Home » Spyware & Browser Hijacker Support Forum » spyware.look2me verdacht » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

spyware.look2me verdacht

Thema ist geschlossen!

31.01.2006, 00:33

Dantohr

...neu hier

Beiträge: 10

#1 oh man ich bin am verzweifeln!
ich hab xp neu installiert weil ich ein neues motherboard bekommen habe!
und jetzt hab ich das problem das sich immer mein inet explorer öffnet und
das von ganz alleine!
und was sowas angeht hab ich echt keine ahnung!
hier mal das hijackthis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 00:32:09, on 31.01.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Programme\Opera\Opera.exe
C:\Dokumente und Einstellungen\Robert\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138647576247
O17 - HKLM\System\CCS\Services\Tcpip\..\{661D2231-48AB-4DD5-87A8-91645DE5EC45}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{661D2231-48AB-4DD5-87A8-91645DE5EC45}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{661D2231-48AB-4DD5-87A8-91645DE5EC45}: NameServer = 192.168.1.1
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\enj8l11u1.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

bitte helft mir!
MFG

edit:während ich das schrieb öffnete sich wieder eine seite!
und zwar die hier
http://www.hug-ediscounts.com/normal/yyy102.html

31.01.2006, 01:01

Sabina

Ehrenmitglied

Beiträge: 29434

#2 ja...das ist look2me

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

31.01.2006, 01:14

Dantohr

...neu hier

Themenstarter

Beiträge: 10

#3 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6897-6E98

Verzeichnis von C:\WINDOWS\system32

31.01.2006 01:06 43.310 nvapps.xml
31.01.2006 01:06 234.803 __delete_on_reboot__guard.tmp
31.01.2006 00:17 234.803 __delete_on_reboot__momtapi.dll
31.01.2006 00:16 234.803 m6nqlg5516.dll
30.01.2006 23:22 234.803 enj8l11u1.dll
30.01.2006 23:17 236.354 ennql1551.dll
30.01.2006 20:56 236.198 lt4027hmg.dll
30.01.2006 19:33 12.980 wpa.bak
30.01.2006 19:33 12.980 wpa.dbl
30.01.2006 19:30 4.265 paytime.exe
30.01.2006 18:12 311.740 perfh009.dat
30.01.2006 18:12 40.128 perfc009.dat
30.01.2006 18:12 316.924 perfh007.dat
30.01.2006 18:12 723.744 PerfStringBackup.INI
30.01.2006 18:12 48.354 perfc007.dat
30.01.2006 15:55 25.065 wmpscheme.xml
30.01.2006 15:52 90.296 FNTCACHE.DAT
30.01.2006 15:51 324 $winnt$.inf
30.01.2006 15:48 2.951 CONFIG.NT
30.01.2006 15:48 16.832 amcompat.tlb
30.01.2006 15:48 23.392 nscompat.tlb
30.01.2006 15:47 488 WindowsLogon.manifest
30.01.2006 15:47 488 logonui.exe.manifest
30.01.2006 15:47 749 nwc.cpl.manifest
30.01.2006 15:47 749 wuaucpl.cpl.manifest
30.01.2006 15:47 749 ncpa.cpl.manifest
30.01.2006 15:47 749 cdplayer.exe.manifest
30.01.2006 15:47 749 sapi.cpl.manifest
30.01.2006 15:46 21.740 emptyregdb.dat
18.01.2006 13:05 57.344 avsda.dll

31.01.2006, 01:16

Sabina

Ehrenmitglied

Beiträge: 29434

#4 poste bitte noch die anderen drei Logs

Zitat

C:\WINDOWS\system32\__delete_on_reboot__guard.tmp
C:\WINDOWS\system32\__delete_on_reboot__momtapi.dll
C:\WINDOWS\system32\m6nqlg5516.dll
C:\WINDOWS\system32\enj8l11u1.dll
C:\WINDOWS\system32\ennql1551.dll
C:\WINDOWS\system32\lt4027hmg.dll
C:\WINDOWS\system32\paytime.exe

