Nervige Werbe Popups + WinFixer

#1 Hi Leute,

seit längerem tauchen in meinem Browser immer wieder von alleine lästige werbe popups auf und die Frage nach der Installation des WinFixers.
Nervt unglaublich

Hier mein Log File:

Logfile of HijackThis v1.99.1
Scan saved at 11:49:58, on 20.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programme\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WinAntiVirus 2005\AVSvc.exe
C:\Programme\WinAntiVirus 2005\AVSchSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Telekom\Eumex 404PC\Capictrl.exe
C:\Programme\FinePixViewer\QuickDCF.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programme\WinAntiVirus 2005\AVTray.exe
C:\Programme\WinAntiVirus 2005\Quar.exe
C:\Programme\Gemeinsame Dateien\WinSoftware\VapFM.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Programme\Outlook Express\msimn.exe
C:\Dokumente und Einstellungen\Moritz Hartmann\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.t-online.de/
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O1 - Hosts: 141.225.152.142 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 141.225.152.142 www3.aibgbonline.co.uk
O1 - Hosts: 141.225.152.142 www.bank.alliance-leicester.co.uk
O1 - Hosts: 141.225.152.142 login.iblogin.com
O1 - Hosts: 141.225.152.142 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 141.225.152.142 inet.barclays.co.uk
O1 - Hosts: 141.225.152.142 iibank.barclays.co.uk
O1 - Hosts: 141.225.152.142 iibank.cahoot.com
O1 - Hosts: 141.225.152.142 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 141.225.152.142 ww.hsbc.co.uk
O1 - Hosts: 141.225.152.142 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 141.225.152.142 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ob2.nationet.com
O1 - Hosts: 141.225.152.142 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 141.225.152.142 ww1.nwolb.com
O1 - Hosts: 141.225.152.142 ww1.onlinebanking.iombank.com
O1 - Hosts: 141.225.152.142 ww1.www.rbsdigital.com
O1 - Hosts: 141.225.152.142 welcome.smile.co.uk
O1 - Hosts: 141.225.152.142 login.365online.com
O1 - Hosts: 141.225.152.142 www.secure.mvnt4.com
O1 - Hosts: 141.225.152.142 ww.mynfbonline.com
O1 - Hosts: 141.225.152.142 login.forumcuonline.com
O1 - Hosts: 141.225.152.142 www.eds.usersonlnet.com
O1 - Hosts: 141.225.152.142 www.onlineid.bankofamerica.com
O1 - Hosts: 141.225.152.142 wvw.e-gold.com
O1 - Hosts: 141.225.152.142 pcbs.peoples.com
O1 - Hosts: 141.225.152.142 www.global1.onlinebank.com
O1 - Hosts: 141.225.152.142 ww2.mybranch.lafcu.com
O1 - Hosts: 141.225.152.142 login.webbanking.comerica.com
O1 - Hosts: 141.225.152.142 web.banking.firsttennessee.com
O1 - Hosts: 141.225.152.142 logon.members1st.org
O1 - Hosts: 141.225.152.142 www.cib.ibanking-services.com
O1 - Hosts: 141.225.152.142 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 141.225.152.142 wvw.paypal.com
O1 - Hosts: 141.225.152.142 www.signin.ebay.com
O1 - Hosts: 141.225.152.142 wvw.etrade.com
O1 - Hosts: 141.225.152.142 ww4.fleethomelink.fleet.com
O1 - Hosts: 141.225.152.142 ww3.connect.skyfi.com
O1 - Hosts: 141.225.152.142 www6.usbank.com
O1 - Hosts: 141.225.152.142 www.bvi.bancodevalencia.es
O1 - Hosts: 141.225.152.142 extrant.banesto.es
O1 - Hosts: 141.225.152.142 banesnt.banesto.es
O1 - Hosts: 141.225.152.142 activia.caixagalicia.es
O1 - Hosts: 141.225.152.142 www.bancae.caixapenedes.com
O1 - Hosts: 141.225.152.142 login.caixasabadell.net
O1 - Hosts: 141.225.152.142 oii.cajamadrid.es
O1 - Hosts: 141.225.152.142 login.cajamar.es
O1 - Hosts: 141.225.152.142 login.ccm.es
O1 - Hosts: 141.225.152.142 ww.unicaja.es
O1 - Hosts: 141.225.152.142 www5.bancopopular.es
O1 - Hosts: 141.225.152.142 ww3.bbvanet.com
O1 - Hosts: 141.225.152.142 ww.bayernlb.de
O1 - Hosts: 141.225.152.142 ww2.berliner-volksbank.de
O1 - Hosts: 141.225.152.142 ww7.homebanking-berlin.de
O1 - Hosts: 141.225.152.142 portal09.commerzbanking.de
O1 - Hosts: 141.225.152.142 www.meine.deutsche-bank.de
O1 - Hosts: 141.225.152.142 ww2.dresdner-privat.de
O1 - Hosts: 141.225.152.142 ww.e-banking.helaba.de
O1 - Hosts: 141.225.152.142 ww.hsh-nordbank.de
O1 - Hosts: 141.225.152.142 www.my.hypovereinsbank.de
O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de
O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de
O1 - Hosts: 141.225.152.142 www.banking.lbbw.de
O1 - Hosts: 141.225.152.142 lrp.sparkasse-banking.de
O1 - Hosts: 141.225.152.142 ww3.homebanking-niedersachsen.de
O1 - Hosts: 141.225.152.142 www.onlinebanking.norisbank.de
O1 - Hosts: 141.225.152.142 www.banking.postbank.de
O1 - Hosts: 141.225.152.142 wvw.internetbanking.gad.de
O1 - Hosts: 141.225.152.142 ww1.portal.izb.de
O1 - Hosts: 141.225.152.142 wvw.kunden-service.lbs.de
O1 - Hosts: 141.225.152.142 ibanking.seb.de
O1 - Hosts: 141.225.152.142 bw7.sparkasse-banking.de
O1 - Hosts: 141.225.152.142 ww2.homebanking-sparkasse.de
O1 - Hosts: 141.225.152.142 ww2.vr-networld-ebanking.de
O1 - Hosts: 141.225.152.142 ww.bics.fr
O1 - Hosts: 141.225.152.142 www.co.caixabank.fr
O1 - Hosts: 141.225.152.142 ww.creditmutuel.fr
O1 - Hosts: 141.225.152.142 internetbank.intesabci.it
O1 - Hosts: 141.225.152.142 ww.extensive.bancalombarda.it
O1 - Hosts: 141.225.152.142 wvw.csebanking.it
O1 - Hosts: 141.225.152.142 www.mybank.bybank.it
O1 - Hosts: 141.225.152.142 ww.isideonline.it
O1 - Hosts: 141.225.152.142 ww3.sella.it
O1 - Hosts: 141.225.152.142 ww2.anz.com
O1 - Hosts: 141.225.152.142 fni.asbbank.co.nz
O1 - Hosts: 141.225.152.142 fastnetoffice.asbbank.co.nz
O1 - Hosts: 141.225.152.142 ww1.bendigobank.com.au
O1 - Hosts: 141.225.152.142 ww2.netbank.commbank.com.au
O1 - Hosts: 141.225.152.142 lb.national.com.au
O1 - Hosts: 141.225.152.142 ww2.nbnz.co.nz
O1 - Hosts: 141.225.152.142 ww2.teacherscreditunion.com.au
O1 - Hosts: 141.225.152.142 ollb.westpac.com.au
O1 - Hosts: 141.225.152.142 isec.westpactrust.co.nz
O1 - Hosts: 141.225.152.142 ww5.bmo.com
O1 - Hosts: 141.225.152.142 ww.cibconline.cibc.com
O1 - Hosts: 141.225.152.142 ww1.royalbank.com
O1 - Hosts: 141.225.152.142 ww2.scotiaonline.scotiabank.com
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\fcccc.dll
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\qoppq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [monitr32] C:\Programme\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBOX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ecsiin] c:\ecsiin.stub.exe
O4 - HKLM\..\Run: [timessquare] c:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2005] c:\windows\adtech2005.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [Norton Antivirus] nortonav.exe
O4 - HKLM\..\Run: [AVTray] "C:\Programme\WinAntiVirus 2005\AVTray.exe"
O4 - HKLM\..\RunServices: [Norton Antivirus] nortonav.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Erinnerungen für Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Canon MultiPASS-Statusüberwachung.lnk = C:\Programme\Canon\MultiPASS4\monitr32.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_05\bin\npjpi141_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_05\bin\npjpi141_05.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .vem: C:\Programme\Internet Explorer_NT\Plugins\npkit32.dll
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq.com/odyssey_web8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA04EB38-04A9-4A8F-9241-642794D7C1B7}: NameServer = 217.237.150.33 217.237.151.161
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: fcccc - C:\WINDOWS\SYSTEM32\fcccc.dll
O20 - Winlogon Notify: qoppq - C:\WINDOWS\System32\qoppq.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\jtr4079qe.dll
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: AVScheduler - Unknown owner - C:\Programme\WinAntiVirus 2005\AVSchSvc.exe
O23 - Service: BusinessC (BusinessContinuity) - Unknown owner - C:\WINDOWS\msstl.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc - C:\Programme\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: WinAntivirus - Unknown owner - C:\Programme\WinAntiVirus 2005\AVSvc.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing)



