Nervende selbstständige Werbe-TABS unter Firefox.Alles beigetragen.

#1 Habe mich so gut es geht im Forum schlau gelesen und hier die hoffentlich richtigen Daten zusammen getragen. Ich hoffe das mir mit meinem Problem geholfen werden kann, denn es ist auf diese weise nicht mehr möglich das Netz zu betreten.
---------------------------------------------------------------------------------
1.)
Logfile of HijackThis v1.99.1
Scan saved at 20:07:42, on 14.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
F:\Programme\Norton AntiVirus\navapsvc.exe
F:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
F:\PROGRA~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
F:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Mario\Desktop\Virenbekämpfung\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
F2 - REG:system.ini: Shell=explorer.exe
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [shell] "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1ADD41A-C5BD-43C7-AC2A-693BD822D015}: NameServer = 192.168.0.1
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\irp2l57o1.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\PROGRA~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
---------------------------------------------------------------------------------
2.)
Combofix hat mir immer nur : "Aktive look2me found" angezeigt. Habe dann im Forum gesucht und so weiter gemacht.

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\enpsl1771.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{EF025FAE-8798-FD00-C4CB-F0FD54F6B429}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f�r Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschaftenseite f�r vorherige Versionen"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorherige Versionen"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn�pfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{93B64C44-26D7-47CC-9CC8-B3DC4C49E25C}"=""
"{8F54626D-1D31-405E-961A-A24FB764D8E8}"=""
"{B182CAC9-ED3A-4FFA-A493-A8215FEEBF87}"=""
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{93B64C44-26D7-47CC-9CC8-B3DC4C49E25C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{93B64C44-26D7-47CC-9CC8-B3DC4C49E25C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{93B64C44-26D7-47CC-9CC8-B3DC4C49E25C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{93B64C44-26D7-47CC-9CC8-B3DC4C49E25C}\InprocServer32]
@="C:\\WINDOWS\\system32\\dbprop.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
dbprop.dll Sat Oct 14 2006 8:55:30p ..... 236,331 230.79 K
nv4_disp.dll Fri Aug 11 2006 9:42:52p A.... 4,496,128 4.29 M
s32evnt1.dll Fri Sep 15 2006 10:52:12p A.... 91,904 89.75 K
