due.dll 21.11.2005 15:59 233.582 wliprop.dll 13.03.2003 16:20 <DIR> Microsoft 02.08.2002 18:24 <DIR> dllcache 7 Datei(en) 1.410.947 Bytes 2 Verzeichnis(se), 2.040.913.920 Bytes frei SO ,jetzt setz ich nochmal mein HIJack Log File rein,da bei mir sich immer noch ständig Werbe Seiten öffnen und ich hier wirklich bald verrückt werd. hoffentlich haben wir die Sache bald im Griff... Logfile of HijackThis v1.99.1 Scan saved at 17:29:22, on 21.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programme\Canon\MultiPASS4\MPSERVIC.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WinAntiVirus 2005\AVSvc.exe C:\Programme\WinAntiVirus 2005\AVSchSvc.exe C:\WINDOWS\System32\cidaemon.exe C:\WINDOWS\Explorer.EXE C:\Programme\Telekom\Eumex 404PC\Capictrl.exe C:\Programme\FinePixViewer\QuickDCF.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\WinAntiVirus 2005\WinAV.exe C:\Dokumente und Einstellungen\Moritz Hartmann\Desktop\Virus\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.t-online.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\qoppq.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [monitr32] C:\Programme\Canon\MultiPASS4\monitr32.exe O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBOX.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: CAPIControl.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe O4 - Global Startup: Erinnerungen für Microsoft Works-Kalender.lnk = ? O4 - Global Startup: Canon MultiPASS-Statusüberwachung.lnk = C:\Programme\Canon\MultiPASS4\monitr32.exe O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_05\bin\npjpi141_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_05\bin\npjpi141_05.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .vem: C:\Programme\Internet Explorer_NT\Plugins\npkit32.dll O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq.com/odyssey_web8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FA04EB38-04A9-4A8F-9241-642794D7C1B7}: NameServer = 217.237.150.33 217.237.151.161 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: qoppq - C:\WINDOWS\System32\qoppq.dll O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\t88ulil918q.dll O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing) O23 - Service: AVScheduler - Unknown owner - C:\Programme\WinAntiVirus 2005\AVSchSvc.exe O23 - Service: BusinessC (BusinessContinuity) - Unknown owner - C:\WINDOWS\msstl.exe (file missing) O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: MpService - Canon Inc - C:\Programme\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe (file missing) O23 - Service: WinAntivirus - Unknown owner - C:\Programme\WinAntiVirus 2005\AVSvc.exe O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing) Dieser Beitrag wurde am 21.11.2005 um 17:30 Uhr von hartfra editiert.
|
|
|
||
21.11.2005, 23:36
Ehrenmitglied
Beiträge: 29434 |
#11
was du mir hier immer so fleissig postest, ist nicht das Log von Option 2 und 4
Zitat tippen Sie 2 ein --- [Enter]....das sieht anders aus...und den Vundo hast du auch nicht geloescht bekommen .... nun weiss ich auch nicht was tun...... o.k. scanne mit spysweeper /trial) und poste den scanreport http://virus-protect.org/spysweeper.html ------------- das ist der Dienst von einem Virus erstellt...also du siehst, das System ist extrem verseucht...................... O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing) O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing) die reinigung wird sich noch laaaange hinziehen...aber wenn du schon den Look2 me und Vundo nicht geloescht bekommst....rate ich doch zum Formatieren..... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
seit längerem tauchen in meinem Browser immer wieder von alleine lästige werbe popups auf und die Frage nach der Installation des WinFixers.