__________
MfG Sabina

rund um die PC-Sicherheit

31.01.2006, 01:16

Dantohr

...neu hier

Themenstarter

Beiträge: 10

#5 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6897-6E98

Verzeichnis von C:\DOKUME~1\Robert\LOKALE~1\Temp

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6897-6E98

Verzeichnis von C:\WINDOWS

31.01.2006 00:25 310.441 WindowsUpdate.log
31.01.2006 00:18 0 0.log
31.01.2006 00:17 2.048 bootstat.dat
30.01.2006 23:16 504 win.ini
30.01.2006 23:16 277 system.ini
30.01.2006 22:53 79.892 DirectX.log
30.01.2006 22:50 623.949 setupapi.log
30.01.2006 22:25 178.482 setupact.log
30.01.2006 20:21 27.973 xpsp1hfm.log
30.01.2006 20:21 46.308 comsetup.log
30.01.2006 20:21 43.535 tsoc.log
30.01.2006 20:21 31.431 KB828741.log
30.01.2006 20:21 1.374 imsins.log
30.01.2006 20:21 15.241 iis6.log
30.01.2006 20:21 26.331 ntdtcsetup.log
30.01.2006 20:21 5.426 msgsocm.log
30.01.2006 20:21 4.245 ocmsn.log
30.01.2006 20:21 50.017 ocgen.log
30.01.2006 20:21 104.275 FaxSetup.log
30.01.2006 20:20 1.374 imsins.BAK
30.01.2006 20:20 28.290 KB835732.log
30.01.2006 20:17 17.306 Q329834.log
30.01.2006 20:16 19.961 KB823559.log
30.01.2006 20:15 16.948 Q329048.log
30.01.2006 20:15 17.104 KB834707-IE6-20040929.115007.log
30.01.2006 20:14 14.504 Q810577.log
30.01.2006 20:13 11.383 Q810833.log
30.01.2006 20:12 8.144 Q811630.log
30.01.2006 20:11 7.151 Q329441.log
30.01.2006 20:10 6.799 Q817606.log
30.01.2006 20:09 4.694 Q329170.log
30.01.2006 20:07 1.613 Q329115.log
30.01.2006 20:07 1.254 Q329390.log
30.01.2006 20:07 961 Q323255.log
30.01.2006 20:02 6.689 KB842773.log
30.01.2006 19:32 0 winsysupd41.dat
30.01.2006 19:32 0 myupdates1.dat
30.01.2006 19:32 52.480 myupdates.exe
30.01.2006 19:32 19.968 winsysban4.exe
30.01.2006 19:32 43 drsmartload2.dat
30.01.2006 19:31 11.264 winsysupd4.exe
30.01.2006 19:31 10.112 toolbar.exe
30.01.2006 19:29 0 uniq
30.01.2006 18:58 264 nsw.log
30.01.2006 18:56 8.106 Windows Update.log
30.01.2006 15:55 820 OEWABLog.txt
30.01.2006 15:52 8.192 REGLOCS.OLD
30.01.2006 15:48 0 control.ini
30.01.2006 15:48 299.552 WMSysPrx.prx
30.01.2006 15:48 4.161 ODBCINST.INI
30.01.2006 15:47 749 WindowsShell.Manifest
30.01.2006 15:45 37 vbaddin.ini
30.01.2006 15:45 36 vb.ini
30.01.2006 15:45 128 DtcInstall.log
30.01.2006 15:45 1.060 sessmgr.setup.log
21.09.2002 20:13 10.752 hh.exe
01.11.2001 17:43 50 wiaservc.log
01.11.2001 17:43 509 wiadebug.log
01.11.2001 17:43 0 Sti_Trace.log
01.11.2001 17:40 1.348 regopt.log
01.11.2001 17:39 0 setuperr.log

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6897-6E98

Verzeichnis von C:\

31.01.2006 01:15 0 sys.txt
31.01.2006 01:15 4.761 system.txt
31.01.2006 01:14 134 systemtemp.txt
31.01.2006 01:11 85.817 system32.txt
31.01.2006 00:17 1.207.959.552 pagefile.sys
30.01.2006 23:16 194 boot.ini
30.01.2006 22:54 194 BOOT.BKK
30.01.2006 15:48 0 MSDOS.SYS
30.01.2006 15:48 0 AUTOEXEC.BAT
30.01.2006 15:48 0 IO.SYS
30.01.2006 15:48 0 CONFIG.SYS
18.08.2001 13:00 4.952 bootfont.bin
18.08.2001 13:00 45.124 NTDETECT.COM
18.08.2001 13:00 224.032 ntldr
14 Datei(en) 1.208.324.760 Bytes
0 Verzeichnis(se), 33.529.356.288 Bytes frei

31.01.2006, 01:21

Dantohr

...neu hier

Themenstarter

Beiträge: 10

#6 ich sehe gerade das da ein paar sachen rot sind!
soll ich die jetzt löschen?
sorry wegen der dummen frage aber ich kenn mich absolut nicht aus!
aber trotzdem schonmal DANKE

31.01.2006, 01:22

Sabina

Ehrenmitglied

Beiträge: 29434

Zitat

Sabina postete
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren:

C:\WINDOWS\system32\__delete_on_reboot__guard.tmp
C:\WINDOWS\system32\__delete_on_reboot__momtapi.dll
C:\WINDOWS\system32\m6nqlg5516.dll
C:\WINDOWS\system32\enj8l11u1.dll
C:\WINDOWS\system32\ennql1551.dll
C:\WINDOWS\system32\lt4027hmg.dll
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\winsysupd41.dat
C:\WINDOWS\myupdates1.dat
C:\WINDOWS\myupdates.exe
C:\WINDOWS\winsysban4.exe
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\winsysupd4.exe
C:\WINDOWS\toolbar.exe
C:\WINDOWS\uniq

PC neustarten

nach dem Neustart suche: C:\!KillBox
und loesche alle dort befindlichen Dateien manuell

l2mfix
arbeite Option 2 ab...nach neustart und scan poste hier den scanreport
http://virus-protect.org/l2mfix.html