nvhwvid.dll Fri Aug 11 2006 9:45:20p A.... 581,632 568.00 K
nvnt4cpl.dll Fri Aug 11 2006 9:43:00p A.... 286,720 280.00 K
nvmccs.dll Fri Aug 11 2006 9:45:22p A.... 229,376 224.00 K
nvdisps.dll Fri Aug 11 2006 9:45:28p A.... 5,611,520 5.35 M
p0r4la~1.dll Sat Oct 7 2006 12:32:16a ..S.R 235,830 230.30 K
lv6q09~1.dll Tue Oct 10 2006 10:58:06p ..S.R 235,852 230.32 K
nvapi.dll Fri Aug 11 2006 9:43:10p A.... 196,608 192.00 K
nview.dll Fri Aug 11 2006 9:43:00p A.... 1,470,464 1.40 M
nvoglnt.dll Fri Aug 11 2006 9:42:58p A.... 5,636,096 5.38 M
nvcpl.dll Fri Aug 11 2006 9:43:02p A.... 7,630,848 7.28 M
nvmctray.dll Fri Aug 11 2006 9:43:04p A.... 86,016 84.00 K
nvwddi.dll Fri Aug 11 2006 9:43:08p A.... 81,920 80.00 K
nvdispsr.dll Fri Aug 11 2006 9:45:30p A.... 5,251,072 5.01 M
nvgames.dll Fri Aug 11 2006 9:45:32p A.... 3,039,232 2.90 M
nvgamesr.dll Fri Aug 11 2006 9:45:34p A.... 2,928,640 2.79 M
nvmccss.dll Fri Aug 11 2006 9:45:38p A.... 188,416 184.00 K
nvmccssr.dll Fri Aug 11 2006 9:45:40p A.... 458,752 448.00 K
nvmobls.dll Fri Aug 11 2006 9:45:42p A.... 888,832 868.00 K
nvmoblsr.dll Fri Aug 11 2006 9:45:42p A.... 2,859,008 2.73 M
nvvitvs.dll Fri Aug 11 2006 9:45:44p A.... 2,904,064 2.77 M
nvvitvsr.dll Fri Aug 11 2006 9:45:46p A.... 2,953,216 2.82 M
nvwss.dll Fri Aug 11 2006 9:45:36p A.... 1,236,992 1.18 M
nvwssr.dll Fri Aug 11 2006 9:45:38p A.... 1,732,608 1.65 M
nvcod.dll Fri Aug 11 2006 9:42:44p A.... 35,840 35.00 K
nvcodins.dll Fri Aug 11 2006 9:42:44p A.... 35,840 35.00 K
nvshell.dll Fri Aug 11 2006 9:43:00p A.... 466,944 456.00 K
nvwdmcpl.dll Fri Aug 11 2006 9:43:00p A.... 1,662,976 1.59 M
nvwimg.dll Fri Aug 11 2006 9:43:00p A.... 1,019,904 996.00 K
nvmccsrs.dll Fri Aug 11 2006 9:45:22p A.... 45,056 44.00 K
nvcpluir.dll Fri Aug 11 2006 9:43:00p A.... 1,011,712 988.00 K
nvexpbar.dll Fri Aug 11 2006 9:43:00p A.... 311,296 304.00 K
nvrsar.dll Fri Aug 11 2006 9:44:30p A.... 323,584 316.00 K
nvwrsar.dll Fri Aug 11 2006 9:43:00p A.... 282,624 276.00 K
nvrscs.dll Fri Aug 11 2006 9:44:34p A.... 241,664 236.00 K
nvwrscs.dll Fri Aug 11 2006 9:43:00p A.... 286,720 280.00 K
nvrsda.dll Fri Aug 11 2006 9:43:48p A.... 245,760 240.00 K
nvwrsda.dll Fri Aug 11 2006 9:43:00p A.... 294,912 288.00 K
nvrsde.dll Fri Aug 11 2006 9:43:36p A.... 270,336 264.00 K
nvwrsde.dll Fri Aug 11 2006 9:43:00p A.... 311,296 304.00 K
nvrsel.dll Fri Aug 11 2006 9:44:28p A.... 274,432 268.00 K
nvwrsel.dll Fri Aug 11 2006 9:43:00p A.... 335,872 328.00 K
nvrseng.dll Fri Aug 11 2006 9:43:34p A.... 241,664 236.00 K
nvwrseng.dll Fri Aug 11 2006 9:43:00p A.... 286,720 280.00 K
nvrses.dll Fri Aug 11 2006 9:44:02p A.... 274,432 268.00 K
