spyware.look2me verdachtThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
31.01.2006, 00:33
...neu hier
Beiträge: 10 |
||
|
||
31.01.2006, 01:01
Ehrenmitglied
Beiträge: 29434 |
#2
ja...das ist look2me
stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.01.2006, 01:14
...neu hier
Themenstarter Beiträge: 10 |
#3
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6897-6E98 Verzeichnis von C:\WINDOWS\system32 31.01.2006 01:06 43.310 nvapps.xml 31.01.2006 01:06 234.803 __delete_on_reboot__guard.tmp 31.01.2006 00:17 234.803 __delete_on_reboot__momtapi.dll 31.01.2006 00:16 234.803 m6nqlg5516.dll 30.01.2006 23:22 234.803 enj8l11u1.dll 30.01.2006 23:17 236.354 ennql1551.dll 30.01.2006 20:56 236.198 lt4027hmg.dll 30.01.2006 19:33 12.980 wpa.bak 30.01.2006 19:33 12.980 wpa.dbl 30.01.2006 19:30 4.265 paytime.exe 30.01.2006 18:12 311.740 perfh009.dat 30.01.2006 18:12 40.128 perfc009.dat 30.01.2006 18:12 316.924 perfh007.dat 30.01.2006 18:12 723.744 PerfStringBackup.INI 30.01.2006 18:12 48.354 perfc007.dat 30.01.2006 15:55 25.065 wmpscheme.xml 30.01.2006 15:52 90.296 FNTCACHE.DAT 30.01.2006 15:51 324 $winnt$.inf 30.01.2006 15:48 2.951 CONFIG.NT 30.01.2006 15:48 16.832 amcompat.tlb 30.01.2006 15:48 23.392 nscompat.tlb 30.01.2006 15:47 488 WindowsLogon.manifest 30.01.2006 15:47 488 logonui.exe.manifest 30.01.2006 15:47 749 nwc.cpl.manifest 30.01.2006 15:47 749 wuaucpl.cpl.manifest 30.01.2006 15:47 749 ncpa.cpl.manifest 30.01.2006 15:47 749 cdplayer.exe.manifest 30.01.2006 15:47 749 sapi.cpl.manifest 30.01.2006 15:46 21.740 emptyregdb.dat 18.01.2006 13:05 57.344 avsda.dll |
|
|
||
31.01.2006, 01:16
Ehrenmitglied
Beiträge: 29434 |
#4
poste bitte noch die anderen drei Logs
Zitat C:\WINDOWS\system32\__delete_on_reboot__guard.tmp __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.01.2006, 01:16
...neu hier
Themenstarter Beiträge: 10 |
#5
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6897-6E98 Verzeichnis von C:\DOKUME~1\Robert\LOKALE~1\Temp Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 6897-6E98 Verzeichnis von C:\WINDOWS 31.01.2006 00:25 310.441 WindowsUpdate.log 31.01.2006 00:18 0 0.log 31.01.2006 00:17 2.048 bootstat.dat 30.01.2006 23:16 504 win.ini 30.01.2006 23:16 277 system.ini 30.01.2006 22:53 79.892 DirectX.log 30.01.2006 22:50 623.949 setupapi.log 30.01.2006 22:25 178.482 setupact.log 30.01.2006 20:21 27.973 xpsp1hfm.log 30.01.2006 20:21 46.308 comsetup.log 30.01.2006 20:21 43.535 tsoc.log 30.01.2006 20:21 31.431 KB828741.log 30.01.2006 20:21 1.374 imsins.log 30.01.2006 20:21 15.241 iis6.log 30.01.2006 20:21 26.331 ntdtcsetup.log 30.01.2006 20:21 5.426 msgsocm.log 30.01.2006 20:21 4.245 ocmsn.log 30.01.2006 20:21 50.017 ocgen.log 30.01.2006 20:21 104.275 FaxSetup.log 30.01.2006 20:20 1.374 imsins.BAK 30.01.2006 20:20 28.290 KB835732.log 30.01.2006 20:17 17.306 Q329834.log 30.01.2006 20:16 19.961 KB823559.log 30.01.2006 20:15 16.948 Q329048.log 30.01.2006 20:15 17.104 KB834707-IE6-20040929.115007.log 30.01.2006 20:14 14.504 Q810577.log 30.01.2006 20:13 11.383 Q810833.log 30.01.2006 20:12 8.144 Q811630.log 30.01.2006 20:11 7.151 Q329441.log 30.01.2006 20:10 6.799 Q817606.log 30.01.2006 20:09 4.694 Q329170.log 30.01.2006 20:07 1.613 Q329115.log 30.01.2006 20:07 1.254 Q329390.log 30.01.2006 20:07 961 Q323255.log 30.01.2006 20:02 6.689 KB842773.log 30.01.2006 19:32 0 winsysupd41.dat 30.01.2006 19:32 0 myupdates1.dat 30.01.2006 19:32 52.480 myupdates.exe 30.01.2006 19:32 19.968 winsysban4.exe 30.01.2006 19:32 43 drsmartload2.dat 30.01.2006 19:31 11.264 winsysupd4.exe 30.01.2006 19:31 10.112 toolbar.exe 30.01.2006 19:29 0 uniq 30.01.2006 18:58 264 nsw.log 30.01.2006 18:56 8.106 Windows Update.log 30.01.2006 15:55 820 OEWABLog.txt 30.01.2006 15:52 8.192 REGLOCS.OLD 30.01.2006 15:48 0 control.ini 30.01.2006 15:48 299.552 WMSysPrx.prx 30.01.2006 15:48 4.161 ODBCINST.INI 30.01.2006 15:47 749 WindowsShell.Manifest 30.01.2006 15:45 37 vbaddin.ini 30.01.2006 15:45 36 vb.ini 30.01.2006 15:45 128 DtcInstall.log 30.01.2006 15:45 1.060 sessmgr.setup.log 21.09.2002 20:13 10.752 hh.exe 01.11.2001 17:43 50 wiaservc.log 01.11.2001 17:43 509 wiadebug.log 01.11.2001 17:43 0 Sti_Trace.log 01.11.2001 17:40 1.348 regopt.log 01.11.2001 