Ich hoffe sehr, dass ihr mir helfen könnt. Habe WinAntiVirus2005 ,aber der hilft auch nicht...Vielen Dank

Moritz

#2 Hallo@hartfra

da ist mehr drauf, als der Winfixer, deshalb muss ich tiefer graben:

Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

CCleaner
http://virus-protect.org/temp.html
lösche alle temp-Dateien

kopiere hier die 4 Logs
http://virus-protect.org/datfindbat.html

kopiere das Log von Option 1
http://virus-protect.org/l2mfix.html

ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip
- entzippen
- scannen
- POST_THIS.TXT abkopieren
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Hi Sabina,
Die letzten beiden Links konnte ich nicht aufrufen. Die Seite konnte irgendwie nicht geladen werden. Hoffentlich kannst du hiermit schon mal was anfangen
ich hoffe ich hab alles richtig gemacht....Vielen Dank für die Hilfe
Moritz

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 013A-19F9

Verzeichnis von C:\WINDOWS\system32

20.11.2005 15:25 202.459 qppoq.ini2
20.11.2005 11:32 237.243 wctdecod.dll
20.11.2005 11:32 233.582 lv6609jse.dll
20.11.2005 01:00 233.509 xblparse.dll
20.11.2005 00:57 237.243 jtr4079qe.dll
19.11.2005 21:00 130.096 FNTCACHE.DAT
19.11.2005 20:41 233.660 sllwid.dll
19.11.2005 18:26 27.661 ljjkk.dll
19.11.2005 17:24 27.661 ursss.dll
19.11.2005 16:32 27.661 nnnkk.dll
19.11.2005 16:24 413.003 qppoq.bak2
19.11.2005 15:47 237.243 ugrar.dll
19.11.2005 15:42 27.661 ljjhe.dll
19.11.2005 13:07 235.933 fpj6031se.dll
19.11.2005 08:36 27.661 oppml.dll
18.11.2005 19:38 27.661 awttr.dll
18.11.2005 18:14 27.661 geefc.dll
17.11.2005 17:12 27.661 xxwtt.dll
17.11.2005 16:43 27.661 jkhhe.dll
17.11.2005 16:41 28.173 jkklj.dll
17.11.2005 16:20 28.173 mljjh.dll
16.11.2005 21:21 28.173 yaywt.dll
15.11.2005 21:49 28.173 fcyxx.dll
15.11.2005 18:46 28.173 fcyyy.dll
15.11.2005 17:55 28.173 qomlm.dll
15.11.2005 17:49 28.173 mljhf.dll
15.11.2005 17:47 28.173 ddcyv.dll
15.11.2005 16:57 28.173 qomki.dll
15.11.2005 15:34 28.173 wvutq.dll
15.11.2005 14:57 28.173 tussp.dll
14.11.2005 19:11 28.173 qopoo.dll
14.11.2005 18:14 28.173 yabxy.dll
14.11.2005 17:25 28.173 urssp.dll
14.11.2005 16:45 28.173 mljgg.dll
14.11.2005 15:58 28.173 geeda.dll
14.11.2005 15:39 28.173 wvwxu.dll
14.11.2005 09:46 28.173 tuvvv.dll
13.11.2005 16:23 28.173 ljjgd.dll
13.11.2005 16:07 28.173 efeff.dll
13.11.2005 13:24 28.173 nnnli.dll
13.11.2005 12:05 28.173 iifed.dll
13.11.2005 10:35 28.173 urqqo.dll
12.11.2005 20:29 28.173 qopnm.dll
12.11.2005 15:50 28.173 vtusq.dll
12.11.2005 15:49 28.173 fcyvv.dll
12.11.2005 15:48 28.173 byxvw.dll
12.11.2005 11:23 28.173 geebx.dll
11.11.2005 19:29 28.173 ljhfg.dll
11.11.2005 18:43 28.173 byxus.dll
11.11.2005 18:07 28.173 urspm.dll
10.11.2005 21:48 28.173 cbxvu.dll
10.11.2005 17:32 28.173 cbaxw.dll
10.11.2005 17:16 28.173 awvss.dll
10.11.2005 17:13 28.173 pmkhh.dll
10.11.2005 16:22 28.173 ljjhh.dll
10.11.2005 15:43 28.173 iiihi.dll
10.11.2005 15:17 28.173 cbabc.dll
10.11.2005 15:16 28.173 ljhhg.dll
10.11.2005 15:14 28.173 iiffc.dll
10.11.2005 15:13 28.173 vtuuv.dll
10.11.2005 15:10 28.173 mllih.dll
10.11.2005 14:42 28.173 fcywu.dll
10.11.2005 12:33 28.173 jkhfd.dll
10.11.2005 12:15 28.173 nnnmk.dll
09.11.2005 20:45 28.173 awtqr.dll
09.11.2005 19:40 28.173 xxwtr.dll
09.11.2005 19:13 28.173 iifeb.dll
09.11.2005 18:15 28.173 ddcyx.dll
09.11.2005 17:11 28.173 urspn.dll
09.11.2005 16:59 28.173 hgdbx.dll
09.11.2005 16:34 28.173 fccyx.dll
08.11.2005 18:57 28.173 xxyab.dll
08.11.2005 17:22 28.173 qomjk.dll
08.11.2005 16:22 28.173 iiijj.dll
08.11.2005 15:17 28.173 ddcaw.dll
08.11.2005 15:07 202.297 qppoq.ini
08.11.2005 14:56 202.297 qppoq.tmp
08.11.2005 14:51 0 TFTP1520
08.11.2005 14:32 28.173 cbxvt.dll
07.11.2005 20:10 28.173 sstqr.dll
07.11.2005 19:37 28.173 tuvsr.dll
07.11.2005 19:36 28.173 xxwur.dll
07.11.2005 19:19 28.173 qopml.dll
07.11.2005 18:50 28.173 pmkli.dll
07.11.2005 15:49 28.173 vturr.dll
07.11.2005 13:30 28.173 yabaa.dll
07.11.2005 13:14 28.173 iifdb.dll
06.11.2005 21:58 28.173 yayax.dll
06.11.2005 21:05 28.173 rqrqq.dll
06.11.2005 17:44 28.173 xxwwv.dll
06.11.2005 14:51 28.173 vtusp.dll
06.11.2005 13:51 28.173 xxwut.dll
06.11.2005 11:11 28.173 fcccc.dll
06.11.2005 10:40 193.944 qppoq.bak1
06.11.2005 10:40 544.788 qoppq.dll
06.11.2005 10:39 28.173 khhgg.dll
05.11.2005 21:19 28.173 hgdda.dll
05.11.2005 15:11 28.173 cbaxv.dll
05.11.2005 13:34 28.173 tusts.dll
05.11.2005 12:56 28.173 rqrrp.dll
05.11.2005 12:19 28.173 wvwvs.dll
04.11.2005 17:53 2.184 wpa.dbl
02.11.2005 00:44 127.574 tsuninst.exe
13.10.2005 08:11 118.784 sirenacm.dll
11.10.2005 11:57 39.992 perfc009.dat
11.10.2005 11:57 726.486 PerfStringBackup.INI
11.10.2005 11:57 311.604 perfh009.dat
11.10.2005 11:57 319.870 perfh007.dat
11.10.2005 11:57 49.856 perfc007.dat
15.09.2005 19:08 16.184 GlyphInfo.bin
15.09.2005 19:08 47.812 FontInfo.bin
12.09.2005 21:00 1.401 atrc8parb.ini
11.09.2005 14:09 2.014.592 TUKernel.exe
06.09.2005 20:52 5 c5t_bcuzZ.txt
05.09.2005 14:31 0 TFTP6096
22.08.2005 14:05 28.672 ZXCRT.exe
10.08.2005 18:48 8.192 goot.exe
06.07.2005 17:17 89.088 atl71.dll
04.07.2005 15:29 0 TFTP2432
02.07.2005 11:59 0 TFTP2580
27.06.2005 18:15 3.725 qtplugin.log
15.06.2005 16:38 0 TFTP2472
07.06.2005 12:10 0 TFTP4048
02.06.2005 15:41 0 TFTP3932




Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 013A-19F9

Verzeichnis von C:\WINDOWS

20.11.2005 11:31 159 wiadebug.log
20.11.2005 11:31 2.048 bootstat.dat
20.11.2005 01:03 32.618 SchedLgU.Txt
20.11.2005 01:03 50 wiaservc.log
19.11.2005 17:15 1.138 win.ini
17.11.2005 17:51 1.065 winamp.ini
17.11.2005 16:25 0 timessquare1.dat
17.11.2005 16:25 40 teller2.chk
17.11.2005 16:25 69.888 adtech2005.exe
17.11.2005 16:24 38 drsmartload.dat
17.11.2005 16:24 41.216 timessquare.exe
15.11.2005 22:17 2.510 Microsoft.MIF
10.11.2005 17:20 99.970 UninstallFirefox.exe
10.11.2005 17:20 13.403 mozver.dat
01.11.2005 19:07 3.932.214 Firefox Wallpaper.bmp
29.10.2005 16:49 85 WSST_Screen_Saver.ini
05.10.2005 18:04 253.952 Setup1.exe
05.10.2005 18:04 74.752 ST6UNST.EXE
05.10.2005 18:02 2.339 ST6UNST.002
05.10.2005 18:00 2.339 ST6UNST.001
05.10.2005 17:57 3.162 ST6UNST.000
30.09.2005 18:58 2.464 $_hpcst$.hpc
30.09.2005 18:55 748 ODBC.INI
11.09.2005 13:54 45 DGLHMK.ini
11.09.2005 13:17 339 system.ini
05.09.2005 14:27 32.768 unstall.exe
22.08.2005 12:23 2 tempf.txt
31.07.2005 14:44 134 cdplayer.ini
30.07.2005 15:24 533 QTW.INI
09.07.2005 12:30 3.165 symantec.css
09.07.2005 12:17 1.523 start_virus_over.gif
09.07.2005 12:00 173 nav_help-over.gif
09.07.2005 11:59 247 nav_solutions-over.gif
09.07.2005 11:59 248 nav_alert-over.gif
09.07.2005 11:57 253 nav_info-over.gif
07.07.2005 16:24 1.490 start_security_over.gif
07.07.2005 16:24 27.581 home_bg3.jpg
07.07.2005 16:24 2.561 logo_home.gif
07.07.2005 16:24 1.947 logo_symantec.gif
05.07.2005 04:11 363 icon_security_scan.gif
05.07.2005 04:11 419 icon_virus_detection.gif




Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 013A-19F9

Verzeichnis von C:\

20.11.2005 15:28 0 sys.txt
20.11.2005 15:27 10.237 system.txt
20.11.2005 15:27 136 systemtemp.txt
20.11.2005 15:25 109.997 system32.txt
20.11.2005 11:31 402.247.680 hiberfil.sys
20.11.2005 11:31 201.326.592 pagefile.sys
17.11.2005 16:26 48 LSWMV.INI
17.11.2005 16:23 77.824 ecsiin.stub.exe
17.11.2005 16:22 25.105 mte3ndi6odoxng.exe
17.11.2005 16:22 14.848 stub_113_4_0_4_0.exe
17.11.2005 16:21 578.560 installer.exe
15.09.2005 19:58 242 TO_InstallLog.txt
11.09.2005 14:09 355 boot.ini
10.09.2005 18:52 588 asdf.txt
30.08.2005 11:46 3.937 det.exe
28.08.2005 12:15 0 DBS.TXT
27.08.2005 09:50 144.213 fsdgh.exe
21.08.2005 13:41 144.213 ct45.exe
11.08.2005 19:18 402 socks.exe
10.07.2005 18:20 15.360 Thumbs.db
30.06.2005 11:44 203 msprss32.exe
27.06.2005 18:20 1.260 INSTALL.LOG
27.06.2005 13:48 29.397 mswcom.exe
06.05.2005 18:15 84 RobotError.log
04.05.2005 14:31 38.388 op.exe

#4 der Server setzt manchmal aus (ueberlastet.... ? )...nun geht es wieder

kopiere das Log von Option 1
http://virus-protect.org/l2mfix.html

ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip
- entzippen
- scannen
- POST_THIS.TXT abkopieren
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Gehe in die Registry
Start-->Ausfuehren--> regedit

HKEY_LOCAL_MACHINE\Software\Microsoft\ActiveSetup\Installed Components

StubPath C:\WINDOWS\System32\Scanstartup.exe <--loeschen
------------------------------------------------------------------------------------
VundoFix.exe
http://www.atribune.org/downloads/VundoFix.exe
http://virus-protect.org/artikel/tools/vundofix.html

reinkopieren:

C:\WINDOWS\system32\qoppq.dll

# Enter -> F6 --> Enter

# dann wird erscheinen:

Please type in the second filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix.

# Enter --> dann die F6 Taste --> Enter

reinkopieren:

C:\WINDOWS\system32\qppoq.*

# Enter --> F6 --> Enter

# HijackThis wird sich oeffnen

# In HijackThis --> Haekchen setzen vor diese Eintraege --> FIX CHECKED:

R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\fcccc.dll
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\qoppq.dll

O4 - HKLM\..\Run: [ecsiin] c:\ecsiin.stub.exe
O4 - HKLM\..\Run: [timessquare] c:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2005] c:\windows\adtech2005.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [Norton Antivirus] nortonav.exe
O4 - HKLM\..\Run: [AVTray] "C:\Programme\WinAntiVirus 2005\AVTray.exe"
O4 - HKLM\..\RunServices: [Norton Antivirus] nortonav.exe

O20 - Winlogon Notify: fcccc - C:\WINDOWS\SYSTEM32\fcccc.dll
O20 - Winlogon Notify: qoppq - C:\WINDOWS\System32\qoppq.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\jtr4079qe.dll

# schliesse Hijackthis, druecke irgendeine Taste und der PC wird neustarten
# es wird einen"Blue Screen of Death" geben, das ist normal

