Home » Spyware & Browser Hijacker Support Forum » Popups mit irgenwelcher werbung » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

Popups mit irgenwelcher werbung

11.01.2006, 20:22

markussa

Member

Beiträge: 276

#1 Hallo bekomme seit nachmittag ständig irgenwelche popups von grußkarten oder viagrapillen...
bin schon verzwiefielt habe alles ausprobiert

Logfile of HijackThis v1.99.1
Scan saved at 20:19:15, on 11.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\Winamp\Winamp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Markus\Eigene Dateien\PRIVAT\Software\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [NBJ] "C:\Programme\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

13.01.2006, 13:48

Sabina

Ehrenmitglied

Beiträge: 29434

#2 markussa

stelle den Cleaner genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

kopiere hier die 4 Textdateien (2 Monate vom Datum her genuegen)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

15.01.2006, 14:44

markussa

Member

Themenstarter

Beiträge: 276

#3 Hat nichts geholfen
angeblich ist es das programm look 2 me
wie wird man das los?
habe echt schon alles versucht was ich habe
10.00 sachen deaktiveirt und deinstalliert ad aware lmspfix microsoft anti spyware ... und alle anderen ähnlichen programme die ich irgendwo gefunden habe
+ firefox deinstalliert alle datein gelöscht und eine andere version installiert ( seit dem kommen zumindest die fenster zu anderen zeitpunkten)

ein aktueller hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 20:08:28, on 15.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\Outlook Express\msimn.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\PROGRA~1\ICQ\ICQ.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Winamp\Winamp.exe
C:\Dokumente und Einstellungen\Markus\Eigene Dateien\PRIVAT\Software\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Dieser Beitrag wurde am 15.01.2006 um 20:11 Uhr von markussa editiert.

16.01.2006, 13:44

Sabina

Ehrenmitglied

Beiträge: 29434

#4 markussa

nun ja, ich haette gern die dateien gesehen, die sich auf dem Rechner befinden, desahlb die datfindab. ohne die, kann ich dir nicht helfen
(es scheint kein Look2 me zu sein)
__________
MfG Sabina

rund um die PC-Sicherheit

16.01.2006, 16:08

markussa

Member

Themenstarter

Beiträge: 276

#5 wo finde ich die datfindab?

16.01.2006, 23:27

Sabina

Ehrenmitglied

Beiträge: 29434

Zitat

stelle den Cleaner genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

kopiere hier die 4 Textdateien (2 Monate vom Datum her genuegen)
http://virus-protect.org/datfindbat.html