17:39 0 setuperr.log Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 6897-6E98 Verzeichnis von C:\ 31.01.2006 01:15 0 sys.txt 31.01.2006 01:15 4.761 system.txt 31.01.2006 01:14 134 systemtemp.txt 31.01.2006 01:11 85.817 system32.txt 31.01.2006 00:17 1.207.959.552 pagefile.sys 30.01.2006 23:16 194 boot.ini 30.01.2006 22:54 194 BOOT.BKK 30.01.2006 15:48 0 MSDOS.SYS 30.01.2006 15:48 0 AUTOEXEC.BAT 30.01.2006 15:48 0 IO.SYS 30.01.2006 15:48 0 CONFIG.SYS 18.08.2001 13:00 4.952 bootfont.bin 18.08.2001 13:00 45.124 NTDETECT.COM 18.08.2001 13:00 224.032 ntldr 14 Datei(en) 1.208.324.760 Bytes 0 Verzeichnis(se), 33.529.356.288 Bytes frei |
|
|
||
31.01.2006, 01:21
...neu hier
Themenstarter Beiträge: 10 |
#6
ich sehe gerade das da ein paar sachen rot sind!
soll ich die jetzt löschen? sorry wegen der dummen frage aber ich kenn mich absolut nicht aus! aber trotzdem schonmal DANKE |
|
|
||
31.01.2006, 01:22
Ehrenmitglied
Beiträge: 29434 |
#7
Zitat Sabina postete __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.01.2006, 01:34
...neu hier
Themenstarter Beiträge: 10 |
#8
L2MFIX find log 010406
These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\guard.tmp" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\m6nqlg5516.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{67B350C4-F74B-49D2-CC12-8A430CBA5674}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f�r Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn�pfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension" "{1902D49F-0E59-4E7D-A618-86522A811D59}"="" "{41C71EB7-F48B-46F6-B937-64ACEB3B9837}"="" "{998FD9F6-AA7E-4C3B-AF66-DBB16EF51DBB}"="" "{479F05EE-6882-4E56-A065-6433E423DA6A}"="" "{8DB15D87-AE95-4371-B474-306503F99C90}"="" "{743326B4-D5EF-4662-A4B3-DF90AEC32AFA}"="" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{085A0429-7DCC-4D13-8E9F-70DF1DF1B36E}"="" "{5AF7C328-742F-4862-A63A-705241FFA472}"="" "{0432A81D-7703-4955-87C6-B6AF7776F881}"="" "{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}"="" "{E94F8A68-42C3-4052-A642-008572461AE2}"="" "{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}"="" "{6DE346AC-D107-44B0-A270-C13C96120E7D}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}] @="" [HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}\InprocServer32] @="C:\\WINDOWS\\system32\\bwowselc.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}] @="" [HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}\InprocServer32] @="C:\\WINDOWS\\system32\\nwtman.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}] @="" [HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}\InprocServer32] @="C:\\WINDOWS\\system32\\momtapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}] @="" [HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}] @="" [HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ avsda.dll Wed 18 Jan 2006 13:05:54 A.... 57.344 56,00 K legitc~1.dll Thu 12 Jan 2006 11:32:12 A.... 543.496 530,76 K nv4_disp.dll Sat 10 Dec 2005 3:06:00 A.... 3.955.456 3,77 M nvapi.dll Sat 10 Dec 2005 3:06:00 A.... 110.592 108,00 K nvcod.dll Sat 10 Dec 2005 3:06:00 A.... 35.840 35,00 K nvcodins.dll Sat 10 Dec 2005 3:06:00 A.... 35.840 35,00 K nvcpl.dll Sat 10 Dec 2005 3:06:00 A.... 7.311.360 6,97 M nvhwvid.dll Sat 10 Dec 2005 3:06:00 A.... 573.440 560,00 K nview.dll Sat 10 Dec 2005 3:06:00 A.... 1.466.368 1,40 M nvmccs.dll Sat 10 Dec 2005 3:06:00 A.... 229.376 224,00 K nvmccsrs.dll Sat 10 Dec 2005 3:06:00 A.... 45.056 44,00 K nvmctray.dll Sat 10 Dec 2005 3:06:00 A.... 86.016 84,00 K nvnt4cpl.dll Sat 10 Dec 2005 3:06:00 A.... 286.720 280,00 K nvoglnt.dll Sat 10 Dec 2005 3:06:00 A.... 5.402.624 5,15 M nvrsar.dll Sat 10 Dec 2005 3:06:00 A.... 319.488 312,00 K nvrscs.dll Sat 10 Dec 2005 3:06:00 A.... 241.664 236,00 K nvrsda.dll Sat 10 Dec 2005 3:06:00 A.... 245.760 240,00 K nvrsde.dll Sat 10 Dec 2005 3:06:00 A.... 270.336 264,00 K nvrsel.dll Sat 10 Dec 2005 3:06:00 A.... 274.432 268,00 K nvrseng.dll Sat 10 Dec 2005 3:06:00 A.... 241.664 236,00 K nvrses.dll Sat 10 Dec 2005 3:06:00 A.... 274.432 268,00 K nvrsesm.dll Sat 10 Dec 2005 3:06:00 A.... 266.240 260,00 K nvrsfi.dll Sat 10 Dec 2005 3:06:00 A.... 241.664 236,00 K nvrsfr.dll Sat 10 Dec 