__________
MfG Sabina

rund um die PC-Sicherheit

31.01.2006, 01:34

Dantohr

...neu hier

Themenstarter

Beiträge: 10

#8 L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\guard.tmp"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\m6nqlg5516.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{67B350C4-F74B-49D2-CC12-8A430CBA5674}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f�r Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn�pfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension"
"{1902D49F-0E59-4E7D-A618-86522A811D59}"=""
"{41C71EB7-F48B-46F6-B937-64ACEB3B9837}"=""
"{998FD9F6-AA7E-4C3B-AF66-DBB16EF51DBB}"=""
"{479F05EE-6882-4E56-A065-6433E423DA6A}"=""
"{8DB15D87-AE95-4371-B474-306503F99C90}"=""
"{743326B4-D5EF-4662-A4B3-DF90AEC32AFA}"=""
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{085A0429-7DCC-4D13-8E9F-70DF1DF1B36E}"=""
"{5AF7C328-742F-4862-A63A-705241FFA472}"=""
"{0432A81D-7703-4955-87C6-B6AF7776F881}"=""
"{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}"=""
"{E94F8A68-42C3-4052-A642-008572461AE2}"=""
"{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}"=""
"{6DE346AC-D107-44B0-A270-C13C96120E7D}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}\InprocServer32]
@="C:\\WINDOWS\\system32\\bwowselc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}\InprocServer32]
@="C:\\WINDOWS\\system32\\nwtman.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}\InprocServer32]
@="C:\\WINDOWS\\system32\\momtapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
avsda.dll Wed 18 Jan 2006 13:05:54 A.... 57.344 56,00 K
legitc~1.dll Thu 12 Jan 2006 11:32:12 A.... 543.496 530,76 K
nv4_disp.dll Sat 10 Dec 2005 3:06:00 A.... 3.955.456 3,77 M
nvapi.dll Sat 10 Dec 2005 3:06:00 A.... 110.592 108,00 K
nvcod.dll Sat 10 Dec 2005 3:06:00 A.... 35.840 35,00 K
nvcodins.dll Sat 10 Dec 2005 3:06:00 A.... 35.840 35,00 K
nvcpl.dll Sat 10 Dec 2005 3:06:00 A.... 7.311.360 6,97 M
nvhwvid.dll Sat 10 Dec 2005 3:06:00 A.... 573.440 560,00 K
nview.dll Sat 10 Dec 2005 3:06:00 A.... 1.466.368 1,40 M
nvmccs.dll Sat 10 Dec 2005 3:06:00 A.... 229.376 224,00 K
nvmccsrs.dll Sat 10 Dec 2005 3:06:00 A.... 45.056 44,00 K
nvmctray.dll Sat 10 Dec 2005 3:06:00 A.... 86.016 84,00 K
nvnt4cpl.dll Sat 10 Dec 2005 3:06:00 A.... 286.720 280,00 K
nvoglnt.dll Sat 10 Dec 2005 3:06:00 A.... 5.402.624 5,15 M
nvrsar.dll Sat 10 Dec 2005 3:06:00 A.... 319.488 312,00 K
nvrscs.dll Sat 10 Dec 2005 3:06:00 A.... 241.664 236,00 K
nvrsda.dll Sat 10 Dec 2005 3:06:00 A.... 245.760 240,00 K
nvrsde.dll Sat 10 Dec 2005 3:06:00 A.... 270.336 264,00 K
nvrsel.dll Sat 10 Dec 2005 3:06:00 A.... 274.432 268,00 K
nvrseng.dll Sat 10 Dec 2005 3:06:00 A.... 241.664 236,00 K
nvrses.dll Sat 10 Dec 2005 3:06:00 A.... 274.432 268,00 K
nvrsesm.dll Sat 10 Dec 2005 3:06:00 A.... 266.240 260,00 K
nvrsfi.dll Sat 10 Dec 2005 3:06:00 A.... 241.664 236,00 K
nvrsfr.dll Sat 10 Dec 2005 3:06:00 A.... 278.528 272,00 K