__________
MfG Sabina

rund um die PC-Sicherheit

17.01.2006, 16:07

markussa

Member

Themenstarter

Beiträge: 276

#7 Sorry

Datentr„ger in Laufwerk C: ist FESTPLATTE
Volumeseriennummer: 1335-10E0

Verzeichnis von C:\WINDOWS\SYSTEM32

17.01.2006 15:57 41.237 nvapps.xml
17.01.2006 15:57 234.272 akdiosrv.dll
15.01.2006 14:50 64.796 perfc007.dat
15.01.2006 14:50 394.830 perfh007.dat
15.01.2006 14:50 383.390 perfh009.dat
15.01.2006 14:50 53.744 perfc009.dat
15.01.2006 14:50 906.552 PerfStringBackup.INI
15.01.2006 14:48 252.680 FNTCACHE.DAT
15.01.2006 10:55 219.648 uxtheme.dll
11.01.2006 16:34 234.272 pfrfdisk.dll
11.01.2006 13:53 2.278 wpa.dbl
05.01.2006 17:20 7.006 jupdate-1.5.0_06-b05.log
04.01.2006 19:46 2.836.320 MRT.exe
29.12.2005 03:54 280.064 gdi32.dll
01.12.2005 04:31 1.492.480 shdocvw.dll
29.11.2005 18:52 2.323.072 TUKernel.exe
24.11.2005 00:58 1.022.464 browseui.dll
24.11.2005 00:58 3.013.632 mshtml.dll
15.11.2005 12:12 117.976 hashlib.dll
15.11.2005 12:12 126.680 GCCollection.dll
15.11.2005 12:12 95.448 gcUnCompress.dll
10.11.2005 13:03 127.078 javaws.exe
10.11.2005 13:03 49.265 jpicpl32.cpl
10.11.2005 11:27 49.250 javaw.exe
10.11.2005 11:27 49.248 java.exe
05.11.2005 04:16 606.208 urlmon.dll
05.11.2005 04:16 1.056.256 danim.dll
04.11.2005 19:03 180.224 NVUNINST.EXE
04.11.2005 18:03 286.720 nvnt4cpl.dll
04.11.2005 18:03 7.307.264 nvcpl.dll
04.11.2005 18:03 5.394.432 nvoglnt.dll
04.11.2005 18:03 35.328 nvcod.dll
04.11.2005 18:03 35.328 nvcodins.dll
04.11.2005 18:03 425.984 keystone.exe
04.11.2005 18:03 180.224 nvudisp.exe
04.11.2005 18:03 16.356 nvdisp.nvu
04.11.2005 18:03 86.016 nvapi.dll
04.11.2005 18:03 81.920 nvwddi.dll
04.11.2005 18:03 147.456 nvcolor.exe
04.11.2005 18:03 1.339.392 nvdspsch.exe
04.11.2005 18:03 1.466.368 nview.dll
04.11.2005 18:03 466.944 nvshell.dll
04.11.2005 18:03 73.728 nvtuicpl.cpl
04.11.2005 18:03 1.662.976 nvwdmcpl.dll
04.11.2005 18:03 1.019.904 nvwimg.dll
04.11.2005 18:03 1.519.616 nwiz.exe
04.11.2005 18:03 45.056 nvmccsrs.dll
04.11.2005 18:03 573.440 nvhwvid.dll
04.11.2005 18:03 442.368 nvappbar.exe
04.11.2005 18:03 86.016 nvmctray.dll
04.11.2005 18:03 131.139 nvsvc32.exe
04.11.2005 18:03 3.924.096 nv4_disp.dll
04.11.2005 18:03 229.376 nvmccs.dll
03.11.2005 19:38 5.618 jupdate-1.5.0_05-b05.log
27.10.2005 20:37 53.248 dpuGUI10.dll
27.10.2005 20:37 86.016 dpl100.dll
27.10.2005 20:37 593.920 dpuGUI11.dll
27.10.2005 20:37 200.704 dtu100.dll
27.10.2005 20:37 294.912 dpu11.dll
27.10.2005 20:37 57.344 dpv11.dll
27.10.2005 20:37 294.912 dpu10.dll
27.10.2005 20:37 339.968 dpus11.dll
21.10.2005 15:40 176.167 rmoc3260.dll
21.10.2005 15:40 6.656 pndx5016.dll
21.10.2005 15:40 5.632 pndx5032.dll
21.10.2005 15:40 278.528 pncrt.dll
21.10.2005 04:40 664.064 wininet.dll
21.10.2005 04:40 474.112 shlwapi.dll
21.10.2005 04:40 448.512 mshtmled.dll
21.10.2005 04:40 530.944 mstime.dll
21.10.2005 04:40 146.432 msrating.dll
21.10.2005 04:40 39.424 pngfilt.dll
21.10.2005 04:40 152.064 cdfview.dll
21.10.2005 04:40 96.768 inseng.dll
21.10.2005 04:40 251.392 iepeers.dll
21.10.2005 04:40 55.808 extmgr.dll
21.10.2005 04:40 205.312 dxtrans.dll
20.10.2005 23:25 1.094.144 esent.dll
19.10.2005 20:28 235.184 guard.tmp
19.10.2005 20:10 507.392 winlogon.exe
19.10.2005 17:13 237.011 h4j40e1qeh.dll
17.10.2005 22:20 80.896 fontsub.dll
17.10.2005 22:20 118.272 t2embed.dll
17.10.2005 20:58 65.536 QuickTimeVR.qtx
17.10.2005 20:57 49.152 QuickTime.qts
17.10.2005 16:35 261 $winnt$.inf
17.10.2005 16:25 2.951 CONFIG.NT
17.10.2005 16:25 23.392 nscompat.tlb
17.10.2005 16:25 16.832 amcompat.tlb
17.10.2005 16:22 488 logonui.exe.manifest
17.10.2005 16:22 488 WindowsLogon.manifest
17.10.2005 16:22 749 nwc.cpl.manifest
17.10.2005 16:22 749 wuaucpl.cpl.manifest
17.10.2005 16:22 749 cdplayer.exe.manifest
17.10.2005 16:22 749 sapi.cpl.manifest
17.10.2005 16:22 749 ncpa.cpl.manifest
17.10.2005 16:19 21.740 emptyregdb.dat
17.10.2005 16:12 0 h323log.txt