2005 3:06:00 A.... 278.528 272,00 K nvrshe.dll Sat 10 Dec 2005 3:06:00 A.... 319.488 312,00 K nvrshu.dll Sat 10 Dec 2005 3:06:00 A.... 253.952 248,00 K nvrsit.dll Sat 10 Dec 2005 3:06:00 A.... 274.432 268,00 K nvrsja.dll Sat 10 Dec 2005 3:06:00 A.... 258.048 252,00 K nvrsko.dll Sat 10 Dec 2005 3:06:00 A.... 253.952 248,00 K nvrsnl.dll Sat 10 Dec 2005 3:06:00 A.... 266.240 260,00 K nvrsno.dll Sat 10 Dec 2005 3:06:00 A.... 249.856 244,00 K nvrspl.dll Sat 10 Dec 2005 3:06:00 A.... 249.856 244,00 K nvrspt.dll Sat 10 Dec 2005 3:06:00 A.... 266.240 260,00 K nvrsptb.dll Sat 10 Dec 2005 3:06:00 A.... 262.144 256,00 K nvrsru.dll Sat 10 Dec 2005 3:06:00 A.... 262.144 256,00 K nvrssk.dll Sat 10 Dec 2005 3:06:00 A.... 249.856 244,00 K nvrssl.dll Sat 10 Dec 2005 3:06:00 A.... 249.856 244,00 K nvrssv.dll Sat 10 Dec 2005 3:06:00 A.... 245.760 240,00 K nvrstr.dll Sat 10 Dec 2005 3:06:00 A.... 249.856 244,00 K nvrszhc.dll Sat 10 Dec 2005 3:06:00 A.... 217.088 212,00 K nvrszht.dll Sat 10 Dec 2005 3:06:00 A.... 118.784 116,00 K nvshell.dll Sat 10 Dec 2005 3:06:00 A.... 466.944 456,00 K nvwddi.dll Sat 10 Dec 2005 3:06:00 A.... 81.920 80,00 K nvwdmcpl.dll Sat 10 Dec 2005 3:06:00 A.... 1.662.976 1,59 M nvwimg.dll Sat 10 Dec 2005 3:06:00 A.... 1.019.904 996,00 K nvwrsar.dll Sat 10 Dec 2005 3:06:00 A.... 282.624 276,00 K nvwrscs.dll Sat 10 Dec 2005 3:06:00 A.... 286.720 280,00 K nvwrsda.dll Sat 10 Dec 2005 3:06:00 A.... 294.912 288,00 K nvwrsde.dll Sat 10 Dec 2005 3:06:00 A.... 311.296 304,00 K nvwrsel.dll Sat 10 Dec 2005 3:06:00 A.... 335.872 328,00 K nvwrseng.dll Sat 10 Dec 2005 3:06:00 A.... 286.720 280,00 K nvwrses.dll Sat 10 Dec 2005 3:06:00 A.... 335.872 328,00 K nvwrsesm.dll Sat 10 Dec 2005 3:06:00 A.... 327.680 320,00 K nvwrsfi.dll Sat 10 Dec 2005 3:06:00 A.... 303.104 296,00 K nvwrsfr.dll Sat 10 Dec 2005 3:06:00 A.... 327.680 320,00 K nvwrshe.dll Sat 10 Dec 2005 3:06:00 A.... 278.528 272,00 K nvwrshu.dll Sat 10 Dec 2005 3:06:00 A.... 315.392 308,00 K nvwrsit.dll Sat 10 Dec 2005 3:06:00 A.... 323.584 316,00 K nvwrsja.dll Sat 10 Dec 2005 3:06:00 A.... 212.992 208,00 K nvwrsko.dll Sat 10 Dec 2005 3:06:00 A.... 196.608 192,00 K nvwrsnl.dll Sat 10 Dec 2005 3:06:00 A.... 319.488 312,00 K nvwrsno.dll Sat 10 Dec 2005 3:06:00 A.... 299.008 292,00 K nvwrspl.dll Sat 10 Dec 2005 3:06:00 A.... 294.912 288,00 K nvwrspt.dll Sat 10 Dec 2005 3:06:00 A.... 323.584 316,00 K nvwrsptb.dll Sat 10 Dec 2005 3:06:00 A.... 319.488 312,00 K nvwrsru.dll Sat 10 Dec 2005 3:06:00 A.... 315.392 308,00 K nvwrssk.dll Sat 10 Dec 2005 3:06:00 A.... 299.008 292,00 K nvwrssl.dll Sat 10 Dec 2005 3:06:00 A.... 303.104 296,00 K nvwrssv.dll Sat 10 Dec 2005 3:06:00 A.... 294.912 288,00 K nvwrstr.dll Sat 10 Dec 2005 3:06:00 A.... 303.104 296,00 K nvwrszhc.dll Sat 10 Dec 2005 3:06:00 A.... 163.840 160,00 K nvwrszht.dll Sat 10 Dec 2005 3:06:00 A.... 167.936 164,00 K __dele~1.dll Tue 31 Jan 2006 1:28:42 A.... 234.803 229,30 K 73 items found: 73 files, 0 directories. Total of file sizes: 38.331.195 bytes 36,55 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Tue 31 Jan 2006 1:27:00 ..S.R 234.803 229,30 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 234.803 bytes 229,30 K ********************************************************************************** Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 6897-6E98 Verzeichnis von C:\WINDOWS\System32 31.01.2006 01:26 234.803 guard.tmp 30.01.2006 22:49 <DIR> dllcache 30.01.2006 19:24 <DIR> Microsoft 1 Datei(en) 234.803 Bytes 2 Verzeichnis(se), 33.524.420.608 Bytes frei L2mfix 010406 Creating Account. Der Befehl wurde erfolgreich ausgef�hrt. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 472 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 544 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1316 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1432 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administratoren ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 1 Datei(en) kopiert. 1 Datei(en) kopiert. Deleting: C:\WINDOWS\system32\__delete_on_reboot__padgen.dll Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__padgen.dll Deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp msg11?.dll 0 Datei(en) kopiert. Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\guard.tmp" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\m6nqlg5516.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** C:\WINDOWS\system32\__delete_on_reboot__padgen.dll C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}] @="" [HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}\InprocServer32] @="C:\\WINDOWS\\system32\\bwowselc.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}] @="" [HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}\InprocServer32] @="C:\\WINDOWS\\system32\\nwtman.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}] @="" [HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}\InprocServer32] @="C:\\WINDOWS\\system32\\momtapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}] @="" [HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}] @="" [HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{1902D49F-0E59-4E7D-A618-86522A811D59}"=- "{41C71EB7-F48B-46F6-B937-64ACEB3B9837}"=- "{998FD9F6-AA7E-4C3B-AF66-DBB16EF51DBB}"=- "{479F05EE-6882-4E56-A065-6433E423DA6A}"=- "{8DB15D87-AE95-4371-B474-306503F99C90}"=- "{743326B4-D5EF-4662-A4B3-DF90AEC32AFA}"=- "{085A0429-7DCC-4D13-8E9F-70DF1DF1B36E}"=- "{5AF7C328-742F-4862-A63A-705241FFA472}"=- "{0432A81D-7703-4955-87C6-B6AF7776F881}"=- "{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}"=- "{E94F8A68-42C3-4052-A642-008572461AE2}"=- "{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}"=- "{6DE346AC-D107-44B0-A270-C13C96120E7D}"=- [-HKEY_CLASSES_ROOT\CLSID\{1902D49F-0E59-4E7D-A618-86522A811D59}] [-HKEY_CLASSES_ROOT\CLSID\{41C71EB7-F48B-46F6-B937-64ACEB3B9837}] [-HKEY_CLASSES_ROOT\CLSID\{998FD9F6-AA7E-4C3B-AF66-DBB16EF51DBB}] [-HKEY_CLASSES_ROOT\CLSID\{479F05EE-6882-4E56-A065-6433E423DA6A}] [-HKEY_CLASSES_ROOT\CLSID\{8DB15D87-AE95-4371-B474-306503F99C90}] [-HKEY_CLASSES_ROOT\CLSID\{743326B4-D5EF-4662-A4B3-DF90AEC32AFA}] [-HKEY_CLASSES_ROOT\CLSID\{085A0429-7DCC-4D13-8E9F-70DF1DF1B36E}] [-HKEY_CLASSES_ROOT\CLSID\{5AF7C328-742F-4862-A63A-705241FFA472}] [-HKEY_CLASSES_ROOT\CLSID\{0432A81D-7703-4955-87C6-B6AF7776F881}] [-HKEY_CLASSES_ROOT\CLSID\{6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68}] [-HKEY_CLASSES_ROOT\CLSID\{E94F8A68-42C3-4052-A642-008572461AE2}] [-HKEY_CLASSES_ROOT\CLSID\{1AE4824D-72C1-43A4-85B2-D1AD2D8354BC}] [-HKEY_CLASSES_ROOT\CLSID\{6DE346AC-D107-44B0-A270-C13C96120E7D}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/guard.tmp (164 bytes security) (deflated 5%) adding: dlls/__delete_on_reboot__padgen.dll (164 bytes security) (deflated 5%) adding: backregs/0432A81D-7703-4955-87C6-B6AF7776F881.reg (188 bytes security) (deflated 70%) adding: backregs/1AE4824D-72C1-43A4-85B2-D1AD2D8354BC.reg (188 bytes security) (deflated 70%) adding: backregs/6DE346AC-D107-44B0-A270-C13C96120E7D.reg (188 bytes security) (deflated 70%) adding: backregs/6F1E0C4A-4A95-40FA-AD93-BBD3FA381C68.reg (188 bytes security) (deflated 70%) adding: backregs/E94F8A68-42C3-4052-A642-008572461AE2.reg (188 bytes security) (deflated 70%) adding: backregs/notibac.reg (164 bytes security) (deflated 88%) adding: backregs/shell.reg (164 bytes security) (deflated 73%) Logfile of HijackThis v1.99.1 Scan saved at 01:43:01, on 31.01.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\ewido anti-malware\ewidoctrl.exe C:\Programme\ewido anti-malware\ewidoguard.exe C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Programme\Opera\Opera.exe C:\WINDOWS\System32\wuauclt.exe C:\Dokumente und Einstellungen\Robert\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138647576247 O17 - HKLM\System\CCS\Services\Tcpip\..\{661D2231-48AB-4DD5-87A8-91645DE5EC45}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{661D2231-48AB-4DD5-87A8-91645DE5EC45}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{661D2231-48AB-4DD5-87A8-91645DE5EC45}: NameServer = 192.168.1.1 O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\guard.tmp (file missing) O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\m6nqlg5516.dll (file missing) O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe noch ne dumme frage:wars das jetzt??? Dieser Beitrag wurde am 31.01.2006 um 01:46 Uhr von Dantohr editiert.