nvrshe.dll Sat 10 Dec 2005 3:06:00 A.... 319.488 312,00 K
nvrshu.dll Sat 10 Dec 2005 3:06:00 A.... 253.952 248,00 K
nvrsit.dll Sat 10 Dec 2005 3:06:00 A.... 274.432 268,00 K
nvrsja.dll Sat 10 Dec 2005 3:06:00 A.... 258.048 252,00 K
nvrsko.dll Sat 10 Dec 2005 3:06:00 A.... 253.952 248,00 K
nvrsnl.dll Sat 10 Dec 2005 3:06:00 A.... 266.240 260,00 K
nvrsno.dll Sat 10 Dec 2005 3:06:00 A.... 249.856 244,00 K
nvrspl.dll Sat 10 Dec 2005 3:06:00 A.... 249.856 244,00 K
nvrspt.dll Sat 10 Dec 2005 3:06:00 A.... 266.240 260,00 K
nvrsptb.dll Sat 10 Dec 2005 3:06:00 A.... 262.144 256,00 K
nvrsru.dll Sat 10 Dec 2005 3:06:00 A.... 262.144 256,00 K
nvrssk.dll Sat 10 Dec 2005 3:06:00 A.... 249.856 244,00 K
nvrssl.dll Sat 10 Dec 2005 3:06:00 A.... 249.856 244,00 K
nvrssv.dll Sat 10 Dec 2005 3:06:00 A.... 245.760 240,00 K
nvrstr.dll Sat 10 Dec 2005 3:06:00 A.... 249.856 244,00 K
nvrszhc.dll Sat 10 Dec 2005 3:06:00 A.... 217.088 212,00 K
nvrszht.dll Sat 10 Dec 2005 3:06:00 A.... 118.784 116,00 K
nvshell.dll Sat 10 Dec 2005 3:06:00 A.... 466.944 456,00 K
nvwddi.dll Sat 10 Dec 2005 3:06:00 A.... 81.920 80,00 K
nvwdmcpl.dll Sat 10 Dec 2005 3:06:00 A.... 1.662.976 1,59 M
nvwimg.dll Sat 10 Dec 2005 3:06:00 A.... 1.019.904 996,00 K
nvwrsar.dll Sat 10 Dec 2005 3:06:00 A.... 282.624 276,00 K
nvwrscs.dll Sat 10 Dec 2005 3:06:00 A.... 286.720 280,00 K
nvwrsda.dll Sat 10 Dec 2005 3:06:00 A.... 294.912 288,00 K
nvwrsde.dll Sat 10 Dec 2005 3:06:00 A.... 311.296 304,00 K
nvwrsel.dll Sat 10 Dec 2005 3:06:00 A.... 335.872 328,00 K
nvwrseng.dll Sat 10 Dec 2005 3:06:00 A.... 286.720 280,00 K
nvwrses.dll Sat 10 Dec 2005 3:06:00 A.... 335.872 328,00 K
nvwrsesm.dll Sat 10 Dec 2005 3:06:00 A.... 327.680 320,00 K
nvwrsfi.dll Sat 10 Dec 2005 3:06:00 A.... 303.104 296,00 K
nvwrsfr.dll Sat 10 Dec 2005 3:06:00 A.... 327.680 320,00 K
nvwrshe.dll Sat 10 Dec 2005 3:06:00 A.... 278.528 272,00 K
nvwrshu.dll Sat 10 Dec 2005 3:06:00 A.... 315.392 308,00 K
nvwrsit.dll Sat 10 Dec 2005 3:06:00 A.... 323.584 316,00 K
nvwrsja.dll Sat 10 Dec 2005 3:06:00 A.... 212.992 208,00 K
nvwrsko.dll Sat 10 Dec 2005 3:06:00 A.... 196.608 192,00 K
nvwrsnl.dll Sat 10 Dec 2005 3:06:00 A.... 319.488 312,00 K
nvwrsno.dll Sat 10 Dec 2005 3:06:00 A.... 299.008 292,00 K
nvwrspl.dll Sat 10 Dec 2005 3:06:00 A.... 294.912 288,00 K
nvwrspt.dll Sat 10 Dec 2005 3:06:00 A.... 323.584 316,00 K
nvwrsptb.dll Sat 10 Dec 2005 3:06:00 A.... 319.488 312,00 K
nvwrsru.dll Sat 10 Dec 2005 3:06:00 A.... 315.392 308,00 K
nvwrssk.dll Sat 10 Dec 2005 3:06:00 A.... 299.008 292,00 K
nvwrssl.dll Sat 10 Dec 2005 3:06:00 A.... 303.104 296,00 K
nvwrssv.dll Sat 10 Dec 2005 3:06:00 A.... 294.912 288,00 K
nvwrstr.dll Sat 10 Dec 2005 3:06:00 A.... 303.104 296,00 K
nvwrszhc.dll Sat 10 Dec 2005 3:06:00 A.... 163.840 160,00 K
nvwrszht.dll Sat 10 Dec 2005 3:06:00 A.... 167.936 164,00 K
__dele~1.dll Tue 31 Jan 2006 1:28:42 A.... 234.803 229,30 K