Datentr„ger in Laufwerk C: ist FESTPLATTE
Volumeseriennummer: 1335-10E0

Verzeichnis von C:\DOKUME~1\MARKUS~2.MAR\LOKALE~1\Temp

17.01.2006 16:03 512 ~DF4819.tmp
17.01.2006 15:59 0 icqA.tmp
17.01.2006 15:59 0 icqB.tmp
17.01.2006 15:59 0 icqC.tmp
17.01.2006 15:59 970 TempICQCLImage9319361927998.html
17.01.2006 15:59 0 icq9.tmp
17.01.2006 15:59 512 ~DF359A.tmp
17.01.2006 15:59 16.384 ~DF358D.tmp
17.01.2006 15:58 16.384 Perflib_Perfdata_154.dat
17.01.2006 15:57 32.768 ~DF3D72.tmp
17.01.2006 15:57 32.768 ~DF1BC7.tmp
16.01.2006 21:26 229.376 ~DF880E.tmp
16.01.2006 21:26 32.768 ~DF3997.tmp
16.01.2006 21:26 32.768 ~DF6B70.tmp
16.01.2006 20:29 16.384 ~DF6DA2.tmp
16.01.2006 20:29 16.384 ~DFD115.tmp
16.01.2006 20:29 16.384 ~DF6BFA.tmp
16.01.2006 20:29 16.384 ~DF6DD0.tmp
16.01.2006 20:29 16.384 ~DF6A3F.tmp
16.01.2006 20:29 16.384 ~DF6E4C.tmp
16.01.2006 17:24 0 Stp29.tmp
16.01.2006 16:07 2.266 jusched.log
15.01.2006 22:16 229.376 ~DF56EB.tmp
15.01.2006 22:16 32.768 ~DF36E2.tmp
15.01.2006 22:16 32.768 ~DF5501.tmp
15.01.2006 22:10 2.928 mower.rgn
15.01.2006 22:00 7.008 medicine01.rgn
15.01.2006 21:50 2.016 internet03.rgn
15.01.2006 21:03 1.072 auto02.rgn
15.01.2006 20:53 6.816 shopping01.rgn
15.01.2006 20:43 4.848 porkys.rgn
15.01.2006 19:50 768 online_learning.rgn
15.01.2006 17:47 229.376 ~DF7258.tmp
15.01.2006 17:47 16.384 ~DF259E.tmp
15.01.2006 17:47 32.768 ~DF5752.tmp
15.01.2006 17:47 32.768 ~DF4627.tmp
15.01.2006 16:35 2.512 software03.rgn
15.01.2006 14:46 32.768 ~DF8E62.tmp
15.01.2006 14:46 16.384 ~DF377C.tmp
15.01.2006 14:46 32.768 ~DF61C1.tmp
15.01.2006 13:28 1.456 jobs03.rgn
15.01.2006 12:56 16.384 ~DF5256.tmp
15.01.2006 12:56 32.768 ~DF9F04.tmp
15.01.2006 12:56 32.768 ~DF8F3C.tmp
15.01.2006 12:48 2.128 dating03.rgn
15.01.2006 12:36 32.768 ~DF9274.tmp
15.01.2006 12:36 229.376 ~DFA90F.tmp
15.01.2006 12:36 32.768 ~DFB58F.tmp
15.01.2006 11:39 512 ~DF9354.tmp
15.01.2006 11:39 512 ~DF7C04.tmp
15.01.2006 11:39 16.384 ~DF7BF7.tmp
15.01.2006 11:33 16.384 Perflib_Perfdata_e4.dat
15.01.2006 11:32 32.768 ~DF81A3.tmp
15.01.2006 11:32 32.768 ~DF5283.tmp
15.01.2006 11:30 1.096 2045250.cvr
15.01.2006 11:30 180.224 ~DFE599.tmp
15.01.2006 11:30 32.768 ~DF1D86.tmp
15.01.2006 11:30 32.768 ~DFD4CC.tmp
15.01.2006 11:30 16.384 ~DF6879.tmp
15.01.2006 10:55 16.384 ~DFCE72.tmp
15.01.2006 10:38 4.432 newhouseregion.rgn
14.01.2006 22:16 16.384 ~DF7D37.tmp
14.01.2006 22:16 16.384 ~DF8C6F.tmp
14.01.2006 17:19 919.931 tmp.xpi
14.01.2006 17:06 16.384 ~DF9342.tmp
14.01.2006 17:06 16.384 ~DFCD5B.tmp
14.01.2006 16:09 2.128 jobs01.rgn
14.01.2006 15:59 1.616 newspaper.rgn
14.01.2006 15:49 9.168 slots.rgn
14.01.2006 14:39 3.904 auto01.rgn
14.01.2006 14:24 416 java_install_reg.log
14.01.2006 13:32 4.944 jobs02.rgn
13.01.2006 21:26 16.384 ~DFC1D.tmp
13.01.2006 21:26 16.384 ~DFFA5.tmp
13.01.2006 16:02 3.264 travel06.rgn
13.01.2006 14:32 4.960 news01.rgn
11.01.2006 01:17 149 FEE5E75C.TMP
09.01.2006 23:37 142 DFC5A2B2.TMP
78 Datei(en) 3.024.602 Bytes
0 Verzeichnis(se), 6.566.903.808 Bytes frei