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\system32\wctdecod.dll
C:\WINDOWS\System32\fcccc.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\lv6609jse.dll
C:\WINDOWS\system32\xblparse.dll
C:\WINDOWS\system32\jtr4079qe.dll
C:\WINDOWS\system32\sllwid.dll
C:\WINDOWS\system32\ljjkk.dll
C:\WINDOWS\system32\ursss.dll
C:\WINDOWS\system32\nnnkk.dll

weiter reinkopieren...aber ohne das Datum

19.11.2005 15:47 237.243 C:\WINDOWS\system32\ugrar.dll
19.11.2005 15:42 27.661 C:\WINDOWS\system32\ljjhe.dll
19.11.2005 13:07 235.933 C:\WINDOWS\system32\fpj6031se.dll
19.11.2005 08:36 27.661 C:\WINDOWS\system32\oppml.dll
18.11.2005 19:38 27.661 C:\WINDOWS\system32\awttr.dll
18.11.2005 18:14 27.661 C:\WINDOWS\system32\geefc.dll
17.11.2005 17:12 27.661 C:\WINDOWS\system32\xxwtt.dll
17.11.2005 16:43 27.661 C:\WINDOWS\system32\jkhhe.dll
17.11.2005 16:41 28.173 C:\WINDOWS\system32\jkklj.dll
17.11.2005 16:20 28.173 C:\WINDOWS\system32\mljjh.dll
16.11.2005 21:21 28.173 C:\WINDOWS\system32\yaywt.dll
15.11.2005 21:49 28.173 C:\WINDOWS\system32\fcyxx.dll
15.11.2005 18:46 28.173 C:\WINDOWS\system32\fcyyy.dll
15.11.2005 17:55 28.173 C:\WINDOWS\system32\qomlm.dll
15.11.2005 17:49 28.173 C:\WINDOWS\system32\mljhf.dll
15.11.2005 17:47 28.173 C:\WINDOWS\system32\ddcyv.dll
15.11.2005 16:57 28.173 C:\WINDOWS\system32\qomki.dll
15.11.2005 15:34 28.173 C:\WINDOWS\system32\wvutq.dll
15.11.2005 14:57 28.173 C:\WINDOWS\system32\tussp.dll
14.11.2005 19:11 28.173 C:\WINDOWS\system32\qopoo.dll
14.11.2005 18:14 28.173 C:\WINDOWS\system32\yabxy.dll
14.11.2005 17:25 28.173 C:\WINDOWS\system32\urssp.dll
14.11.2005 16:45 28.173 C:\WINDOWS\system32\mljgg.dll
14.11.2005 15:58 28.173 C:\WINDOWS\system32\geeda.dll
14.11.2005 15:39 28.173 C:\WINDOWS\system32\wvwxu.dll
14.11.2005 09:46 28.173 C:\WINDOWS\system32\tuvvv.dll
13.11.2005 16:23 28.173 C:\WINDOWS\system32\ljjgd.dll
13.11.2005 16:07 28.173 C:\WINDOWS\system32\efeff.dll
13.11.2005 13:24 28.173 C:\WINDOWS\system32\nnnli.dll
13.11.2005 12:05 28.173 C:\WINDOWS\system32\iifed.dll
13.11.2005 10:35 28.173 C:\WINDOWS\system32\urqqo.dll
12.11.2005 20:29 28.173 C:\WINDOWS\system32\qopnm.dll
12.11.2005 15:50 28.173 C:\WINDOWS\system32\vtusq.dll
12.11.2005 15:49 28.173 C:\WINDOWS\system32\fcyvv.dll
12.11.2005 15:48 28.173 C:\WINDOWS\system32\byxvw.dll
12.11.2005 11:23 28.173 C:\WINDOWS\system32\geebx.dll
11.11.2005 19:29 28.173 C:\WINDOWS\system32\ljhfg.dll
11.11.2005 18:43 28.173 C:\WINDOWS\system32\byxus.dll
11.11.2005 18:07 28.173 C:\WINDOWS\system32\urspm.dll
10.11.2005 21:48 28.173 C:\WINDOWS\system32\cbxvu.dll
10.11.2005 17:32 28.173 C:\WINDOWS\system32\cbaxw.dll
10.11.2005 17:16 28.173 C:\WINDOWS\system32\awvss.dll
10.11.2005 17:13 28.173 C:\WINDOWS\system32\pmkhh.dll
10.11.2005 16:22 28.173 C:\WINDOWS\system32\ljjhh.dll
10.11.2005 15:43 28.173 C:\WINDOWS\system32\iiihi.dll
10.11.2005 15:17 28.173 C:\WINDOWS\system32\cbabc.dll
10.11.2005 15:16 28.173 C:\WINDOWS\system32\ljhhg.dll
10.11.2005 15:14 28.173 C:\WINDOWS\system32\iiffc.dll
10.11.2005 15:13 28.173 C:\WINDOWS\system32\vtuuv.dll
10.11.2005 15:10 28.173 C:\WINDOWS\system32\mllih.dll
10.11.2005 14:42 28.173 C:\WINDOWS\system32\fcywu.dll
10.11.2005 12:33 28.173 C:\WINDOWS\system32\jkhfd.dll
10.11.2005 12:15 28.173 C:\WINDOWS\system32\nnnmk.dll
09.11.2005 20:45 28.173 C:\WINDOWS\system32\awtqr.dll
09.11.2005 19:40 28.173 C:\WINDOWS\system32\xxwtr.dll
09.11.2005 19:13 28.173 C:\WINDOWS\system32\iifeb.dll
09.11.2005 18:15 28.173 C:\WINDOWS\system32\ddcyx.dll
09.11.2005 17:11 28.173 C:\WINDOWS\system32\urspn.dll
09.11.2005 16:59 28.173 C:\WINDOWS\system32\hgdbx.dll
09.11.2005 16:34 28.173 C:\WINDOWS\system32\fccyx.dll
08.11.2005 18:57 28.173 C:\WINDOWS\system32\xxyab.dll
08.11.2005 17:22 28.173 C:\WINDOWS\system32\qomjk.dll

C:\WINDOWS\system32\iiijj.dll
C:\WINDOWS\system32\ddcaw.dll
C:\WINDOWS\system32\TFTP1520
C:\WINDOWS\system32\cbxvt.dll
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\tuvsr.dll
C:\WINDOWS\system32\jtr4079qe.dll
C:\WINDOWS\system32\nortonav.exe

07.11.2005 19:36 28.173 C:\WINDOWS\system32\xxwur.dll
07.11.2005 19:19 28.173 C:\WINDOWS\system32\qopml.dll
07.11.2005 18:50 28.173 C:\WINDOWS\system32\pmkli.dll
07.11.2005 15:49 28.173 C:\WINDOWS\system32\vturr.dll
07.11.2005 13:30 28.173 C:\WINDOWS\system32\yabaa.dll
07.11.2005 13:14 28.173 C:\WINDOWS\system32\iifdb.dll
06.11.2005 21:58 28.173 C:\WINDOWS\system32\yayax.dll
06.11.2005 21:05 28.173 C:\WINDOWS\system32\rqrqq.dll
06.11.2005 17:44 28.173 C:\WINDOWS\system32\xxwwv.dll
06.11.2005 14:51 28.173 C:\WINDOWS\system32\vtusp.dll
06.11.2005 13:51 28.173 C:\WINDOWS\system32\xxwut.dll
06.11.2005 11:11 28.173 C:\WINDOWS\system32\fcccc.dll
06.11.2005 10:39 28.173 C:\WINDOWS\system32\khhgg.dll
05.11.2005 21:19 28.173 C:\WINDOWS\system32\hgdda.dll
05.11.2005 15:11 28.173 C:\WINDOWS\system32\cbaxv.dll
05.11.2005 13:34 28.173 C:\WINDOWS\system32\tusts.dll
05.11.2005 12:56 28.173 C:\WINDOWS\system32\rqrrp.dll
05.11.2005 12:19 28.173 C:\WINDOWS\system32\wvwvs.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\atrc8parb.ini
C:\WINDOWS\system32\TFTP6096
C:\WINDOWS\system32\ZXCRT.exe
C:\WINDOWS\system32\goot.exe
C:\WINDOWS\system32\TFTP2432
C:\WINDOWS\system32\TFTP2580
C:\WINDOWS\system32\TFTP2472
C:\WINDOWS\system32\TFTP4048
C:\WINDOWS\system32\TFTP3932

C:\WINDOWS\timessquare1.dat
c:\windows\timessquare.exe
C:\WINDOWS\teller2.chk
C:\WINDOWS\adtech2005.exe
C:\WINDOWS\drsmartload.dat
C:\WINDOWS\WSST_Screen_Saver.ini
C:\WINDOWS\unstall.exe
C:\WINDOWS\tempf.txt
C:\ecsiin.stub.exe
C:\mte3ndi6odoxng.exe
C:\stub_113_4_0_4_0.exe
C:\installer.exe

C:\det.exe
C:\fsdgh.exe
C:\ct45.exe
C:\socks.exe
C:\msprss32.exe
C:\mswcom.exe
C:\op.exe
c:\ecsiin.stub.exe

PC neustarten

Killbox:
DelTree (include SubDirectories)
Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories).
Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht.