73 items found: 73 files, 0 directories.
Total of file sizes: 38.331.195 bytes 36,55 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Tue 31 Jan 2006 1:27:00 ..S.R 234.803 229,30 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 234.803 bytes 229,30 K
**********************************************************************************
Directory Listing of system files:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6897-6E98

Verzeichnis von C:\WINDOWS\System32

31.01.2006 01:26 234.803 guard.tmp
30.01.2006 22:49 <DIR> dllcache
30.01.2006 19:24 <DIR> Microsoft
1 Datei(en) 234.803 Bytes
2 Verzeichnis(se), 33.524.420.608 Bytes frei

L2mfix 010406
Creating Account.
Der Befehl wurde erfolgreich ausgef�hrt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 472 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 544 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1316 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1432 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administratoren ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 Datei(en) kopiert.
1 Datei(en) kopiert.
Deleting: C:\WINDOWS\system32\__delete_on_reboot__padgen.dll
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__padgen.dll
Deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

msg11?.dll
0 Datei(en) kopiert.

Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\guard.tmp"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\m6nqlg5516.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\__delete_on_reboot__padgen.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}\InprocServer32]
@="C:\\WINDOWS\\system32\\bwowselc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}\InprocServer32]
@="C:\\WINDOWS\\system32\\nwtman.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}\InprocServer32]
@="C:\\WINDOWS\\system32\\momtapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{1902D49F-0E59-4E7D-A618-86522A811D59}"=-
"{41C71EB7-F48B-46F6-B937-64ACEB3B9837}"=-
"{998FD9F6-AA7E-4C3B-AF66-DBB16EF51DBB}"=-
"{479F05EE-6882-4E56-A065-6433E423DA6A}"=-
"{8DB15D87-AE95-4371-B474-306503F99C90}"=-
"{743326B4-D5EF-4662-A4B3-DF90AEC32AFA}"=-
"{085A0429-7DCC-4D13-8E9F-70DF1DF1B36E}"=-
"{5AF7C328-742F-4862-A63A-705241FFA472}"=-
"{0432A81D-7703-4955-87C6-B6AF7776F881}"=-
"{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}"=-
"{E94F8A68-42C3-4052-A642-008572461AE2}"=-
"{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}"=-
"{6DE346AC-D107-44B0-A270-C13C96120E7D}"=-
[-HKEY_CLASSES_ROOT\CLSID\{1902D49F-0E59-4E7D-A618-86522A811D59}]
[-HKEY_CLASSES_ROOT\CLSID\{41C71EB7-F48B-46F6-B937-64ACEB3B9837}]
[-HKEY_CLASSES_ROOT\CLSID\{998FD9F6-AA7E-4C3B-AF66-DBB16EF51DBB}]
[-HKEY_CLASSES_ROOT\CLSID\{479F05EE-6882-4E56-A065-6433E423DA6A}]
[-HKEY_CLASSES_ROOT\CLSID\{8DB15D87-AE95-4371-B474-306503F99C90}]
[-HKEY_CLASSES_ROOT\CLSID\{743326B4-D5EF-4662-A4B3-DF90AEC32AFA}]
[-HKEY_CLASSES_ROOT\CLSID\{085A0429-7DCC-4D13-8E9F-70DF1DF1B36E}]
[-HKEY_CLASSES_ROOT\CLSID\{5AF7C328-742F-4862-A63A-705241FFA472}]
[-HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}]
[-HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}]
[-HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}]
[-HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}]
[-HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/guard.tmp (164 bytes security) (deflated 5%)
adding: dlls/__delete_on_reboot__padgen.dll (164 bytes security) (deflated 5%)
adding: backregs/0432A81D-7703-4955-87C6-B6AF7776F881.reg (188 bytes security) (deflated 70%)
adding: backregs/1AE4824D-72C1-43A4-85B2-D1AD2D8354BC.reg (188 bytes security) (deflated 70%)
adding: backregs/6DE346AC-D107-44B0-A270-C13C96120E7D.reg (188 bytes security) (deflated 70%)
adding: backregs/6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68.reg (188 bytes security) (deflated 70%)
adding: backregs/E94F8A68-42C3-4052-A642-008572461AE2.reg (188 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Logfile of HijackThis v1.99.1
Scan saved at 01:43:01, on 31.01.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Programme\Opera\Opera.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Robert\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138647576247
O17 - HKLM\System\CCS\Services\Tcpip\..\{661D2231-48AB-4DD5-87A8-91645DE5EC45}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{661D2231-48AB-4DD5-87A8-91645DE5EC45}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{661D2231-48AB-4DD5-87A8-91645DE5EC45}: NameServer = 192.168.1.1
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\m6nqlg5516.dll (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

noch ne dumme frage:wars das jetzt???

Dieser Beitrag wurde am 31.01.2006 um 01:46 Uhr von Dantohr editiert.

31.01.2006, 11:24

Sabina

Ehrenmitglied

Beiträge: 29434

#9 Dantohr

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\m6nqlg5516.dll (file missing)

PC neustarten

Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

kopiere hier das Log von Winpfind
http://virus-protect.org/winpfind.html
__________
MfG Sabina

rund um die PC-Sicherheit

31.01.2006, 14:52

Dantohr

...neu hier

Themenstarter

Beiträge: 10

#10 sorry daqs das ein wenig gedauert hat!
hier mal das log

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Current Build Number: 2600
Internet Explorer Version: 6.0.2600.0000