Datentr„ger in Laufwerk C: ist FESTPLATTE
Volumeseriennummer: 1335-10E0

Verzeichnis von C:\WINDOWS

17.01.2006 15:59 517.875 setupapi.log
17.01.2006 15:57 0 0.log
17.01.2006 15:57 2.048 bootstat.dat
16.01.2006 21:27 1.371.477 WindowsUpdate.log
16.01.2006 21:27 32.638 SchedLgU.Txt
16.01.2006 17:09 512 randseed.rnd
15.01.2006 19:48 116 NeroDigital.ini
15.01.2006 17:48 213 wiadebug.log
15.01.2006 17:48 50 wiaservc.log
15.01.2006 13:41 71.780 ntdtcsetup.log
15.01.2006 13:41 149.381 tsoc.log
15.01.2006 13:41 16.134 tabletoc.log
15.01.2006 13:41 17.420 ocmsn.log
15.01.2006 13:41 43.880 KB899587.log
15.01.2006 13:41 1.374 imsins.log
15.01.2006 13:41 391.703 iis6.log
15.01.2006 13:41 117.008 comsetup.log
15.01.2006 13:41 54.782 netfxocm.log
15.01.2006 13:41 22.262 MedCtrOC.log
15.01.2006 13:41 163.297 ocgen.log
15.01.2006 13:41 15.687 msgsocm.log
15.01.2006 13:41 306.054 FaxSetup.log
15.01.2006 13:41 108.072 msmqinst.log
15.01.2006 13:41 19.166 updspapi.log
15.01.2006 13:40 42.690 KB896422.log
15.01.2006 13:40 1.374 imsins.BAK
15.01.2006 13:38 43.032 KB885835.log
15.01.2006 13:38 41.472 KB885836.log
15.01.2006 13:37 42.756 KB885250.log
15.01.2006 13:37 42.827 KB901017.log
15.01.2006 13:36 42.993 KB899591.log
15.01.2006 13:36 33.376 KB896424.log
15.01.2006 13:35 43.200 KB893756.log
15.01.2006 13:35 43.003 KB896423.log
15.01.2006 13:34 40.822 KB873339.log
15.01.2006 13:34 41.099 KB888113.log
15.01.2006 13:34 41.401 KB887742.log
15.01.2006 13:33 42.191 KB896358.log
15.01.2006 13:33 24.634 KB910437.log
15.01.2006 13:32 34.789 KB905915.log
15.01.2006 13:31 36.361 KB891781.log
15.01.2006 13:30 42.593 KB902400.log
15.01.2006 13:28 33.227 KB890046.log
15.01.2006 13:27 32.037 KB893066.log
15.01.2006 13:27 31.979 KB899589.log
15.01.2006 13:26 32.306 KB905414.log
15.01.2006 13:26 31.297 KB901214.log
15.01.2006 13:25 30.559 KB888302.log
15.01.2006 13:25 34.594 KB900725.log
15.01.2006 13:24 20.829 KB912919.log
15.01.2006 13:24 12.830 KB886185.log
15.01.2006 13:24 31.795 KB904706.log
15.01.2006 13:23 31.418 KB905749.log
15.01.2006 13:23 30.207 KB896428.log
15.01.2006 13:22 38.852 KB894391.log
15.01.2006 13:22 18.410 KB908519.log
15.01.2006 13:21 39.320 KB890859.log
15.01.2006 12:46 14.601 KB893803v2.log
15.01.2006 12:45 17.950 KB898461.log
15.01.2006 12:36 96.890 ntbtlog.txt
14.01.2006 17:19 5.130 mozver.dat
14.01.2006 17:17 107.132 UninstallFirefox.exe
14.01.2006 13:54 54.156 QTFont.qfn
12.01.2006 16:23 227 system.tmp
12.01.2006 16:23 573 win.tmp
12.01.2006 16:23 573 win.ini
12.01.2006 16:23 227 system.ini
05.01.2006 19:46 6.837 wmsetup.log
08.12.2005 21:19 1.409 QTFont.for
08.12.2005 21:17 544 GEARInstall.log
19.11.2005 17:45 46 hmview.ini
17.11.2005 14:35 159 Directx.log
17.11.2005 14:35 770 Sof2.INI
16.11.2005 19:47 290.816 Setup1.exe
16.11.2005 19:46 74.752 ST6UNST.EXE
16.11.2005 19:18 1.785 ST6UNST.003
16.11.2005 19:00 716 ST6UNST.002
16.11.2005 18:54 716 ST6UNST.001
16.11.2005 18:51 1.661 ST6UNST.000
16.11.2005 18:48 540.747 setupact.log
06.11.2005 11:25 177 winamp.ini
24.10.2005 21:00 374 nsw.log
23.10.2005 15:03 9.027 KB893803v2Uninst.log
23.10.2005 15:03 6.762 KB898461Uninst.log
23.10.2005 15:02 6.605 KB890859Uninst.log
23.10.2005 15:02 3.157 KB894391Uninst.log
19.10.2005 20:11 837.868 setuplog.txt
17.10.2005 19:23 1.456 COM+.log
17.10.2005 17:52 0 nsreg.dat
17.10.2005 17:33 400 ODBC.INI
17.10.2005 17:07 59 vbaddin.ini
17.10.2005 16:42 829 OEWABLog.txt
17.10.2005 16:37 8.192 REGLOCS.OLD
17.10.2005 16:25 0 control.ini
17.10.2005 16:25 316.640 WMSysPr9.prx
17.10.2005 16:24 4.161 ODBCINST.INI
17.10.2005 16:22 749 WindowsShell.Manifest
17.10.2005 16:20 1.023 sessmgr.setup.log
17.10.2005 16:18 36 vb.ini
17.10.2005 16:18 133 DtcInstall.log
17.10.2005 16:16 200 cmsetacl.log
17.10.2005 15:58 4.026 regopt.log