|
|
|
||
31.01.2006, 11:24
Ehrenmitglied
Beiträge: 29434 |
#9
Dantohr
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\guard.tmp (file missing) O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\m6nqlg5516.dll (file missing) PC neustarten Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. kopiere hier das Log von Winpfind http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.01.2006, 14:52
...neu hier
Themenstarter Beiträge: 10 |
#10
sorry daqs das ein wenig gedauert hat!
hier mal das log WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Current Build Number: 2600 Internet Explorer Version: 6.0.2600.0000 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... PEC2 18.08.2001 13:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc PTech 12.01.2006 11:32:12 543496 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL UPX! 13.01.2005 21:41:48 11254 C:\WINDOWS\SYSTEM32\locate.com PECompact2 04.01.2006 19:46:40 2836320 C:\WINDOWS\SYSTEM32\MRT.exe aspack 04.01.2006 19:46:40 2836320 C:\WINDOWS\SYSTEM32\MRT.exe Umonitor 18.08.2001 13:00:00 659456 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 20.01.2005 13:47:50 175616 C:\WINDOWS\SYSTEM32\strings.exe winsync 18.08.2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 31.01.2006 14:45:06 S 2048 C:\WINDOWS\bootstat.dat 30.01.2006 15:47:34 RH 749 C:\WINDOWS\WindowsShell.Manifest 30.01.2006 15:47:42 H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini 30.01.2006 15:48:30 HS 67 C:\WINDOWS\Fonts\desktop.ini 30.01.2006 20:00:08 H 0 C:\WINDOWS\inf\oem2.inf 30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxbda.inf 30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxbda.PNF 30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxdllreg.inf 30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxdllreg.PNF 30.01.2006 22:48:52 H 0 C:\WINDOWS\LastGood\INF\dxxp.inf 30.01.2006 22:48:52 H 0 C:\WINDOWS\LastGood\INF\dxxp.PNF 30.01.2006 20:15:42 H 0 C:\WINDOWS\LastGood\INF\js56nde.inf 30.01.2006 20:15:42 H 0 C:\WINDOWS\LastGood\INF\js56nde.PNF 30.01.2006 20:07:06 H 0 C:\WINDOWS\LastGood\INF\oem3.inf 30.01.2006 20:07:06 H 0 C:\WINDOWS\LastGood\INF\oem3.PNF 30.01.2006 22:48:08 H 0 C:\WINDOWS\LastGood\INF\oem4.inf 30.01.2006 22:48:08 H 0 C:\WINDOWS\LastGood\INF\oem4.PNF 30.01.2006 20:00:08 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem2.inf 30.01.2006 20:00:08 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem2.PNF 30.01.2006 20:02:02 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem3.inf 30.01.2006 20:02:02 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF 30.01.2006 15:47:42 H 65 C:\WINDOWS\Offline Web Pages\desktop.ini 30.01.2006 15:48:06 RHS 243468 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_1.cab 30.01.2006 15:48:06 RHS 20293 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_2.cab 30.01.2006 15:48:06 RHS 765 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_3.cab 30.01.2006 15:49:06 H 237568 C:\WINDOWS\repair\ntuser.dat 30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest 30.01.2006 15:47:42 RH 488 C:\WINDOWS\system32\logonui.exe.manifest 30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest 30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\nwc.cpl.manifest 30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\sapi.cpl.manifest 30.01.2006 15:47:42 RH 488 C:\WINDOWS\system32\WindowsLogon.manifest 30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest 14.12.2005 02:31:24 S 22345 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT 31.01.2006 14:48:46 H 1024 C:\WINDOWS\system32\config\default.LOG 31.01.2006 14:45:12 H 1024 C:\WINDOWS\system32\config\SAM.LOG 31.01.2006 14:46:28 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 31.01.2006 14:50:58 H 1024 C:\WINDOWS\system32\config\software.LOG 31.01.2006 14:47:34 H 1024 C:\WINDOWS\system32\config\system.LOG 30.01.2006 20:21:32 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\desktop.ini 30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\desktop.ini 30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2FIHGNEV\desktop.ini 30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KJU3EVCN\desktop.ini 30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O32LEJ29\desktop.ini 30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SPYN0PQF\desktop.ini 30.01.2006 15:48:10 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\desktop.ini 30.01.2006 15:48:10 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\desktop.ini 30.01.2006 15:47:44 HS 187 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini 30.01.2006 15:49:00 HS 208 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\desktop.ini 30.01.2006 15:49:00 HS 84 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\desktop.ini 30.01.2006 15:49:00 HS 495 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Zubehör\desktop.ini 30.01.2006 15:49:00 HS 303 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Zubehör\Eingabehilfen\desktop.ini 30.01.2006 15:49:00 HS 84 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Zubehör\Unterhaltungsmedien\desktop.ini 30.01.2006 22:47:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\170ae4ed-dd88-4e6a-99b2-4d864c76e939 30.01.2006 22:47:20 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred 30.01.2006 19:24:14 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\65416408-ac0f-4718-bbac-1e7212bdf9bb 30.01.2006 19:24:14 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 30.01.2006 20:00:14 RHS 13695 C:\WINDOWS\system32\Restore\filelist.xml 30.01.2006 20:29:30 H 6 C:\WINDOWS\Tasks\SA.DAT 30.01.2006 22:35:16 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini 31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\549SF5GB\desktop.ini 31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JGXP1H5F\desktop.ini 31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QFZA9PIF\desktop.ini 31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\VHCLMU0B\desktop.ini 30.01.2006 22:35:16 HS 113 C:\WINDOWS\Temp\Verlauf\History.IE5\desktop.ini Checking for CPL files... Microsoft Corporation 18.08.2001 13:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 18.08.2001 13:00:00 563712 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 18.08.2001 13:00:00 133120 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 18.08.2001 13:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 18.08.2001 13:00:00 295936 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 18.08.2001 13:00:00 123392 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 29.08.2002 03:41:00 66560 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 18.08.2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 18.08.2001 13:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 18.08.2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 18.08.2001 13:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl 10.12.2005 03:06:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 18.08.2001 13:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 18.08.2001 13:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 18.08.2001 13:00:00 