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 18.08.2001 13:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 12.01.2006 11:32:12 543496 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
UPX! 13.01.2005 21:41:48 11254 C:\WINDOWS\SYSTEM32\locate.com
PECompact2 04.01.2006 19:46:40 2836320 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.01.2006 19:46:40 2836320 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 18.08.2001 13:00:00 659456 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 20.01.2005 13:47:50 175616 C:\WINDOWS\SYSTEM32\strings.exe
winsync 18.08.2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
31.01.2006 14:45:06 S 2048 C:\WINDOWS\bootstat.dat
30.01.2006 15:47:34 RH 749 C:\WINDOWS\WindowsShell.Manifest
30.01.2006 15:47:42 H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
30.01.2006 15:48:30 HS 67 C:\WINDOWS\Fonts\desktop.ini
30.01.2006 20:00:08 H 0 C:\WINDOWS\inf\oem2.inf
30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxbda.inf
30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxbda.PNF
30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxdllreg.inf
30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxdllreg.PNF
30.01.2006 22:48:52 H 0 C:\WINDOWS\LastGood\INF\dxxp.inf
30.01.2006 22:48:52 H 0 C:\WINDOWS\LastGood\INF\dxxp.PNF
30.01.2006 20:15:42 H 0 C:\WINDOWS\LastGood\INF\js56nde.inf
30.01.2006 20:15:42 H 0 C:\WINDOWS\LastGood\INF\js56nde.PNF
30.01.2006 20:07:06 H 0 C:\WINDOWS\LastGood\INF\oem3.inf
30.01.2006 20:07:06 H 0 C:\WINDOWS\LastGood\INF\oem3.PNF
30.01.2006 22:48:08 H 0 C:\WINDOWS\LastGood\INF\oem4.inf
30.01.2006 22:48:08 H 0 C:\WINDOWS\LastGood\INF\oem4.PNF
30.01.2006 20:00:08 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem2.inf
30.01.2006 20:00:08 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem2.PNF
30.01.2006 20:02:02 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem3.inf
30.01.2006 20:02:02 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF
30.01.2006 15:47:42 H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
30.01.2006 15:48:06 RHS 243468 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_1.cab
30.01.2006 15:48:06 RHS 20293 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_2.cab
30.01.2006 15:48:06 RHS 765 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_3.cab
30.01.2006 15:49:06 H 237568 C:\WINDOWS\repair\ntuser.dat
30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
30.01.2006 15:47:42 RH 488 C:\WINDOWS\system32\logonui.exe.manifest
30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
30.01.2006 15:47:42 RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
14.12.2005 02:31:24 S 22345 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT
31.01.2006 14:48:46 H 1024 C:\WINDOWS\system32\config\default.LOG
31.01.2006 14:45:12 H 1024 C:\WINDOWS\system32\config\SAM.LOG
31.01.2006 14:46:28 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
31.01.2006 14:50:58 H 1024 C:\WINDOWS\system32\config\software.LOG
31.01.2006 14:47:34 H 1024 C:\WINDOWS\system32\config\system.LOG
30.01.2006 20:21:32 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\desktop.ini
30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\desktop.ini
30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2FIHGNEV\desktop.ini
30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KJU3EVCN\desktop.ini
30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O32LEJ29\desktop.ini
30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SPYN0PQF\desktop.ini
30.01.2006 15:48:10 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\desktop.ini
30.01.2006 15:48:10 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\desktop.ini
30.01.2006 15:47:44 HS 187 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
30.01.2006 15:49:00 HS 208 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\desktop.ini
30.01.2006 15:49:00 HS 84 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\desktop.ini
30.01.2006 15:49:00 HS 495 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Zubehör\desktop.ini
30.01.2006 15:49:00 HS 303 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Zubehör\Eingabehilfen\desktop.ini
30.01.2006 15:49:00 HS 84 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Zubehör\Unterhaltungsmedien\desktop.ini
30.01.2006 22:47:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\170ae4ed-dd88-4e6a-99b2-4d864c76e939
30.01.2006 22:47:20 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
30.01.2006 19:24:14 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\65416408-ac0f-4718-bbac-1e7212bdf9bb
30.01.2006 19:24:14 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
30.01.2006 20:00:14 RHS 13695 C:\WINDOWS\system32\Restore\filelist.xml
30.01.2006 20:29:30 H 6 C:\WINDOWS\Tasks\SA.DAT
30.01.2006 22:35:16 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\549SF5GB\desktop.ini
31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JGXP1H5F\desktop.ini
31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QFZA9PIF\desktop.ini
31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\VHCLMU0B\desktop.ini
30.01.2006 22:35:16 HS 113 C:\WINDOWS\Temp\Verlauf\History.IE5\desktop.ini

Checking for CPL files...
Microsoft Corporation 18.08.2001 13:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 18.08.2001 13:00:00 563712 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 18.08.2001 13:00:00 133120 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 18.08.2001 13:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 18.08.2001 13:00:00 295936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 18.08.2001 13:00:00 123392 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 29.08.2002 03:41:00 66560 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 18.08.2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 18.08.2001 13:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 18.08.2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 18.08.2001 13:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
10.12.2005 03:06:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 18.08.2001 13:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 18.08.2001 13:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 18.08.2001 13:00:00 275456 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 18.08.2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 18.08.2001 13:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 18.08.2001 13:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 18.08.2001 13:00:00 563712 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 18.08.2001 13:00:00 133120 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 18.08.2001 13:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 18.08.2001 13:00:00 295936 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 18.08.2001 13:00:00 123392 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 29.08.2002 03:41:00 66560 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 18.08.2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 18.08.2001 13:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 18.08.2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 18.08.2001 13:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 18.08.2001 13:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 18.08.2001 13:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 18.08.2001 13:00:00 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 18.08.2001 13:00:00 275456 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 18.08.2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 18.08.2001 13:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
31.01.2006 02:14:46 1737 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
30.01.2006 15:49:00 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
01.11.2001 17:39:58 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
30.01.2006 15:49:00 HS 84 C:\Dokumente und Einstellungen\Robert\Startmenü\Programme\Autostart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
01.11.2001 17:39:58 HS 62 C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2006\sdshelex.dll"
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2006\sdshelex.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}
ButtonText = ICQ Lite : C:\Programme\ICQLite\ICQLite.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgnt
hkey HKLM
command "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgnt
hkey HKLM
command "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\System32\ctfmon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\System32\ctfmon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DXDllRegExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dxdllreg
hkey HKLM
command C:\WINDOWS\System32\dxdllreg.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dxdllreg
hkey HKLM
command C:\WINDOWS\System32\dxdllreg.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ Lite
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command C:\Programme\ICQLite\ICQLite.exe -minimize
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command C:\Programme\ICQLite\ICQLite.exe -minimize
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Programme\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Programme\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\myupdates
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item myupdates
hkey HKLM
command c:\windows\myupdates.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item myupdates
hkey HKLM
command c:\windows\myupdates.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvMcTray
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvMcTray
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PayTime
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item paytime
hkey HKLM
command C:\WINDOWS\System32\paytime.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item paytime
hkey HKLM
command C:\WINDOWS\System32\paytime.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TeaTimer
hkey HKCU
command C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TeaTimer
hkey HKCU
command C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\STYLEXP
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item StyleXP
hkey HKCU
command C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item StyleXP
hkey HKCU
command C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysban
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban4
hkey HKLM
command c:\windows\winsysban4.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban4
hkey HKLM
command c:\windows\winsysban4.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysupd
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysupd4
hkey HKLM
command c:\windows\winsysupd4.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysupd4
hkey HKLM
command c:\windows\winsysupd4.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 31.01.2006 14:51:37