Datentr„ger in Laufwerk C: ist FESTPLATTE
Volumeseriennummer: 1335-10E0

Verzeichnis von C:\

17.01.2006 16:06 0 sys.txt
17.01.2006 16:05 7.092 system.txt
17.01.2006 16:04 4.126 systemtemp.txt
17.01.2006 16:03 97.694 system32.txt
17.01.2006 15:56 402.231.296 hiberfil.sys
17.01.2006 15:56 603.979.776 pagefile.sys
12.01.2006 16:23 483 boot.ini
18.10.2005 21:07 25.105 mte3ndi6odoxng.exe
16.10.2005 18:59 0 CONFIG.SYS
16.10.2005 18:55 285 BOOT.BAK
25.03.2005 17:55 6.082 data
04.10.2004 14:44 22.650 devicetable.log
16.09.2004 18:06 40 CROSS.BAT
04.08.2004 14:00 469.166 txtsetup.sif
04.08.2004 14:00 262.448 $LDR$
04.08.2004 12:00 47.564 ntdetect.com
04.08.2004 12:00 4.952 bootfont.bin
04.08.2004 12:00 251.184 ntldr
20.12.2003 01:03 194 AUTOEXEC.BAT
05.12.2003 18:58 512 BOOTSECT.DOS
24.05.2001 12:59 162.304 UNWISE.EXE
08.05.2001 12:00 150.528 arcldr.exe
08.05.2001 12:00 163.328 arcsetup.exe
06.09.2000 09:35 1.660 MSDOS.SYS
30.08.2000 21:41 129.078 LOGO.SYS
08.06.2000 17:00 110.592 io.sys
26 Datei(en) 1.008.128.139 Bytes
0 Verzeichnis(se), 6.566.363.136 Bytes frei

17.01.2006, 16:30

Sabina

Ehrenmitglied

Beiträge: 29434

#8 Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\fontsub.dll
C:\mte3ndi6odoxng.exe

es ist ein Look2Me da,
19.10.2005 20:28 235.184 guard.tmp
19.10.2005 17:13 237.011 h4j40e1qeh.dll

aber das Problem ist die verseuchte winlogon.exe, man darf sie nicht loeschen, man kann sie nur durch eine saubere ersetzen.
ich habe raman schon geschrieben, mal sehen, was er meint.
__________
MfG Sabina

rund um die PC-Sicherheit

17.01.2006, 16:54

markussa

Member

Themenstarter

Beiträge: 276

#9 this is a report processed by VirusTotal on 01/17/2006 at 16:38:29 (CET) after scanning the file "winlogon.exe" file.

Antivirus Version Update Result
AntiVir 6.33.0.77 01.17.2006 no virus found
Avast 4.6.695.0 01.17.2006 no virus found
AVG 718 01.17.2006 no virus found
Avira 6.33.0.77 01.17.2006 no virus found
BitDefender 7.2 01.17.2006 no virus found
CAT-QuickHeal 8.00 01.17.2006 no virus found
ClamAV devel-20051123 01.17.2006 no virus found
DrWeb 4.33 01.17.2006 no virus found
eTrust-InoculateIT 23.71.50 01.16.2006 no virus found
eTrust-Vet 12.4.2046 01.17.2006 no virus found
Ewido 3.5 01.17.2006 no virus found
Fortinet 2.54.0.0 01.17.2006 suspicious
F-Prot 3.16c 01.16.2006 no virus found
Ikarus 0.2.59.0 01.17.2006 no virus found
Kaspersky 4.0.2.24 01.17.2006 no virus found
McAfee 4675 01.16.2006 no virus found
NOD32v2 1.1368 01.16.2006 no virus found
Norman 5.70.10 01.17.2006 no virus found
Panda 9.0.0.4 01.17.2006 no virus found
Sophos 4.01.0 01.17.2006 no virus found
Symantec 8.0 01.17.2006 no virus found
TheHacker 5.9.2.075 01.17.2006 no virus found
UNA 1.83 01.16.2006 no virus found
VBA32 3.10.5 01.17.2006 no virus found

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

This is a report processed by VirusTotal on 01/17/2006 at 16:48:15 (CET) after scanning the file "fontsub.dll" file.