Nervt unglaublich
Hier mein Log File:
Logfile of HijackThis v1.99.1
Scan saved at 11:49:58, on 20.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programme\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WinAntiVirus 2005\AVSvc.exe
C:\Programme\WinAntiVirus 2005\AVSchSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Telekom\Eumex 404PC\Capictrl.exe
C:\Programme\FinePixViewer\QuickDCF.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programme\WinAntiVirus 2005\AVTray.exe
C:\Programme\WinAntiVirus 2005\Quar.exe
C:\Programme\Gemeinsame Dateien\WinSoftware\VapFM.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Programme\Outlook Express\msimn.exe
C:\Dokumente und Einstellungen\Moritz Hartmann\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.t-online.de/
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O1 - Hosts: 141.225.152.142 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 141.225.152.142 www3.aibgbonline.co.uk
O1 - Hosts: 141.225.152.142 www.bank.alliance-leicester.co.uk
O1 - Hosts: 141.225.152.142 login.iblogin.com
O1 - Hosts: 141.225.152.142 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 141.225.152.142 inet.barclays.co.uk
O1 - Hosts: 141.225.152.142 iibank.barclays.co.uk
O1 - Hosts: 141.225.152.142 iibank.cahoot.com
O1 - Hosts: 141.225.152.142 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 141.225.152.142 ww.hsbc.co.uk
O1 - Hosts: 141.225.152.142 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 141.225.152.142 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ob2.nationet.com
O1 - Hosts: 141.225.152.142 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 141.225.152.142 ww1.nwolb.com
O1 - Hosts: 141.225.152.142 ww1.onlinebanking.iombank.com
O1 - Hosts: 141.225.152.142 ww1.www.rbsdigital.com
O1 - Hosts: 141.225.152.142 welcome.smile.co.uk
O1 - Hosts: 141.225.152.142 login.365online.com
O1 - Hosts: 141.225.152.142 www.secure.mvnt4.com
O1 - Hosts: 141.225.152.142 ww.mynfbonline.com
O1 - Hosts: 141.225.152.142 login.forumcuonline.com
O1 - Hosts: 141.225.152.142 www.eds.usersonlnet.com
O1 - Hosts: 141.225.152.142 www.onlineid.bankofamerica.com
O1 - Hosts: 141.225.152.142 wvw.e-gold.com
O1 - Hosts: 141.225.152.142 pcbs.peoples.com
O1 - Hosts: 141.225.152.142 www.global1.onlinebank.com
O1 - Hosts: 141.225.152.142 ww2.mybranch.lafcu.com
O1 - Hosts: 141.225.152.142 login.webbanking.comerica.com
O1 - Hosts: 141.225.152.142 web.banking.firsttennessee.com
O1 - Hosts: 141.225.152.142 logon.members1st.org
O1 - Hosts: 141.225.152.142 www.cib.ibanking-services.com
O1 - Hosts: 141.225.152.142 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 141.225.152.142 wvw.paypal.com
O1 - Hosts: 141.225.152.142 www.signin.ebay.com
O1 - Hosts: 141.225.152.142 wvw.etrade.com
O1 - Hosts: 141.225.152.142 ww4.fleethomelink.fleet.com
O1 - Hosts: 141.225.152.142 ww3.connect.skyfi.com
O1 - Hosts: 141.225.152.142 www6.usbank.com
O1 - Hosts: 141.225.152.142 www.bvi.bancodevalencia.es
O1 - Hosts: 141.225.152.142 extrant.banesto.es
O1 - Hosts: 141.225.152.142 banesnt.banesto.es
O1 - Hosts: 141.225.152.142 activia.caixagalicia.es
O1 - Hosts: 141.225.152.142 www.bancae.caixapenedes.com
O1 - Hosts: 141.225.152.142 login.caixasabadell.net
O1 - Hosts: 141.225.152.142 oii.cajamadrid.es
O1 - Hosts: 141.225.152.142 login.cajamar.es
O1 - Hosts: 141.225.152.142 login.ccm.es
O1 - Hosts: 141.225.152.142 ww.unicaja.es
O1 - Hosts: 141.225.152.142 www5.bancopopular.es
O1 - Hosts: 141.225.152.142 ww3.bbvanet.com
O1 - Hosts: 141.225.152.142 ww.bayernlb.de
O1 - Hosts: 141.225.152.142 ww2.berliner-volksbank.de
O1 - Hosts: 141.225.152.142 ww7.homebanking-berlin.de
O1 - Hosts: 141.225.152.142 portal09.commerzbanking.de
O1 - Hosts: 141.225.152.142 www.meine.deutsche-bank.de
O1 - Hosts: 141.225.152.142 ww2.dresdner-privat.de
O1 - Hosts: 141.225.152.142 ww.e-banking.helaba.de
O1 - Hosts: 141.225.152.142 ww.hsh-nordbank.de
O1 - Hosts: 141.225.152.142 www.my.hypovereinsbank.de