C:\Programme\WinAntiVirus 2005
C:\WINDOWS\System32\vidmon
------------------------------------------------------------------------------------

oben im Browser: Datei -- Seite speichern unter.. -- wähle "Desktop" -- speichern --> dann erscheint eine vundo.reg auf dem Desktop

http://virus-protect.org/reg/vundo.reg

Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "vundo.reg" auf dem Desktop doppelklicken und bestaetigen, dass sie der Registry beigefuegt wird

-----------------------------------------------------------------------------------------

arbeite ab: Option 1, dann Option2 --> neustarten--> Option4
http://virus-protect.org/l2mfix.html

scanne und poste die scanreport
http://virus-protect.org/multiavtool.html
__________
MfG Sabina

rund um die PC-Sicherheit

#6 L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\lv6609jse.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fcccc]
"Asynchronous"=dword:00000001
"DllName"="fcccc.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoppq]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\qoppq.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{0E1BCBED-6AAB-9B2A-4DF7-6C5C0D791D3F}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f�r Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop-Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}"="Mobile"
"{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}"="Mobile ContextMenuHandler"
"{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}"="Mobile PropertySheetHandler"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{4B4604E0-8961-11D4-A0EC-009099164712}"="Mein MultiPASS"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{1FA6F4CC-B909-479F-B624-97CB683958AE}"=""
"{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn�pfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{923733A7-37F1-4C39-9384-B2F582F2F570}"=""
"{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}"=""
"{781E71DD-1D5A-4305-857D-8152CF9ACEB6}"=""
"{264A39A1-5ED6-47CD-B6DE-8BB534293915}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\InprocServer32]
@="C:\\WINDOWS\\system32\\vhr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\InprocServer32]
@="C:\\WINDOWS\\system32\\pvustab.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\InprocServer32]
@="C:\\WINDOWS\\system32\\MlRpSys.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
wctdecod.dll Sun 20 Nov 2005 11:32:08 ..S.R 237.243 231,68 K
lvro09~1.dll Sun 20 Nov 2005 18:29:10 ..S.R 237.243 231,68 K
sirenacm.dll Thu 13 Oct 2005 8:11:06 A.... 118.784 116,00 K
wvwvs.dll Sat 5 Nov 2005 12:19:04 ..SH. 28.173 27,51 K
rqrrp.dll Sat 5 Nov 2005 12:56:10 ..SH. 28.173 27,51 K
tusts.dll Sat 5 Nov 2005 13:34:52 ..SH. 28.173 27,51 K
cbaxv.dll Sat 5 Nov 2005 15:11:30 ..SH. 28.173 27,51 K
hgdda.dll Sat 5 Nov 2005 21:19:54 ..SH. 28.173 27,51 K
lv6609~1.dll Sun 20 Nov 2005 11:32:08 ..S.R 233.582 228,11 K
khhgg.dll Sun 6 Nov 2005 10:39:44 ..SH. 28.173 27,51 K
qoppq.dll Sun 6 Nov 2005 10:40:22 ..SH. 544.788 532,02 K
fcccc.dll Sun 6 Nov 2005 11:11:06 ..... 28.173 27,51 K
xxwwv.dll Sun 6 Nov 2005 17:44:20 ..SH. 28.173 27,51 K
xxwut.dll Sun 6 Nov 2005 13:51:52 ..SH. 28.173 27,51 K
vtusp.dll Sun 6 Nov 2005 14:51:24 ..SH. 28.173 27,51 K
yabaa.dll Mon 7 Nov 2005 13:30:44 ..SH. 28.173 27,51 K
mljjh.dll Thu 17 Nov 2005 16:20:22 ..SH. 28.173 27,51 K
qopml.dll Mon 7 Nov 2005 19:19:02 ..SH. 28.173 27,51 K
rqrqq.dll Sun 6 Nov 2005 21:05:06 ..SH. 28.173 27,51 K
yayax.dll Sun 6 Nov 2005 21:58:46 ..SH. 28.173 27,51 K
iifdb.dll Mon 7 Nov 2005 13:14:50 ..SH. 28.173 27,51 K
pmkli.dll Mon 7 Nov 2005 18:50:40 ..SH. 28.173 27,51 K
vturr.dll Mon 7 Nov 2005 15:49:28 ..SH. 28.173 27,51 K
sstqr.dll Mon 7 Nov 2005 20:10:24 ..SH. 28.173 27,51 K
xxwur.dll Mon 7 Nov 2005 19:36:04 ..SH. 28.173 27,51 K
tuvsr.dll Mon 7 Nov 2005 19:37:02 ..SH. 28.173 27,51 K