nvwrses.dll Fri Aug 11 2006 9:43:00p A.... 335,872 328.00 K
nvrsesm.dll Fri Aug 11 2006 9:45:16p A.... 266,240 260.00 K
nvwrsesm.dll Fri Aug 11 2006 9:43:00p A.... 327,680 320.00 K
nvrsfi.dll Fri Aug 11 2006 9:43:56p A.... 241,664 236.00 K
nvwrsfi.dll Fri Aug 11 2006 9:43:00p A.... 303,104 296.00 K
nvrsfr.dll Fri Aug 11 2006 9:43:22p A.... 278,528 272.00 K
nvwrsfr.dll Fri Aug 11 2006 9:43:00p A.... 327,680 320.00 K
nvrshe.dll Fri Aug 11 2006 9:44:54p A.... 323,584 316.00 K
nvwrshe.dll Fri Aug 11 2006 9:43:00p A.... 278,528 272.00 K
nvrshu.dll Fri Aug 11 2006 9:45:12p A.... 249,856 244.00 K
nvwrshu.dll Fri Aug 11 2006 9:43:00p A.... 315,392 308.00 K
nvrsit.dll Fri Aug 11 2006 9:43:44p A.... 274,432 268.00 K
nvwrsit.dll Fri Aug 11 2006 9:43:00p A.... 323,584 316.00 K
nvrsja.dll Fri Aug 11 2006 9:44:50p A.... 262,144 256.00 K
nvwrsja.dll Fri Aug 11 2006 9:43:00p A.... 212,992 208.00 K
nvrsko.dll Fri Aug 11 2006 9:45:02p A.... 258,048 252.00 K
nvwrsko.dll Fri Aug 11 2006 9:43:00p A.... 196,608 192.00 K
nvrsnl.dll Fri Aug 11 2006 9:43:26p A.... 266,240 260.00 K
nvwrsnl.dll Fri Aug 11 2006 9:43:00p A.... 319,488 312.00 K
nvrsno.dll Fri Aug 11 2006 9:44:58p A.... 249,856 244.00 K
nvwrsno.dll Fri Aug 11 2006 9:43:00p A.... 299,008 292.00 K
nvrspl.dll Fri Aug 11 2006 9:44:46p A.... 249,856 244.00 K
nvwrspl.dll Fri Aug 11 2006 9:43:00p A.... 294,912 288.00 K
nvrspt.dll Fri Aug 11 2006 9:44:36p A.... 266,240 260.00 K
nvwrspt.dll Fri Aug 11 2006 9:43:00p A.... 323,584 316.00 K
nvrsptb.dll Fri Aug 11 2006 9:43:40p A.... 262,144 256.00 K
nvwrsptb.dll Fri Aug 11 2006 9:43:00p A.... 319,488 312.00 K
nvrsru.dll Fri Aug 11 2006 9:43:20p A.... 262,144 256.00 K
nvwrsru.dll Fri Aug 11 2006 9:43:00p A.... 315,392 308.00 K
nvrssk.dll Fri Aug 11 2006 9:45:06p A.... 249,856 244.00 K
nvwrssk.dll Fri Aug 11 2006 9:43:00p A.... 299,008 292.00 K
nvrssl.dll Fri Aug 11 2006 9:45:10p A.... 249,856 244.00 K
nvwrssl.dll Fri Aug 11 2006 9:43:00p A.... 303,104 296.00 K
nvrssv.dll Fri Aug 11 2006 9:43:58p A.... 245,760 240.00 K
nvwrssv.dll Fri Aug 11 2006 9:43:00p A.... 294,912 288.00 K
nvrstr.dll Fri Aug 11 2006 9:44:40p A.... 249,856 244.00 K
nvwrstr.dll Fri Aug 11 2006 9:43:00p A.... 303,104 296.00 K
nvrszhc.dll Fri Aug 11 2006 9:43:52p A.... 221,184 216.00 K
nvwrszhc.dll Fri Aug 11 2006 9:43:00p A.... 163,840 160.00 K
nvrszht.dll Fri Aug 11 2006 9:43:30p A.... 122,880 120.00 K
nvwrszht.dll Fri Aug 11 2006 9:43:00p A.... 167,936 164.00 K
j0p0la~1.dll Thu Oct 12 2006 9:19:08p ..S.R 235,852 230.32 K
enpsl1~1.dll Sat Oct 14 2006 6:47:06p ..S.R 236,331 230.79 K
s6rslg~1.dll Sat Oct 14 2006 8:22:34p ..S.R 235,852 230.32 K
bassmod.dll Fri Sep 29 2006 2:22:28a A.... 34,308 33.50 K