275456 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 18.08.2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 18.08.2001 13:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 18.08.2001 13:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 18.08.2001 13:00:00 563712 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl Microsoft Corporation 18.08.2001 13:00:00 133120 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl Microsoft Corporation 18.08.2001 13:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 18.08.2001 13:00:00 295936 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 18.08.2001 13:00:00 123392 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl Microsoft Corporation 29.08.2002 03:41:00 66560 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation 18.08.2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 18.08.2001 13:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation 18.08.2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 18.08.2001 13:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 18.08.2001 13:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 18.08.2001 13:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation 18.08.2001 13:00:00 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl Microsoft Corporation 18.08.2001 13:00:00 275456 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl Microsoft Corporation 18.08.2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 18.08.2001 13:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 31.01.2006 02:14:46 1737 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk 30.01.2006 15:49:00 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 01.11.2001 17:39:58 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini Checking files in %USERPROFILE%\Startup folder... 30.01.2006 15:49:00 HS 84 C:\Dokumente und Einstellungen\Robert\Startmenü\Programme\Autostart\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 01.11.2001 17:39:58 HS 62 C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\desktop.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2006\sdshelex.dll" HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2006\sdshelex.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9} ButtonText = ICQ Lite : C:\Programme\ICQLite\ICQLite.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} Media Band = %SystemRoot%\System32\browseui.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item avgnt hkey HKLM command "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item avgnt hkey HKLM command "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ctfmon hkey HKCU command C:\WINDOWS\System32\ctfmon.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ctfmon hkey HKCU command C:\WINDOWS\System32\ctfmon.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DXDllRegExe key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dxdllreg hkey HKLM command C:\WINDOWS\System32\dxdllreg.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dxdllreg hkey HKLM command C:\WINDOWS\System32\dxdllreg.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ Lite key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ICQLite hkey HKLM command C:\Programme\ICQLite\ICQLite.exe -minimize inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ICQLite hkey HKLM command C:\Programme\ICQLite\ICQLite.exe -minimize inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item msmsgs hkey HKCU command "C:\Programme\Messenger\msmsgs.exe" /background inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item msmsgs hkey HKCU command "C:\Programme\Messenger\msmsgs.exe" /background inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\myupdates key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item myupdates hkey HKLM command c:\windows\myupdates.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item myupdates hkey HKLM command c:\windows\myupdates.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NvCpl hkey HKLM command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NvCpl hkey HKLM command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NvMcTray hkey HKLM command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NvMcTray hkey HKLM command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item nwiz hkey HKLM command nwiz.exe /install inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item nwiz hkey HKLM command nwiz.exe /install inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PayTime key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item paytime hkey HKLM command C:\WINDOWS\System32\paytime.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item paytime hkey HKLM command C:\WINDOWS\System32\paytime.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TeaTimer hkey HKCU command C:\Programme\Spybot - Search & Destroy\TeaTimer.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TeaTimer hkey HKCU command C:\Programme\Spybot - Search & Destroy\TeaTimer.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkey HKCU command inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkey HKCU command inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\STYLEXP key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item StyleXP hkey HKCU command C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item StyleXP hkey HKCU command C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysban key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item winsysban4 hkey HKLM command c:\windows\winsysban4.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item winsysban4 hkey HKLM command c:\windows\winsysban4.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysupd key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item winsysupd4 hkey HKLM command c:\windows\winsysupd4.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item winsysupd4 hkey HKLM command c:\windows\winsysupd4.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 31.01.2006 14:51:37 |
|
|
||
31.01.2006, 14:58
Ehrenmitglied
Beiträge: 29434 |
#11
gehe in die Registry
Start-->Ausfuehren--> regedit bearbeiten--> suchen--> myupdates.exe myupdates winsysupd4.exe winsysupd winsysban4.exe winsysban loesche alles, was du findest dann kopiere das neue Log von winpfind __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.01.2006, 15:06
...neu hier
Themenstarter Beiträge: 10 |
#12