O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de
O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de
O1 - Hosts: 141.225.152.142 www.banking.lbbw.de
O1 - Hosts: 141.225.152.142 lrp.sparkasse-banking.de
O1 - Hosts: 141.225.152.142 ww3.homebanking-niedersachsen.de
O1 - Hosts: 141.225.152.142 www.onlinebanking.norisbank.de
O1 - Hosts: 141.225.152.142 www.banking.postbank.de
O1 - Hosts: 141.225.152.142 wvw.internetbanking.gad.de
O1 - Hosts: 141.225.152.142 ww1.portal.izb.de
O1 - Hosts: 141.225.152.142 wvw.kunden-service.lbs.de
O1 - Hosts: 141.225.152.142 ibanking.seb.de
O1 - Hosts: 141.225.152.142 bw7.sparkasse-banking.de
O1 - Hosts: 141.225.152.142 ww2.homebanking-sparkasse.de
O1 - Hosts: 141.225.152.142 ww2.vr-networld-ebanking.de
O1 - Hosts: 141.225.152.142 ww.bics.fr
O1 - Hosts: 141.225.152.142 www.co.caixabank.fr
O1 - Hosts: 141.225.152.142 ww.creditmutuel.fr
O1 - Hosts: 141.225.152.142 internetbank.intesabci.it
O1 - Hosts: 141.225.152.142 ww.extensive.bancalombarda.it
O1 - Hosts: 141.225.152.142 wvw.csebanking.it
O1 - Hosts: 141.225.152.142 www.mybank.bybank.it
O1 - Hosts: 141.225.152.142 ww.isideonline.it
O1 - Hosts: 141.225.152.142 ww3.sella.it
O1 - Hosts: 141.225.152.142 ww2.anz.com
O1 - Hosts: 141.225.152.142 fni.asbbank.co.nz
O1 - Hosts: 141.225.152.142 fastnetoffice.asbbank.co.nz
O1 - Hosts: 141.225.152.142 ww1.bendigobank.com.au
O1 - Hosts: 141.225.152.142 ww2.netbank.commbank.com.au
O1 - Hosts: 141.225.152.142 lb.national.com.au
O1 - Hosts: 141.225.152.142 ww2.nbnz.co.nz
O1 - Hosts: 141.225.152.142 ww2.teacherscreditunion.com.au
O1 - Hosts: 141.225.152.142 ollb.westpac.com.au
O1 - Hosts: 141.225.152.142 isec.westpactrust.co.nz
O1 - Hosts: 141.225.152.142 ww5.bmo.com
O1 - Hosts: 141.225.152.142 ww.cibconline.cibc.com
O1 - Hosts: 141.225.152.142 ww1.royalbank.com
O1 - Hosts: 141.225.152.142 ww2.scotiaonline.scotiabank.com
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\fcccc.dll
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\qoppq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [monitr32] C:\Programme\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBOX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ecsiin] c:\ecsiin.stub.exe
O4 - HKLM\..\Run: [timessquare] c:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2005] c:\windows\adtech2005.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [Norton Antivirus] nortonav.exe
O4 - HKLM\..\Run: [AVTray] "C:\Programme\WinAntiVirus 2005\AVTray.exe"
O4 - HKLM\..\RunServices: [Norton Antivirus] nortonav.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Erinnerungen für Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Canon MultiPASS-Statusüberwachung.lnk = C:\Programme\Canon\MultiPASS4\monitr32.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_05\bin\npjpi141_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_05\bin\npjpi141_05.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .vem: C:\Programme\Internet Explorer_NT\Plugins\npkit32.dll
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq.com/odyssey_web8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA04EB38-04A9-4A8F-9241-642794D7C1B7}: NameServer = 217.237.150.33 217.237.151.161
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: fcccc - C:\WINDOWS\SYSTEM32\fcccc.dll
O20 - Winlogon Notify: qoppq - C:\WINDOWS\System32\qoppq.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\jtr4079qe.dll
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: AVScheduler - Unknown owner - C:\Programme\WinAntiVirus 2005\AVSchSvc.exe
O23 - Service: BusinessC (BusinessContinuity) - Unknown owner - C:\WINDOWS\msstl.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc - C:\Programme\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: WinAntivirus - Unknown owner - C:\Programme\WinAntiVirus 2005\AVSvc.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing)
Ich hoffe sehr, dass ihr mir helfen könnt. Habe WinAntiVirus2005 ,aber der hilft auch nicht...Vielen Dank
Moritz