92 items found: 92 files (5 H/S), 0 directories.
Total of file sizes: 71,625,588 bytes 68.30 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Sat Oct 14 2006 8:56:30p ..S.R 236,331 230.79 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 236,331 bytes 230.79 K
**********************************************************************************
Directory Listing of system files:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815

Verzeichnis von C:\WINDOWS\System32

06-10-14 20:56 236,331 guard.tmp
06-10-14 20:22 235,852 s6rslg9716.dll
06-10-14 18:47 236,331 enpsl1771.dll
06-10-12 21:19 235,852 j0p0la7m1d.dll
06-10-10 22:58 235,852 lv6q09j5e.dll
06-10-07 00:32 235,830 p0r4la9q1d.dll
05-05-05 04:02 <DIR> Microsoft
05-05-05 00:14 <DIR> dllcache
6 Datei(en) 1,416,048 Bytes
2 Verzeichnis(se), 3,248,922,624 Bytes frei
------------------------------------------------------------------------------------------
3.)
Hier die Logfils von datfind.bat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815

Verzeichnis von C:\WINDOWS\system32

06-10-14 21:18 235,852 guard.tmp
06-10-14 21:17 80,430 nvapps.xml
06-10-14 21:16 235,852 di7vb.dll
06-10-14 20:56 236,331 o684lglq16qe.dll
06-10-14 20:22 235,852 s6rslg9716.dll
06-10-12 21:19 235,852 j0p0la7m1d.dll
06-10-11 18:54 3,684 qtplugin.log
06-10-10 22:58 235,852 lv6q09j5e.dll
06-10-10 22:56 2,206 wpa.dbl
06-10-07 00:32 235,830 p0r4la9q1d.dll
06-10-01 17:51 380,486 perfh009.dat
06-10-01 17:51 391,274 perfh007.dat
06-10-01 17:51 63,732 perfc007.dat
06-10-01 17:51 52,900 perfc009.dat
06-10-01 17:51 896,326 PerfStringBackup.INI
06-09-30 12:19 1,233 ctu12877.ini
06-09-29 18:21 1,233 ctu12877.sys
06-09-29 02:22 34,308 BASSMOD.dll
06-09-29 01:21 0 inistone.ini
06-09-27 12:24 187,408 FNTCACHE.DAT
06-09-15 22:52 91,904 S32EVNT1.DLL
06-08-11 21:45 2,953,216 nvvitvsr.dll
06-08-11 21:45 2,904,064 nvvitvs.dll
06-08-11 21:45 2,859,008 nvmoblsr.dll
06-08-11 21:45 888,832 nvmobls.dll
06-08-11 21:45 458,752 nvmccssr.dll
06-08-11 21:45 1,732,608 nvwssr.dll

--------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815

Verzeichnis von C:\DOKUME~1\Mario\LOKALE~1\Temp

06-10-14 21:21 289 datFind.zip
06-10-14 21:17 225 WCESCOMM.LOG
2 Datei(en) 514 Bytes
0 Verzeichnis(se), 3,248,193,536 Bytes frei
--------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815

Verzeichnis von C:\WINDOWS

06-10-14 21:17 0 0.log
06-10-14 21:17 159 wiadebug.log
06-10-14 21:17 51 iTouch.ini
06-10-14 21:16 2,048 bootstat.dat
06-10-14 21:15 50 wiaservc.log
06-10-14 21:15 32,630 SchedLgU.Txt
06-10-14 21:15 1,199,161 WindowsUpdate.log
06-10-14 18:47 576 win.ini
06-10-14 18:47 227 system.ini
06-10-14 15:27 54,156 QTFont.qfn
06-10-14 02:41 116 NeroDigital.ini
06-10-13 22:57 645 ULEAD32.INI
06-10-13 21:55 755,916 setupapi.log
06-10-12 03:46 1,409 QTFont.for
06-10-09 00:53 413 speedfan.INI
06-10-09 00:49 29,988 wmsetup.log
06-10-05 22:45 229,386 DirectX.log
06-10-01 21:54 6,093 mozver.dat
06-10-01 20:13 29,854 plusoc.log
06-10-01 20:13 28,488 MedCtrOC.log
06-10-01 20:13 116,298 ocgen.log
06-10-01 20:13 171,434 FaxSetup.log
06-10-01 20:13 9,789 msgsocm.log
06-10-01 20:13 1,917 imsins.log
06-10-01 20:13 13,352 ehOCGen.log
06-10-01 20:13 8,716 tabletoc.log
06-10-01 20:13 46,713 netfxocm.log
06-10-01 20:13 10,560 ocmsn.log
06-10-01 20:13 70,916 comsetup.log
06-10-01 20:13 93,839 tsoc.log
06-10-01 20:13 44,255 ntdtcsetup.log
06-10-01 20:13 281,454 iis6.log
06-10-01 20:13 69,296 msmqinst.log
06-10-01 18:07 1,917 imsins.BAK
06-10-01 11:35 0 keyboard1.dat
06-09-27 03:09 33 CMSurround.ini
06-09-06 18:55 129 winamp.ini
06-09-04 19:10 315,060 Audi TT Coupe.scr
06-09-04 19:10 1,181,321 Audi TT Coupe.exe
06-09-04 19:10 29,696 mickey32.dll
06-08-14 00:45 178 CMMPLAY.INI
06-08-08 22:26 737,280 iun6002.exe
06-08-04 00:19 44 3D Text Factory.INI
06-08-03 23:00 10 ABC3D.SN
06-08-01 01:47 170 setup.log
06-07-23 17:08 2,510 Microsoft.MIF
06-07-20 20:37 2,359,350 Firefox Wallpaper.bmp
06-07-16 00:38 308 CMCDPLAY.TDB
06-07-14 20:58 34,527 LUINSTALL.LOG
06-07-14 20:26 19,830 SYMEVENT.LOG
----------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815