fccyx.dll Wed 9 Nov 2005 16:34:34 ..SH. 28.173 27,51 K
hgdbx.dll Wed 9 Nov 2005 16:59:26 ..SH. 28.173 27,51 K
cbxvt.dll Tue 8 Nov 2005 14:32:54 ..SH. 28.173 27,51 K
ddcaw.dll Tue 8 Nov 2005 15:17:38 ..SH. 28.173 27,51 K
ddcyx.dll Wed 9 Nov 2005 18:15:38 ..SH. 28.173 27,51 K
iifeb.dll Wed 9 Nov 2005 19:13:00 ..SH. 28.173 27,51 K
iiijj.dll Tue 8 Nov 2005 16:22:36 ..SH. 28.173 27,51 K
qomjk.dll Tue 8 Nov 2005 17:22:56 ..SH. 28.173 27,51 K
xxyab.dll Tue 8 Nov 2005 18:57:04 ..SH. 28.173 27,51 K
jkhfd.dll Thu 10 Nov 2005 12:33:02 ..SH. 28.173 27,51 K
fcywu.dll Thu 10 Nov 2005 14:42:40 ..SH. 28.173 27,51 K
xxwtr.dll Wed 9 Nov 2005 19:40:58 ..SH. 28.173 27,51 K
urspn.dll Wed 9 Nov 2005 17:11:08 ..SH. 28.173 27,51 K
nnnmk.dll Thu 10 Nov 2005 12:15:14 ..SH. 28.173 27,51 K
qomki.dll Tue 15 Nov 2005 16:57:06 ..SH. 28.173 27,51 K
awtqr.dll Wed 9 Nov 2005 20:45:02 ..SH. 28.173 27,51 K
mllih.dll Thu 10 Nov 2005 15:10:52 ..SH. 28.173 27,51 K
vtuuv.dll Thu 10 Nov 2005 15:13:24 ..SH. 28.173 27,51 K
cbaxw.dll Thu 10 Nov 2005 17:32:26 ..SH. 28.173 27,51 K
cbxvu.dll Thu 10 Nov 2005 21:48:44 ..SH. 28.173 27,51 K
iiffc.dll Thu 10 Nov 2005 15:14:34 ..SH. 28.173 27,51 K
ljhhg.dll Thu 10 Nov 2005 15:16:08 ..SH. 28.173 27,51 K
cbabc.dll Thu 10 Nov 2005 15:17:14 ..SH. 28.173 27,51 K
iiihi.dll Thu 10 Nov 2005 15:43:10 ..SH. 28.173 27,51 K
pmkhh.dll Thu 10 Nov 2005 17:13:08 ..SH. 28.173 27,51 K
awvss.dll Thu 10 Nov 2005 17:16:42 ..SH. 28.173 27,51 K
ljjhh.dll Thu 10 Nov 2005 16:22:42 ..SH. 28.173 27,51 K
urspm.dll Fri 11 Nov 2005 18:07:10 ..SH. 28.173 27,51 K
byxus.dll Fri 11 Nov 2005 18:43:42 ..SH. 28.173 27,51 K
qopnm.dll Sat 12 Nov 2005 20:29:04 ..SH. 28.173 27,51 K
urqqo.dll Sun 13 Nov 2005 10:35:36 ..SH. 28.173 27,51 K
ljhfg.dll Fri 11 Nov 2005 19:29:26 ..SH. 28.173 27,51 K
geebx.dll Sat 12 Nov 2005 11:23:36 ..SH. 28.173 27,51 K
fcyvv.dll Sat 12 Nov 2005 15:49:38 ..SH. 28.173 27,51 K
vtusq.dll Sat 12 Nov 2005 15:50:42 ..SH. 28.173 27,51 K
byxvw.dll Sat 12 Nov 2005 15:48:30 ..SH. 28.173 27,51 K
ursss.dll Sat 19 Nov 2005 17:24:40 ..SH. 27.661 27,01 K
iifed.dll Sun 13 Nov 2005 12:05:52 ..SH. 28.173 27,51 K
nnnli.dll Sun 13 Nov 2005 13:24:56 ..SH. 28.173 27,51 K
ljjgd.dll Sun 13 Nov 2005 16:23:56 ..SH. 28.173 27,51 K
tuvvv.dll Mon 14 Nov 2005 9:46:22 ..SH. 28.173 27,51 K
efeff.dll Sun 13 Nov 2005 16:07:08 ..SH. 28.173 27,51 K
wvwxu.dll Mon 14 Nov 2005 15:39:12 ..SH. 28.173 27,51 K
geeda.dll Mon 14 Nov 2005 15:58:02 ..SH. 28.173 27,51 K
yaywt.dll Wed 16 Nov 2005 21:21:34 ..SH. 28.173 27,51 K
geefc.dll Fri 18 Nov 2005 18:14:42 ..SH. 27.661 27,01 K
qopoo.dll Mon 14 Nov 2005 19:11:54 ..SH. 28.173 27,51 K
tussp.dll Tue 15 Nov 2005 14:57:32 ..SH. 28.173 27,51 K
mljgg.dll Mon 14 Nov 2005 16:45:20 ..SH. 28.173 27,51 K
urssp.dll Mon 14 Nov 2005 17:25:42 ..SH. 28.173 27,51 K
yabxy.dll Mon 14 Nov 2005 18:14:40 ..SH. 28.173 27,51 K
wvutq.dll Tue 15 Nov 2005 15:34:12 ..SH. 28.173 27,51 K
mlrpsys.dll Sun 20 Nov 2005 18:55:18 ..S.R 233.582 228,11 K
fcyyy.dll Tue 15 Nov 2005 18:46:34 ..SH. 28.173 27,51 K
fcyxx.dll Tue 15 Nov 2005 21:49:54 ..SH. 28.173 27,51 K
ddcyv.dll Tue 15 Nov 2005 17:47:06 ..SH. 28.173 27,51 K
mljhf.dll Tue 15 Nov 2005 17:49:28 ..SH. 28.173 27,51 K
qomlm.dll Tue 15 Nov 2005 17:55:08 ..SH. 28.173 27,51 K
oppml.dll Sat 19 Nov 2005 8:36:22 ..SH. 27.661 27,01 K
jkklj.dll Thu 17 Nov 2005 16:41:00 ..SH. 28.173 27,51 K
jkhhe.dll Thu 17 Nov 2005 16:43:10 ..SH. 27.661 27,01 K
sllwid.dll Sat 19 Nov 2005 20:41:56 ..S.R 233.660 228,18 K
fpj603~1.dll Sat 19 Nov 2005 13:07:42 ..S.R 235.933 230,40 K
ljjhe.dll Sat 19 Nov 2005 15:42:42 ..SH. 27.661 27,01 K
awttr.dll Fri 18 Nov 2005 19:38:22 ..SH. 27.661 27,01 K
xxwtt.dll Thu 17 Nov 2005 17:12:30 ..SH. 27.661 27,01 K
nnnkk.dll Sat 19 Nov 2005 16:32:40 ..SH. 27.661 27,01 K
ljjkk.dll Sat 19 Nov 2005 18:26:54 ..SH. 27.661 27,01 K
ugrar.dll Sat 19 Nov 2005 15:47:04 ..S.R 237.243 231,68 K