31.01.2006, 14:58

Sabina

Ehrenmitglied

Beiträge: 29434

#11 gehe in die Registry
Start-->Ausfuehren--> regedit

bearbeiten--> suchen-->

myupdates.exe
myupdates

winsysupd4.exe
winsysupd

winsysban4.exe
winsysban

loesche alles, was du findest

dann kopiere das neue Log von winpfind
__________
MfG Sabina

rund um die PC-Sicherheit

31.01.2006, 15:06

Dantohr

...neu hier

Themenstarter

Beiträge: 10

#12 WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Current Build Number: 2600
Internet Explorer Version: 6.0.2600.0000

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 18.08.2001 13:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 12.01.2006 11:32:12 543496 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
UPX! 13.01.2005 21:41:48 11254 C:\WINDOWS\SYSTEM32\locate.com
PECompact2 04.01.2006 19:46:40 2836320 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.01.2006 19:46:40 2836320 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 18.08.2001 13:00:00 659456 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 20.01.2005 13:47:50 175616 C:\WINDOWS\SYSTEM32\strings.exe
winsync 18.08.2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
31.01.2006 14:45:06 S 2048 C:\WINDOWS\bootstat.dat
30.01.2006 15:47:34 RH 749 C:\WINDOWS\WindowsShell.Manifest
30.01.2006 15:47:42 H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
30.01.2006 15:48:30 HS 67 C:\WINDOWS\Fonts\desktop.ini
30.01.2006 20:00:08 H 0 C:\WINDOWS\inf\oem2.inf
30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxbda.inf
30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxbda.PNF
30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxdllreg.inf
30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxdllreg.PNF
30.01.2006 22:48:52 H 0 C:\WINDOWS\LastGood\INF\dxxp.inf
30.01.2006 22:48:52 H 0 C:\WINDOWS\LastGood\INF\dxxp.PNF
30.01.2006 20:15:42 H 0 C:\WINDOWS\LastGood\INF\js56nde.inf
30.01.2006 20:15:42 H 0 C:\WINDOWS\LastGood\INF\js56nde.PNF
30.01.2006 20:07:06 H 0 C:\WINDOWS\LastGood\INF\oem3.inf
30.01.2006 20:07:06 H 0 C:\WINDOWS\LastGood\INF\oem3.PNF
30.01.2006 22:48:08 H 0 C:\WINDOWS\LastGood\INF\oem4.inf
30.01.2006 22:48:08 H 0 C:\WINDOWS\LastGood\INF\oem4.PNF
30.01.2006 20:00:08 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem2.inf
30.01.2006 20:00:08 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem2.PNF
30.01.2006 20:02:02 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem3.inf
30.01.2006 20:02:02 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF
30.01.2006 15:47:42 H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
30.01.2006 15:48:06 RHS 243468 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_1.cab
30.01.2006 15:48:06 RHS 20293 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_2.cab
30.01.2006 15:48:06 RHS 765 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_3.cab
30.01.2006 15:49:06 H 237568 C:\WINDOWS\repair\ntuser.dat
30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
30.01.2006 15:47:42 RH 488 C:\WINDOWS\system32\logonui.exe.manifest
30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
30.01.2006 15:47:42 RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
14.12.2005 02:31:24 S 22345 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT
31.01.2006 14:48:46 H 1024 C:\WINDOWS\system32\config\default.LOG
31.01.2006 14:45:12 H 1024 C:\WINDOWS\system32\config\SAM.LOG
31.01.2006 14:46:28 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
31.01.2006 15:02:20 H 1024 C:\WINDOWS\system32\config\software.LOG
31.01.2006 14:47:34 H 1024 C:\WINDOWS\system32\config\system.LOG
30.01.2006 20:21:32 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\desktop.ini
30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\desktop.ini
30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2FIHGNEV\desktop.ini
30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KJU3EVCN\desktop.ini
30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O32LEJ29\desktop.ini
30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SPYN0PQF\desktop.ini
30.01.2006 15:48:10 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\desktop.ini
30.01.2006 15:48:10 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\desktop.ini
30.01.2006 15:47:44 HS 187 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
30.01.2006 15:49:00 HS 208 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\desktop.ini
30.01.2006 15:49:00 HS 84 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\desktop.ini
30.01.2006 15:49:00 HS 495 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Zubehör\desktop.ini
30.01.2006 15:49:00 HS 303 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Zubehör\Eingabehilfen\desktop.ini
30.01.2006 15:49:00 HS 84 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Zubehör\Unterhaltungsmedien\desktop.ini
30.01.2006 22:47:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\170ae4ed-dd88-4e6a-99b2-4d864c76e939
30.01.2006 22:47:20 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
30.01.2006 19:24:14 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\65416408-ac0f-4718-bbac-1e7212bdf9bb
30.01.2006 19:24:14 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
30.01.2006 20:00:14 RHS 13695 C:\WINDOWS\system32\Restore\filelist.xml
30.01.2006 20:29:30 H 6 C:\WINDOWS\Tasks\SA.DAT
30.01.2006 22:35:16 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\549SF5GB\desktop.ini
31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JGXP1H5F\desktop.ini
31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QFZA9PIF\desktop.ini
31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\VHCLMU0B\desktop.ini
30.01.2006 22:35:16 HS 113 C:\WINDOWS\Temp\Verlauf\History.IE5\desktop.ini