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Current Build Number: 2600 Internet Explorer Version: 6.0.2600.0000 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... PEC2 18.08.2001 13:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc PTech 12.01.2006 11:32:12 543496 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL UPX! 13.01.2005 21:41:48 11254 C:\WINDOWS\SYSTEM32\locate.com PECompact2 04.01.2006 19:46:40 2836320 C:\WINDOWS\SYSTEM32\MRT.exe aspack 04.01.2006 19:46:40 2836320 C:\WINDOWS\SYSTEM32\MRT.exe Umonitor 18.08.2001 13:00:00 659456 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 20.01.2005 13:47:50 175616 C:\WINDOWS\SYSTEM32\strings.exe winsync 18.08.2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 31.01.2006 14:45:06 S 2048 C:\WINDOWS\bootstat.dat 30.01.2006 15:47:34 RH 749 C:\WINDOWS\WindowsShell.Manifest 30.01.2006 15:47:42 H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini 30.01.2006 15:48:30 HS 67 C:\WINDOWS\Fonts\desktop.ini 30.01.2006 20:00:08 H 0 C:\WINDOWS\inf\oem2.inf 30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxbda.inf 30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxbda.PNF 30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxdllreg.inf 30.01.2006 22:49:44 H 0 C:\WINDOWS\LastGood\INF\dxdllreg.PNF 30.01.2006 22:48:52 H 0 C:\WINDOWS\LastGood\INF\dxxp.inf 30.01.2006 22:48:52 H 0 C:\WINDOWS\LastGood\INF\dxxp.PNF 30.01.2006 20:15:42 H 0 C:\WINDOWS\LastGood\INF\js56nde.inf 30.01.2006 20:15:42 H 0 C:\WINDOWS\LastGood\INF\js56nde.PNF 30.01.2006 20:07:06 H 0 C:\WINDOWS\LastGood\INF\oem3.inf 30.01.2006 20:07:06 H 0 C:\WINDOWS\LastGood\INF\oem3.PNF 30.01.2006 22:48:08 H 0 C:\WINDOWS\LastGood\INF\oem4.inf 30.01.2006 22:48:08 H 0 C:\WINDOWS\LastGood\INF\oem4.PNF 30.01.2006 20:00:08 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem2.inf 30.01.2006 20:00:08 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem2.PNF 30.01.2006 20:02:02 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem3.inf 30.01.2006 20:02:02 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF 30.01.2006 15:47:42 H 65 C:\WINDOWS\Offline Web Pages\desktop.ini 30.01.2006 15:48:06 RHS 243468 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_1.cab 30.01.2006 15:48:06 RHS 20293 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_2.cab 30.01.2006 15:48:06 RHS 765 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_3.cab 30.01.2006 15:49:06 H 237568 C:\WINDOWS\repair\ntuser.dat 30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest 30.01.2006 15:47:42 RH 488 C:\WINDOWS\system32\logonui.exe.manifest 30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest 30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\nwc.cpl.manifest 30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\sapi.cpl.manifest 30.01.2006 15:47:42 RH 488 C:\WINDOWS\system32\WindowsLogon.manifest 30.01.2006 15:47:34 RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest 14.12.2005 02:31:24 S 22345 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT 31.01.2006 14:48:46 H 1024 C:\WINDOWS\system32\config\default.LOG 31.01.2006 14:45:12 H 1024 C:\WINDOWS\system32\config\SAM.LOG 31.01.2006 14:46:28 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 31.01.2006 15:02:20 H 1024 C:\WINDOWS\system32\config\software.LOG 31.01.2006 14:47:34 H 1024 C:\WINDOWS\system32\config\system.LOG 30.01.2006 20:21:32 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\desktop.ini 30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\desktop.ini 30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2FIHGNEV\desktop.ini 30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KJU3EVCN\desktop.ini 30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O32LEJ29\desktop.ini 30.01.2006 15:48:10 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SPYN0PQF\desktop.ini 30.01.2006 15:48:10 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\desktop.ini 30.01.2006 15:48:10 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\desktop.ini 30.01.2006 15:47:44 HS 187 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini 30.01.2006 15:49:00 HS 208 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\desktop.ini 30.01.2006 15:49:00 HS 84 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\desktop.ini 30.01.2006 15:49:00 HS 495 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Zubehör\desktop.ini 30.01.2006 15:49:00 HS 303 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Zubehör\Eingabehilfen\desktop.ini 30.01.2006 15:49:00 HS 84 C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Zubehör\Unterhaltungsmedien\desktop.ini 30.01.2006 22:47:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\170ae4ed-dd88-4e6a-99b2-4d864c76e939 30.01.2006 22:47:20 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred 30.01.2006 19:24:14 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\65416408-ac0f-4718-bbac-1e7212bdf9bb 30.01.2006 19:24:14 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 30.01.2006 20:00:14 RHS 13695 C:\WINDOWS\system32\Restore\filelist.xml 30.01.2006 20:29:30 H 6 C:\WINDOWS\Tasks\SA.DAT 30.01.2006 22:35:16 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini 31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\549SF5GB\desktop.ini 31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JGXP1H5F\desktop.ini 31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QFZA9PIF\desktop.ini 31.01.2006 01:27:14 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\VHCLMU0B\desktop.ini 30.01.2006 22:35:16 HS 113 C:\WINDOWS\Temp\Verlauf\History.IE5\desktop.ini Checking for CPL files... Microsoft Corporation 18.08.2001 13:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 18.08.2001 13:00:00 563712 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 18.08.2001 13:00:00 133120 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 18.08.2001 13:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 18.08.2001 13:00:00 295936 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 18.08.2001 13:00:00 123392 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 29.08.2002 03:41:00 66560 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 18.08.2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 18.08.2001 13:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 18.08.2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 18.08.2001 13:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl 10.12.2005 03:06:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 18.08.2001 13:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 18.08.2001 13:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 18.08.2001 13:00:00 275456 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 18.08.2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 18.08.2001 13:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 18.08.2001 13:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 18.08.2001 13:00:00 563712 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl Microsoft Corporation 18.08.2001 13:00:00 133120 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl Microsoft Corporation 18.08.2001 13:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 18.08.2001 13:00:00 295936 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 18.08.2001 13:00:00 123392 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl Microsoft Corporation 29.08.2002 03:41:00 66560 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation 18.08.2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 18.08.2001 13:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation 18.08.2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 18.08.2001 13:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 18.08.2001 13:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 18.08.2001 13:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation 18.08.2001 13:00:00 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl Microsoft Corporation 18.08.2001 13:00:00 275456 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl Microsoft Corporation 18.08.2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 18.08.2001 13:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 31.01.2006 02:14:46 1737 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk 30.01.2006 15:49:00 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 01.11.2001 17:39:58 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini Checking files in %USERPROFILE%\Startup folder... 