95 items found: 95 files (93 H/S), 0 directories.
Total of file sizes: 4.730.328 bytes 4,51 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Sun 20 Nov 2005 19:32:02 ..S.R 233.582 228,11 K
qppoq.tmp Tue 8 Nov 2005 14:56:18 ..SH. 202.297 197,55 K

2 items found: 2 files (2 H/S), 0 directories.
Total of file sizes: 435.879 bytes 425,66 K
**********************************************************************************
Directory Listing of system files:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 013A-19F9

Verzeichnis von C:\WINDOWS\System32

20.11.2005 19:35 418.182 qppoq.ini2
20.11.2005 19:34 418.649 qppoq.bak2
20.11.2005 19:32 233.582 guard.tmp
20.11.2005 18:55 233.582 MlRpSys.dll
20.11.2005 18:29 237.243 lvro0993e.dll
20.11.2005 11:32 237.243 wctdecod.dll
20.11.2005 11:32 233.582 lv6609jse.dll
19.11.2005 20:41 233.660 sllwid.dll
19.11.2005 18:26 27.661 ljjkk.dll
19.11.2005 17:24 27.661 ursss.dll
19.11.2005 16:32 27.661 nnnkk.dll
19.11.2005 15:47 237.243 ugrar.dll
19.11.2005 15:42 27.661 ljjhe.dll
19.11.2005 13:07 235.933 fpj6031se.dll
19.11.2005 08:36 27.661 oppml.dll
18.11.2005 19:38 27.661 awttr.dll
18.11.2005 18:14 27.661 geefc.dll
17.11.2005 17:12 27.661 xxwtt.dll
17.11.2005 16:43 27.661 jkhhe.dll
17.11.2005 16:41 28.173 jkklj.dll
17.11.2005 16:20 28.173 mljjh.dll
16.11.2005 21:21 28.173 yaywt.dll
15.11.2005 21:49 28.173 fcyxx.dll
15.11.2005 18:46 28.173 fcyyy.dll
15.11.2005 17:55 28.173 qomlm.dll
15.11.2005 17:49 28.173 mljhf.dll
15.11.2005 17:47 28.173 ddcyv.dll
15.11.2005 16:57 28.173 qomki.dll
15.11.2005 15:34 28.173 wvutq.dll
15.11.2005 14:57 28.173 tussp.dll
14.11.2005 19:11 28.173 qopoo.dll
14.11.2005 18:14 28.173 yabxy.dll
14.11.2005 17:25 28.173 urssp.dll
14.11.2005 16:45 28.173 mljgg.dll
14.11.2005 15:58 28.173 geeda.dll
14.11.2005 15:39 28.173 wvwxu.dll
14.11.2005 09:46 28.173 tuvvv.dll
13.11.2005 16:23 28.173 ljjgd.dll
13.11.2005 16:07 28.173 efeff.dll
13.11.2005 13:24 28.173 nnnli.dll
13.11.2005 12:05 28.173 iifed.dll
13.11.2005 10:35 28.173 urqqo.dll
12.11.2005 20:29 28.173 qopnm.dll
12.11.2005 15:50 28.173 vtusq.dll
12.11.2005 15:49 28.173 fcyvv.dll
12.11.2005 15:48 28.173 byxvw.dll
12.11.2005 11:23 28.173 geebx.dll
11.11.2005 19:29 28.173 ljhfg.dll
11.11.2005 18:43 28.173 byxus.dll
11.11.2005 18:07 28.173 urspm.dll
10.11.2005 21:48 28.173 cbxvu.dll
10.11.2005 17:32 28.173 cbaxw.dll
10.11.2005 17:16 28.173 awvss.dll
10.11.2005 17:13 28.173 pmkhh.dll
10.11.2005 16:22 28.173 ljjhh.dll
10.11.2005 15:43 28.173 iiihi.dll
10.11.2005 15:17 28.173 cbabc.dll
10.11.2005 15:16 28.173 ljhhg.dll
10.11.2005 15:14 28.173 iiffc.dll
10.11.2005 15:13 28.173 vtuuv.dll
10.11.2005 15:10 28.173 mllih.dll
10.11.2005 14:42 28.173 fcywu.dll
10.11.2005 12:33 28.173 jkhfd.dll
10.11.2005 12:15 28.173 nnnmk.dll
09.11.2005 20:45 28.173 awtqr.dll
09.11.2005 19:40 28.173 xxwtr.dll
09.11.2005 19:13 28.173 iifeb.dll
09.11.2005 18:15 28.173 ddcyx.dll
09.11.2005 17:11 28.173 urspn.dll
09.11.2005 16:59 28.173 hgdbx.dll
09.11.2005 16:34 28.173 fccyx.dll
08.11.2005 18:57 28.173 xxyab.dll
08.11.2005 17:22 28.173 qomjk.dll
08.11.2005 16:22 28.173 iiijj.dll
08.11.2005 15:17 28.173 ddcaw.dll
08.11.2005 15:07 202.297 qppoq.ini
08.11.2005 14:56 202.297 qppoq.tmp
08.11.2005 14:32 28.173 cbxvt.dll
07.11.2005 20:10 28.173 sstqr.dll
07.11.2005 19:37 28.173 tuvsr.dll
07.11.2005 19:36 28.173 xxwur.dll
07.11.2005 19:19 28.173 qopml.dll
07.11.2005 18:50 28.173 pmkli.dll
07.11.2005 15:49 28.173 vturr.dll
07.11.2005 13:30 28.173 yabaa.dll
07.11.2005 13:14 28.173 iifdb.dll
06.11.2005 21:58 28.173 yayax.dll
06.11.2005 21:05 28.173 rqrqq.dll
06.11.2005 17:44 28.173 xxwwv.dll
06.11.2005 14:51 28.173 vtusp.dll
06.11.2005 13:51 28.173 xxwut.dll
06.11.2005 10:40 193.944 qppoq.bak1
06.11.2005 10:40 544.788 qoppq.dll
06.11.2005 10:39 28.173 khhgg.dll
05.11.2005 21:19 28.173 hgdda.dll
05.11.2005 15:11 28.173 cbaxv.dll
05.11.2005 13:34 28.173 tusts.dll
05.11.2005 12:56 28.173 rqrrp.dll
05.11.2005 12:19 28.173 wvwvs.dll
13.03.2003 16:20 <DIR> Microsoft
02.08.2002 18:24 <DIR> dllcache
23.08.2001 12:00 230.912 nortonav.exe
100 Datei(en) 6.483.234 Bytes
2 Verzeichnis(se), 2.139.971.584 Bytes frei

#7 das Log hab ich schon nicht mehr gebraucht
Arbeite alles weitere ab
+
alles mit der Killbox loeschen, wie oben angegeben

VX2Finder XP/2000
http://www.downloads.subratam.org/VX2Finder.exe

Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

spysweeper trial
http://virus-protect.org/spysweeper.html

arbeite ab: Option 1, dann Option2 --> neustarten--> Option4
http://virus-protect.org/l2mfix.html

scanne und poste die scanreport
http://virus-protect.org/multiavtool.html
__________
MfG Sabina

rund um die PC-Sicherheit

#8 L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\lvro0993e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fcccc]
"Asynchronous"=dword:00000001
"DllName"="fcccc.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoppq]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\qoppq.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{0E1BCBED-6AAB-9B2A-4DF7-6C5C0D791D3F}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f�r Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop-Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}"="Mobile"
"{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}"="Mobile ContextMenuHandler"
"{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}"="Mobile PropertySheetHandler"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{4B4604E0-8961-11D4-A0EC-009099164712}"="Mein MultiPASS"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{1FA6F4CC-B909-479F-B624-97CB683958AE}"=""
"{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn�pfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{923733A7-37F1-4C39-9384-B2F582F2F570}"=""
"{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}"=""
"{781E71DD-1D5A-4305-857D-8152CF9ACEB6}"=""
"{264A39A1-5ED6-47CD-B6DE-8BB534293915}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\InprocServer32]
@="C:\\WINDOWS\\system32\\vhr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\InprocServer32]
@="C:\\WINDOWS\\system32\\pvustab.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\InprocServer32]
@="C:\\WINDOWS\\system32\\Maassif.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\InprocServer32]
@="C:\\WINDOWS\\system32\\MlRpSys.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
wctdecod.dll Sun 20 Nov 2005 11:32:08 ..... 237.243 231,68 K
sirenacm.dll Thu 13 Oct 2005 8:11:06 A.... 118.784 116,00 K
qoppq.dll Sun 6 Nov 2005 10:40:22 ..... 544.788 532,02 K
mlrpsys.dll Sun 20 Nov 2005 18:55:18 ..S.R 233.582 228,11 K
j86m0i~1.dll Sun 20 Nov 2005 19:32:02 ..S.R 233.582 228,11 K
o0pqla~1.dll Mon 21 Nov 2005 12:41:58 ..S.R 237.243 231,68 K

6 items found: 6 files (3 H/S), 0 directories.
Total of file sizes: 1.605.222 bytes 1,53 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 013A-19F9

Verzeichnis von C:\WINDOWS\System32

21.11.2005 13:45 1.135 qppoq.ini
21.11.2005 12:41 237.243 o0pqla751d.dll
20.11.2005 19:32 233.582 j86m0ij1e8o.dll
20.11.2005 18:55 233.582 MlRpSys.dll
13.03.2003 16:20 <DIR> Microsoft
02.08.2002 18:24 <DIR> dllcache
4 Datei(en) 705.542 Bytes
2 Verzeichnis(se), 2.121.670.656 Bytes frei

#9 VundoFix.exe
http://www.atribune.org/downloads/VundoFix.exe
http://virus-protect.org/artikel/tools/vundofix.html

reinkopieren:

C:\WINDOWS\system32\qoppq.dll

# Enter -> F6 --> Enter

# dann wird erscheinen:
Please type in the second filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix.

# Enter --> dann die F6 Taste --> Enter
reinkopieren:

C:\WINDOWS\system32\qppoq.*

# Enter --> F6 --> Enter
# HijackThis wird sich oeffnen
# In HijackThis --> Haekchen setzen vor diese Eintraege --> FIX CHECKED:
??????????????????
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\fcccc.dll
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\qoppq.dll
O20 - Winlogon Notify: fcccc - C:\WINDOWS\SYSTEM32\fcccc.dll
O20 - Winlogon Notify: qoppq - C:\WINDOWS\System32\qoppq.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\jtr4079qe.dll

# schliesse Hijackthis, druecke irgendeine Taste und der PC wird neustarten
# es wird einen"Blue Screen of Death" geben, das ist normal

KILLBOX
Delete File on Reboot -- anhaken
reinkopieren:

C:\WINDOWS\system32\o0pqla751d.dll
C:\WINDOWS\system32\pvustab.dll
C:\WINDOWS\system32\wctdecod.dll
C:\WINDOWS\system32\vhr.dll
C:\WINDOWS\system32\mlrpsys.dll
C:\WINDOWS\system32\j86m0ij1e8o.dll
C:\WINDOWS\system32\MlRpSys.dll
C:\WINDOWS\system32\Maassif.dll
C:\WINDOWS\system32\guard.tmp

und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
(oder du startest neu, wenn es nicht anders geht)

VX2Finder XP/2000--> poste das Log
http://www.downloads.subratam.org/VX2Finder.exe


arbeite ab: Option2 --> neustarten--> Option4--> poste das Log
http://virus-protect.org/l2mfix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#10 Log for VX2.BetterInternet File Finder (ALL)

Files Found---

Additional Files---

Keys Under Notify---
crypt32chain
cryptnet
cscdll
qoppq
ScCertProp
Schedule
sclgntfy
SensLogn
termsrv
Unimodem
wlballoon


Guardian Key--- is called:

Guardian Key--- :

User Agent String---
{0E1BCBED-6AAB-9B2A-4DF7-6C5C0D791D3F}




L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoppq]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\qoppq.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Unimodem]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\t88ulil918q.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{0E1BCBED-6AAB-9B2A-4DF7-6C5C0D791D3F}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f�r Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop-Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}"="Mobile"
"{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}"="Mobile ContextMenuHandler"
"{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}"="Mobile PropertySheetHandler"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{4B4604E0-8961-11D4-A0EC-009099164712}"="Mein MultiPASS"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{1FA6F4CC-B909-479F-B624-97CB683958AE}"=""
"{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn�pfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{923733A7-37F1-4C39-9384-B2F582F2F570}"=""
"{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}"=""
"{781E71DD-1D5A-4305-857D-8152CF9ACEB6}"=""
"{264A39A1-5ED6-47CD-B6DE-8BB534293915}"=""
"{A94B01FB-DA33-422B-9AA3-F67AFBA510AC}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{923733A7-37F1-4C39-9384-B2F582F2F570}\InprocServer32]
@="C:\\WINDOWS\\system32\\vhr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D59ADD10-14E5-4D7F-B134-B4D9373D30A5}\InprocServer32]
@="C:\\WINDOWS\\system32\\pvustab.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{781E71DD-1D5A-4305-857D-8152CF9ACEB6}\InprocServer32]
@="C:\\WINDOWS\\system32\\Maassif.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{264A39A1-5ED6-47CD-B6DE-8BB534293915}\InprocServer32]
@="C:\\WINDOWS\\system32\\wliprop.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A94B01FB-DA33-422B-9AA3-F67AFBA510AC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A94B01FB-DA33-422B-9AA3-F67AFBA510AC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A94B01FB-DA33-422B-9AA3-F67AFBA510AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A94B01FB-DA33-422B-9AA3-F67AFBA510AC}\InprocServer32]
@="C:\\WINDOWS\\system32\\onffilt.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
wliprop.dll Mon 21 Nov 2005 15:59:50 ..S.R 233.582 228,11 K
wctdecod.dll Sun 20 Nov 2005 11:32:08 ..... 237.243 231,68 K
sirenacm.dll Thu 13 Oct 2005 8:11:06 A.... 118.784 116,00 K
onffilt.dll Mon 21 Nov 2005 17:09:20 ..S.R 235.570 230,05 K
fp0803~1.dll Mon 21 Nov 2005 15:59:50 ..S.R 234.385 228,89 K
qoppq.dll Sun 6 Nov 2005 10:40:22 ..... 544.788 532,02 K
mvjol9~1.dll Mon 21 Nov 2005 16:31:12 ..S.R 234.901 229,39 K
m8nq0i~1.dll Mon 21 Nov 2005 17:09:18 ..S.R 236.128 230,59 K
t88uli~1.dll Mon 21 Nov 2005 17:03:48 ..S.R 235.570 230,05 K
j86m0i~1.dll Sun 20 Nov 2005 19:32:02 ..... 233.582 228,11 K

10 items found: 10 files (6 H/S), 0 directories.
Total of file sizes: 2.544.533 bytes 2,43 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 013A-19F9

Verzeichnis von C:\WINDOWS\System32

21.11.2005 17:11 811 qppoq.ini
21.11.2005 17:09 235.570 onffilt.dll
21.11.2005 17:09 236.128 m8nq0i55e8.dll
21.11.2005 17:03 235.570 t88ulil918q.dll
21.11.2005 16:31 234.901 mvjol9131.dll
21.11.2005 15:59 234.385 fp0803due.dll
21.11.2005 15:59 233.582 wliprop.dll
13.03.2003 16:20 <DIR> Microsoft
02.08.2002 18:24 <DIR> dllcache
7 Datei(en) 1.410.947 Bytes
2 Verzeichnis(se), 2.040.913.920 Bytes frei

SO ,jetzt setz ich nochmal mein HIJack Log File rein,da bei mir sich immer noch ständig Werbe Seiten öffnen und ich hier wirklich bald verrückt werd.
hoffentlich haben wir die Sache bald im Griff...

Logfile of HijackThis v1.99.1
Scan saved at 17:29:22, on 21.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programme\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WinAntiVirus 2005\AVSvc.exe
C:\Programme\WinAntiVirus 2005\AVSchSvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Telekom\Eumex 404PC\Capictrl.exe
C:\Programme\FinePixViewer\QuickDCF.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinAntiVirus 2005\WinAV.exe
C:\Dokumente und Einstellungen\Moritz Hartmann\Desktop\Virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.t-online.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\qoppq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [monitr32] C:\Programme\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBOX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Erinnerungen für Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Canon MultiPASS-Statusüberwachung.lnk = C:\Programme\Canon\MultiPASS4\monitr32.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_05\bin\npjpi141_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_05\bin\npjpi141_05.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\programme\winantivirus 2005\mailscan.dll
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .vem: C:\Programme\Internet Explorer_NT\Plugins\npkit32.dll
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq.com/odyssey_web8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA04EB38-04A9-4A8F-9241-642794D7C1B7}: NameServer = 217.237.150.33 217.237.151.161
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: qoppq - C:\WINDOWS\System32\qoppq.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\t88ulil918q.dll
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: AVScheduler - Unknown owner - C:\Programme\WinAntiVirus 2005\AVSchSvc.exe
O23 - Service: BusinessC (BusinessContinuity) - Unknown owner - C:\WINDOWS\msstl.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc - C:\Programme\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: WinAntivirus - Unknown owner - C:\Programme\WinAntiVirus 2005\AVSvc.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing)

#11 was du mir hier immer so fleissig postest, ist nicht das Log von Option 2 und 4

Zitat

tippen Sie 2 ein --- [Enter].
# Drücken Sie eine beliebige Taste, um einen Systemneustart einzuleiten.
# Nach dem Neustart, werden Ihre Icons auf dem Desktop kurz erscheinen und kurz verschwinden - dies ist NORMAL.
# L2mfix wird den Systemscan fortsetzen und wenn es fertig ist, wird sich Notepad öffnen und einen Log anzeigen.

wenn kein Log erscheinen sollte: doppelclick -> second.bat Kopieren Sie auch diesen hier in den Thread/ins Forum (Strg+C & Strg+V)

...das sieht anders aus...und den Vundo hast du auch nicht geloescht bekommen ....
nun weiss ich auch nicht was tun......

o.k.

scanne mit spysweeper /trial) und poste den scanreport
http://virus-protect.org/spysweeper.html

-------------
das ist der Dienst von einem Virus erstellt...also du siehst, das System ist extrem verseucht......................
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing)

die reinigung wird sich noch laaaange hinziehen...aber wenn du schon den Look2 me und Vundo nicht geloescht bekommst....rate ich doch zum Formatieren.....
__________
MfG Sabina

rund um die PC-Sicherheit