Antivirus Version Update Result
AntiVir 6.33.0.77 01.17.2006 no virus found
Avast 4.6.695.0 01.17.2006 no virus found
AVG 718 01.17.2006 no virus found
Avira 6.33.0.77 01.17.2006 no virus found
BitDefender 7.2 01.17.2006 no virus found
CAT-QuickHeal 8.00 01.17.2006 no virus found
ClamAV devel-20051123 01.17.2006 no virus found
DrWeb 4.33 01.17.2006 no virus found
eTrust-InoculateIT 23.71.50 01.16.2006 no virus found
eTrust-Vet 12.4.2046 01.17.2006 no virus found
Ewido 3.5 01.17.2006 no virus found
Fortinet 2.54.0.0 01.17.2006 no virus found
F-Prot 3.16c 01.16.2006 no virus found
Ikarus 0.2.59.0 01.17.2006 no virus found
Kaspersky 4.0.2.24 01.17.2006 no virus found
McAfee 4675 01.16.2006 no virus found
NOD32v2 1.1368 01.16.2006 no virus found
Norman 5.70.10 01.17.2006 no virus found
Panda 9.0.0.4 01.17.2006 no virus found
Sophos 4.01.0 01.17.2006 no virus found
Symantec 8.0 01.17.2006 no virus found
TheHacker 5.9.2.075 01.17.2006 no virus found
UNA 1.83 01.16.2006 no virus found
VBA32 3.10.5 01.17.2006 no virus found

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

This is a report processed by VirusTotal on 01/17/2006 at 16:51:12 (CET) after scanning the file "mte3ndi6odoxng.exe" file.

Antivirus Version Update Result
AntiVir 6.33.0.77 01.17.2006 ADSPY/ToolBar.ISearch.D.2
Avast 4.6.695.0 01.17.2006 Win32:Trojan-gen. {UPX!}
AVG 718 01.17.2006 Adware Generic.GML
Avira 6.33.0.77 01.17.2006 ADSPY/ToolBar.ISearch.D.2
BitDefender 7.2 01.17.2006 Application.Cmdservices.B
CAT-QuickHeal 8.00 01.17.2006 AdWare.ToolBar.ISearch.d (Not a Virus)
ClamAV devel-20051123 01.17.2006 no virus found
DrWeb 4.33 01.17.2006 Trojan.DownLoader.4537
eTrust-InoculateIT 23.71.50 01.16.2006 Win32/SillyDl.TQ!Trojan
eTrust-Vet 12.4.2046 01.17.2006 Win32/SillyDl.ZP
Ewido 3.5 01.17.2006 Spyware.ISearch
Fortinet 2.54.0.0 01.17.2006 Adware/Isearch
F-Prot 3.16c 01.16.2006 no virus found
Ikarus 0.2.59.0 01.17.2006 no virus found
Kaspersky 4.0.2.24 01.17.2006 not-a-virus:AdWare.Win32.ISearch.d
McAfee 4675 01.16.2006 potentially unwanted program Adware-Isearch
NOD32v2 1.1368 01.16.2006 probably a variant of Win32/Adware.ISearch
Norman 5.70.10 01.17.2006 W32/ISearch.E
Panda 9.0.0.4 01.17.2006 Adware/ISearch
Sophos 4.01.0 01.17.2006 no virus found
Symantec 8.0 01.17.2006 no virus found
TheHacker 5.9.2.075 01.17.2006 Adware/ISearch.d
UNA 1.83 01.16.2006 Adware.ToolBar.ISearch
VBA32 3.10.5 01.17.2006 AdWare.ToolBar.ISearch.d

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

17.01.2006, 17:11

raman

Moderator

Beiträge: 7805

#10 Schicke die fontsub.dll und die winlogon.exe bitte an virus@protecus.de ich kann mir das dann mal anschauen....

Nachtrag, diese Datei auch bitte: mte3ndi6odoxng.exe Ds koennte der Downloader sein.
__________
MfG Ralf
SEO-Spam Hunter

17.01.2006, 18:19

raman

Moderator

Beiträge: 7805

#11 Die Winlogon.exe ist zwar nicht die orginal(deutsche)winlogon.exe, aber sie ist nicht so weit modifiziert, das es Malware sein koennte. Die DLL ist auch sauber...