Verzeichnis von C:\WINDOWS\Temp
----------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815

Verzeichnis von C:\WINDOWS\Downloaded Program Files

05-05-05 03:48 65 desktop.ini
03-12-08 13:58 3,759 swflash.inf
2 Datei(en) 3,824 Bytes
0 Verzeichnis(se), 3,248,136,192 Bytes frei
----------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815

Verzeichnis von C:\

06-10-14 21:31 0 sys.txt
06-10-14 21:30 341 down.txt
06-10-14 21:30 117 tmp.txt
06-10-14 21:29 7,817 system.txt
06-10-14 21:28 338 systemtemp.txt
06-10-14 21:26 101,352 system32.txt
06-10-14 21:16 536,399,872 hiberfil.sys
06-10-14 21:16 805,306,368 pagefile.sys
06-10-14 21:12 53 direct.txt
06-10-14 21:11 133 ComboFix.txt
06-10-14 20:59 133 ComboFix2.txt
06-10-14 20:52 133 ComboFix3.txt
06-10-14 18:47 209 boot.ini
06-09-30 19:30 191 files.txt
06-09-29 01:55 901 list
06-09-29 01:13 34,308 BASSMOD.DLL
06-07-24 19:38 36,864 Nevoreg1.dll
----------------------------------------------------------------------------
Ich hoffe das ich alles bedacht habe und nicht falsch gemacht hab.
Hatte noch nie so nervende Werbung auf meinem Rechner. Habe echt schon alles probiert. Aber nichts hat was gebracht.

Danke schon mal für eure hilfe! Dieses Forum ist wohl kaum zu ersetzen!

#2 Beetlejuice

1.
wende bei L2mfix die Option 2 an , damit der Look2me auch geloescht wird
http://virus-protect.org/l2mfix.html

2.
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Nach L2MFix kommt das hier
╔══════════════════════════════════╗
║ L2MFix Tool By Shadowwar 051206 ║
╠══════════════════════════════════╣
║ 1. Run Find Log ║
║ 2. Run Fix ║
║ 3. View Readme ║
║ 4. Remove L2MFIX Account ║
║ 5. Fix Autoexec.nt/cmd.exe error ║
║ E. Exit ║
╚══════════════════════════════════╝
{1,2,3,4,5,E}2
This fix will reboot automatically.
Password will be entered automatically.
Do not press any keys till instructed too.
Geben Sie das Kennwort für "L2MFIX" ein:
Es wird versucht, C:\WINDOWS\System32\second.bat als Benutzer "FESTRECHNER_MAR\L
2MFIX" zu starten...
Processing Cleanup.
.............................Dateiname existiert bereits, oder die Datei
konnte nicht gefunden werden.
.
adding: readme.txt (deflated 51%)
adding: pv.txt (deflated 57%)
adding: direct.txt (stored 0%)
adding: log.txt (deflated 74%)
adding: report.txt (deflated 68%)
The system is ready to reboot now. The log.txt will be in
the l2mfix folder after the reboot if it does not open
on its own. Please fix the missing file 020 with hijackthis.
after the reboot.
Drücken Sie eine beliebige Taste . . .
--------------------------------------------------------------------------

Nachdem Neustart kommt eine Fehlermeldung das die "cleanup.bat nicht gefunden werden konnte.


Manno!!! Ich krich nen Hörnchen!!!