Checking for CPL files...
Microsoft Corporation 18.08.2001 13:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 18.08.2001 13:00:00 563712 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 18.08.2001 13:00:00 133120 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 18.08.2001 13:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 18.08.2001 13:00:00 295936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 18.08.2001 13:00:00 123392 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 29.08.2002 03:41:00 66560 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 18.08.2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 18.08.2001 13:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 18.08.2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 18.08.2001 13:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
10.12.2005 03:06:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 18.08.2001 13:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 18.08.2001 13:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 18.08.2001 13:00:00 275456 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 18.08.2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 18.08.2001 13:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 18.08.2001 13:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 18.08.2001 13:00:00 563712 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 18.08.2001 13:00:00 133120 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 18.08.2001 13:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 18.08.2001 13:00:00 295936 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 18.08.2001 13:00:00 123392 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 29.08.2002 03:41:00 66560 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 18.08.2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 18.08.2001 13:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 18.08.2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 18.08.2001 13:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 18.08.2001 13:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 18.08.2001 13:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 18.08.2001 13:00:00 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 18.08.2001 13:00:00 275456 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 18.08.2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 18.08.2001 13:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
31.01.2006 02:14:46 1737 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
30.01.2006 15:49:00 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
01.11.2001 17:39:58 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
30.01.2006 15:49:00 HS 84 C:\Dokumente und Einstellungen\Robert\Startmenü\Programme\Autostart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
01.11.2001 17:39:58 HS 62 C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2006\sdshelex.dll"
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2006\sdshelex.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}
ButtonText = ICQ Lite : C:\Programme\ICQLite\ICQLite.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgnt
hkey HKLM
command "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgnt
hkey HKLM
command "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\System32\ctfmon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\System32\ctfmon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DXDllRegExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dxdllreg
hkey HKLM
command C:\WINDOWS\System32\dxdllreg.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dxdllreg
hkey HKLM
command C:\WINDOWS\System32\dxdllreg.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ Lite
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command C:\Programme\ICQLite\ICQLite.exe -minimize
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command C:\Programme\ICQLite\ICQLite.exe -minimize
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Programme\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Programme\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\myupdates
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvMcTray
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvMcTray
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PayTime
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item paytime
hkey HKLM
command C:\WINDOWS\System32\paytime.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item paytime
hkey HKLM
command C:\WINDOWS\System32\paytime.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TeaTimer
hkey HKCU
command C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TeaTimer
hkey HKCU
command C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\STYLEXP
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item StyleXP
hkey HKCU
command C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item StyleXP
hkey HKCU
command C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysban
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban4
hkey HKLM
command c:\windows\winsysban4.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban4
hkey HKLM
command c:\windows\winsysban4.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysupd
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 31.01.2006 15:03:59

31.01.2006, 15:53

Sabina

Ehrenmitglied

Beiträge: 29434

#13 das muss noch raus:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\myupdates

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PayTime
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item paytime
hkey HKLM
command C:\WINDOWS\System32\paytime.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item paytime
hkey HKLM
command C:\WINDOWS\System32\paytime.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysban
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban4
hkey HKLM
command c:\windows\winsysban4.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban4
hkey HKLM
command c:\windows\winsysban4.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysupd

dann PC neustarten !!!!!
---------------------------------------------------------
Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

scanne mit ewido und kopiere den scanreport
http://virus-protect.org/ewido.html
-----------------------------------------------------
__________
MfG Sabina

rund um die PC-Sicherheit

31.01.2006, 16:26

Dantohr

...neu hier

Themenstarter

Beiträge: 10

#14 ich würde ja gerne den scanreport kopieren!
aber es gibt keinen!er hat nichts gefunden!
und das mein explorer von alleine aufgeht und mir seiten zeigt ist auch verschwunden!
heisst das das ich wieder frei von spyware bin?
aber an dieser stelle möchte ich schonmal ein RIESEN DANKESCHÖN abgeben!

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1