Die mte3ndi6odoxng.exe kannst du auch schicken, oder gleich bei Jotti pruefen, denn das ist Malware.
__________
MfG Ralf
SEO-Spam Hunter

17.01.2006, 20:50

markussa

Member

Themenstarter

Beiträge: 276

#12 Datei: mte3ndi6odoxng.exe
Status:
INFIZIERT/MALWARE (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)
Entdeckte Packprogramme:
UPX

AntiVir
Adware-Spyware/ToolBar.ISearch.D.2 adware gefunden
ArcaVir
Adware.Spysherif.B6 gefunden
Avast
Win32:Trojan-gen. gefunden
AVG Antivirus
Generic.GML gefunden
BitDefender
Keine Viren gefunden
ClamAV
Keine Viren gefunden
Dr.Web
Trojan.DownLoader.4537 gefunden
F-Prot Antivirus
Keine Viren gefunden
Fortinet
Adware/Isearch gefunden
Kaspersky Anti-Virus
not-a-virus:AdWare.Win32.ISearch.d gefunden
NOD32
probably a variant of Win32/Adware.ISearch application gefunden (mögliche Variante)
Norman Virus Control
W32/ISearch.E gefunden
UNA
Adware.ToolBar.ISearch gefunden
VBA32
AdWare.ToolBar.ISearch.d gefunden

17.01.2006, 23:46

Sabina

Ehrenmitglied

Beiträge: 29434

#13 loesche mit hilfe der killbox:
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

C:\WINDOWS\SYSTEM32\guard.tmp
C:\WINDOWS\SYSTEM32h4j40e1qeh.dll
C:\mte3ndi6odoxng.exe

pc neustarten

arbeite das ab:
L2MRemover.zip - Look2Me Remover
http://virus-protect.org/l2mfix.html

stelle den Cleaner genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

danach arbeite option 2 ab L2mfix
von diesem Scan poste den scanreport
http://virus-protect.org/l2mfix.html
__________
MfG Sabina