30.01.2006 15:49:00 HS 84 C:\Dokumente und Einstellungen\Robert\Startmenü\Programme\Autostart\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 01.11.2001 17:39:58 HS 62 C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\desktop.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2006\sdshelex.dll" HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2006\sdshelex.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9} ButtonText = ICQ Lite : C:\Programme\ICQLite\ICQLite.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} Media Band = %SystemRoot%\System32\browseui.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item avgnt hkey HKLM command "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item avgnt hkey HKLM command "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ctfmon hkey HKCU command C:\WINDOWS\System32\ctfmon.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ctfmon hkey HKCU command C:\WINDOWS\System32\ctfmon.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DXDllRegExe key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dxdllreg hkey HKLM command C:\WINDOWS\System32\dxdllreg.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dxdllreg hkey HKLM command C:\WINDOWS\System32\dxdllreg.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ Lite key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ICQLite hkey HKLM command C:\Programme\ICQLite\ICQLite.exe -minimize inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ICQLite hkey HKLM command C:\Programme\ICQLite\ICQLite.exe -minimize inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item msmsgs hkey HKCU command "C:\Programme\Messenger\msmsgs.exe" /background inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item msmsgs hkey HKCU command "C:\Programme\Messenger\msmsgs.exe" /background inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\myupdates key SOFTWARE\Microsoft\Windows\CurrentVersion\Run hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run hkey HKLM inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NvCpl hkey HKLM command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NvCpl hkey HKLM command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NvMcTray hkey HKLM command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NvMcTray hkey HKLM command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item nwiz hkey HKLM command nwiz.exe /install inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item nwiz hkey HKLM command nwiz.exe /install inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PayTime key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item paytime hkey HKLM command C:\WINDOWS\System32\paytime.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item paytime hkey HKLM command C:\WINDOWS\System32\paytime.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TeaTimer hkey HKCU command C:\Programme\Spybot - Search & Destroy\TeaTimer.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TeaTimer hkey HKCU command C:\Programme\Spybot - Search & Destroy\TeaTimer.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkey HKCU command inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkey HKCU command inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\STYLEXP key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item StyleXP hkey HKCU command C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item StyleXP hkey HKCU command C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysban key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item winsysban4 hkey HKLM command c:\windows\winsysban4.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item winsysban4 hkey HKLM command c:\windows\winsysban4.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysupd key SOFTWARE\Microsoft\Windows\CurrentVersion\Run hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run hkey HKLM inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 31.01.2006 15:03:59 |
|
|
||
31.01.2006, 15:53
Ehrenmitglied
Beiträge: 29434 |
#13
das muss noch raus:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\myupdates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PayTime key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item paytime hkey HKLM command C:\WINDOWS\System32\paytime.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item paytime hkey HKLM command C:\WINDOWS\System32\paytime.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysban key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item winsysban4 hkey HKLM command c:\windows\winsysban4.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item winsysban4 hkey HKLM command c:\windows\winsysban4.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysupd dann PC neustarten !!!!! --------------------------------------------------------- Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. scanne mit ewido und kopiere den scanreport http://virus-protect.org/ewido.html ----------------------------------------------------- __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.01.2006, 16:26
...neu hier
Themenstarter Beiträge: 10 |
#14
ich würde ja gerne den scanreport kopieren!
aber es gibt keinen!er hat nichts gefunden! und das mein explorer von alleine aufgeht und mir seiten zeigt ist auch verschwunden! heisst das das ich wieder frei von spyware bin? aber an dieser stelle möchte ich schonmal ein RIESEN DANKESCHÖN abgeben! |
|
|
||
ich hab xp neu installiert weil ich ein neues motherboard bekommen habe!
und jetzt hab ich das problem das sich immer mein inet explorer öffnet und
das von ganz alleine!
und was sowas angeht hab ich echt keine ahnung!
hier mal das hijackthis logfile:
Logfile of HijackThis v1.99.1
Scan saved at 00:32:09, on 31.01.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Programme\Opera\Opera.exe
C:\Dokumente und Einstellungen\Robert\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138647576247
O17 - HKLM\System\CCS\Services\Tcpip\..\{661D2231-48AB-4DD5-87A8-91645DE5EC45}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{661D2231-48AB-4DD5-87A8-91645DE5EC45}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{661D2231-48AB-4DD5-87A8-91645DE5EC45}: NameServer = 192.168.1.1
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\enj8l11u1.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
bitte helft mir!
MFG
edit:während ich das schrieb öffnete sich wieder eine seite!
und zwar die hier
http://www.hug-ediscounts.com/normal/yyy102.html