rund um die PC-Sicherheit

18.01.2006, 14:47

markussa

Member

Themenstarter

Beiträge: 276

#14 L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{4F9C9E09-DF8A-937C-C755-A445E0D07273}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschaftenseite fr vorherige Versionen"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorherige Versionen"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension"
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{79CA52AC-7416-4E1B-90D2-58C80548A620}"=""
"{8151CCED-17E8-4CAD-A6CA-9F770A0E0DDA}"=""
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universelle Plug & Play-Ger„te"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{ADB1C4CF-6C7D-4C8C-9D0C-7BC7C5C94D26}"=""
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{C0EFE404-9BE9-4881-9488-20B04062F6AF}"=""
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C0EFE404-9BE9-4881-9488-20B04062F6AF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0EFE404-9BE9-4881-9488-20B04062F6AF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0EFE404-9BE9-4881-9488-20B04062F6AF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0EFE404-9BE9-4881-9488-20B04062F6AF}\InprocServer32]
@="C:\\WINDOWS\\system32\\pfrfdisk.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
mmi.dll Wed 18 Jan 2006 13:47:28 ..S.R 234.272 228,78 K
nnrrhook.dll Wed 18 Jan 2006 14:33:12 ..S.R 234.272 228,78 K
wininet.dll Fri 21 Oct 2005 4:40:36 A.... 664.064 648,50 K
browseui.dll Thu 24 Nov 2005 0:58:28 A.... 1.022.464 998,50 K
cdfview.dll Fri 21 Oct 2005 4:40:32 A.... 152.064 148,50 K
danim.dll Sat 5 Nov 2005 4:16:24 A.... 1.056.256 1,00 M
esent.dll Thu 20 Oct 2005 23:25:06 A.... 1.094.144 1,04 M
iepeers.dll Fri 21 Oct 2005 4:40:32 A.... 251.392 245,50 K
gdi32.dll Thu 29 Dec 2005 3:54:38 A.... 280.064 273,50 K
mshtmled.dll Fri 21 Oct 2005 4:40:34 A.... 448.512 438,00 K
msrating.dll Fri 21 Oct 2005 4:40:34 A.... 146.432 143,00 K
mstime.dll Fri 21 Oct 2005 4:40:34 A.... 530.944 518,50 K
dpu11.dll Thu 27 Oct 2005 20:37:44 A.... 294.912 288,00 K
dpv11.dll Thu 27 Oct 2005 20:37:44 A.... 57.344 56,00 K
dpus11.dll Thu 27 Oct 2005 20:37:44 A.... 339.968 332,00 K
dpl100.dll Thu 27 Oct 2005 20:37:46 A.... 86.016 84,00 K
dtu100.dll Thu 27 Oct 2005 20:37:44 A.... 200.704 196,00 K
pncrt.dll Fri 21 Oct 2005 15:40:10 A.... 278.528 272,00 K
pndx5016.dll Fri 21 Oct 2005 15:40:20 A.... 6.656 6,50 K
pndx5032.dll Fri 21 Oct 2005 15:40:20 A.... 5.632 5,50 K
rmoc3260.dll Fri 21 Oct 2005 15:40:42 A.... 176.167 172,04 K
dpugui11.dll Thu 27 Oct 2005 20:37:46 A.... 593.920 580,00 K
nv4_disp.dll Fri 4 Nov 2005 18:03:00 A.... 3.924.096 3,74 M
dpu10.dll Thu 27 Oct 2005 20:37:44 A.... 294.912 288,00 K
dpugui10.dll Thu 27 Oct 2005 20:37:48 A.... 53.248 52,00 K
nvhwvid.dll Fri 4 Nov 2005 18:03:00 A.... 573.440 560,00 K
nvapi.dll Fri 4 Nov 2005 18:03:00 A.... 86.016 84,00 K
nvoglnt.dll Fri 4 Nov 2005 18:03:00 A.... 5.394.432 5,14 M
nvcpl.dll Fri 4 Nov 2005 18:03:00 A.... 7.307.264 6,97 M
nvmctray.dll Fri 4 Nov 2005 18:03:00 A.... 86.016 84,00 K
nvwddi.dll Fri 4 Nov 2005 18:03:00 A.... 81.920 80,00 K
nvnt4cpl.dll Fri 4 Nov 2005 18:03:00 A.... 286.720 280,00 K
nvmccs.dll Fri 4 Nov 2005 18:03:00 A.... 229.376 224,00 K
nvcod.dll Fri 4 Nov 2005 18:03:00 A.... 35.328 34,50 K
nvcodins.dll Fri 4 Nov 2005 18:03:00 A.... 35.328 34,50 K
nview.dll Fri 4 Nov 2005 18:03:00 A.... 1.466.368 1,40 M
nvshell.dll Fri 4 Nov 2005 18:03:00 A.... 466.944 456,00 K
nvwdmcpl.dll Fri 4 Nov 2005 18:03:00 A.... 1.662.976 1,59 M
nvwimg.dll Fri 4 Nov 2005 18:03:00 A.... 1.019.904 996,00 K
nvmccsrs.dll Fri 4 Nov 2005 18:03:00 A.... 45.056 44,00 K
pfrfdisk.dll Wed 11 Jan 2006 16:34:16 ..S.R 234.272 228,78 K
uxtheme.dll Sun 15 Jan 2006 10:55:08 A.... 219.648 214,50 K
urlmon.dll Sat 5 Nov 2005 4:16:28 A.... 606.208 592,00 K
hashlib.dll Tue 15 Nov 2005 12:12:08 A.... 117.976 115,21 K
gcunco~1.dll Tue 15 Nov 2005 12:12:06 A.... 95.448 93,21 K
gccoll~1.dll Tue 15 Nov 2005 12:12:08 A.... 126.680 123,71 K
shlwapi.dll Fri 21 Oct 2005 4:40:36 A.... 474.112 463,00 K
shdocvw.dll Thu 1 Dec 2005 4:31:06 A.... 1.492.480 1,42 M
pngfilt.dll Fri 21 Oct 2005 4:40:34 A.... 39.424 38,50 K
mshtml.dll Thu 24 Nov 2005 0:58:28 A.... 3.013.632 2,87 M
inseng.dll Fri 21 Oct 2005 4:40:32 A.... 96.768 94,50 K
dxtrans.dll Fri 21 Oct 2005 4:40:32 A.... 205.312 200,50 K
extmgr.dll Fri 21 Oct 2005 4:40:32 A.... 55.808 54,50 K

53 items found: 53 files (3 H/S), 0 directories.
Total of file sizes: 37.981.839 bytes 36,22 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Datentr„ger in Laufwerk C: ist FESTPLATTE
Volumeseriennummer: 1335-10E0

Verzeichnis von C:\WINDOWS\System32

18.01.2006 14:33 234.272 nNrrhook.dll
18.01.2006 13:47 234.272 mmi.dll
11.01.2006 16:34 234.272 pfrfdisk.dll
19.10.2005 17:13 237.011 h4j40e1qeh.dll
05.12.2003 19:35 <DIR> Microsoft
05.12.2003 19:03 <DIR> dllcache
4 Datei(en) 939.827 Bytes
2 Verzeichnis(se), 6.559.940.608 Bytes frei

18.01.2006, 15:15

Sabina

Ehrenmitglied

Beiträge: 29434

#15 loesche mit der Killbox:

C:\WINDOWS\System32\nNrrhook.dll
C:\WINDOWS\System32\mmi.dll
C:\WINDOWS\System32\pfrfdisk.dll
C:\WINDOWS\System32\h4j40e1qeh.dll

PC neustarten

dann versuche noch mal die Option 2 von L2MFIX abzuarbeiten (mit neustart), denn was du hier gepostet hast, was die Option 1.

danach scanne mit Spysweeper (trial) und kopiere hier ebenfalls den scanreport
http://virus-protect.org/spysweeper.html
__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2