Combofix beendet sich dann mit vollgender Info: "Look2Me Orphaned entries found"

#4 1.
wende an:
Look2Me-Destroyer V1.0.5
http://virus-protect.org/l2mfix.html

2.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken

Zitat

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

[-HKEY_CLASSES_ROOT\CLSID\{93B64C44-26D7-47CC-9CC8-B3DC4C49E25C}]

**
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Files to delete:
C:\WINDOWS\system32\stonedrv.exe
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\dbprop.dll
C:\WINDOWS\system32\irp2l57o1.dll
C:\WINDOWS\system32\di7vb.dll
C:\WINDOWS\system32\enpsl1771.dll
C:\WINDOWS\system32\o684lglq16qe.dll
C:\WINDOWS\system32\s6rslg9716.dll
C:\WINDOWS\system32\j0p0la7m1d.dll
C:\WINDOWS\system32\lv6q09j5e.dll
C:\WINDOWS\system32\p0r4la9q1d.dll
C:\WINDOWS\system32\ctu12877.ini
C:\WINDOWS\system32\ctu12877.sys
C:\WINDOWS\system32\inistone.ini
C:\WINDOWS\keyboard1.dat

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
scanne noch mal mit Combofix, aber poste unbedingt das log hier !
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Habe alles ausgeführt wie Du es beschrieben hast. Aber jetzt verabschidet sich Combofix ohne eine Nachricht. Das Fenster ist einfach weg und es bleibt ein lehrer Desktop.
Habe ich was falsch gemacht? Soll ich die Schritte noch mal abarbeiten?

#6 poste bitte noch mal die 6 logs von datfindbat
__________
MfG Sabina

rund um die PC-Sicherheit

#7 Hier noch mal die aktuellen Files....
...oh man ich danke dir für die Mühe!
-------------------------------------------------
1.)
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815

Verzeichnis von C:\WINDOWS\system32

06-10-15 16:14 80,430 nvapps.xml
06-10-14 23:50 0 lo2.txtt
06-10-11 18:54 3,684 qtplugin.log
06-10-10 22:56 2,206 wpa.dbl
06-10-01 17:51 63,732 perfc007.dat
06-10-01 17:51 380,486 perfh009.dat
06-10-01 17:51 52,900 perfc009.dat
06-10-01 17:51 896,326 PerfStringBackup.INI
06-10-01 17:51 391,274 perfh007.dat
06-09-29 02:22 34,308 BASSMOD.dll
06-09-27 12:24 187,408 FNTCACHE.DAT
06-09-15 22:52 91,904 S32EVNT1.DLL
06-08-11 21:45 2,953,216 nvvitvsr.dll

---------------------------------------------------------------------
2.)
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815

Verzeichnis von C:\DOKUME~1\Mario\LOKALE~1\Temp

06-10-15 16:15 225 WCESCOMM.LOG
06-10-15 15:34 118 WcesView.log
06-10-15 15:30 127,378 avenger.zip
06-10-14 23:40 4,830 ACA.tmp
06-10-14 23:36 4,970 AC9.tmp
06-10-14 23:02 65,536 ~DFB7AD.tmp
6 Datei(en) 203,057 Bytes
0 Verzeichnis(se), 3,239,206,912 Bytes frei
--------------------------------------------------------------------
3.)

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815

Verzeichnis von C:\WINDOWS

06-10-15 16:14 51 iTouch.ini
06-10-15 16:13 0 0.log
06-10-15 16:13 159 wiadebug.log
06-10-15 16:13 2,048 bootstat.dat
06-10-15 16:11 32,630 SchedLgU.Txt
06-10-15 16:11 50 wiaservc.log
06-10-15 16:11 1,202,357 WindowsUpdate.log
06-10-15 15:41 95,488 ntbtlog.txt
06-10-15 04:51 54,156 QTFont.qfn
06-10-14 18:47 576 win.ini
06-10-14 18:47 227 system.ini
06-10-14 02:41 116 NeroDigital.ini
06-10-13 22:57 645 ULEAD32.INI
06-10-13 21:55 755,916 setupapi.log
06-10-12 03:46 1,409 QTFont.for
06-10-09 00:53 413 speedfan.INI
06-10-09 00:49 29,988 wmsetup.log
06-10-05 22:45 229,386 DirectX.log
06-10-01 21:54 6,093 mozver.dat
06-10-01 20:13 46,713 netfxocm.log
06-10-01 20:13 171,434 FaxSetup.log
06-10-01 20:13 281,454 iis6.log
06-10-01 20:13 29,854 plusoc.log
06-10-01 20:13 70,916 comsetup.log
06-10-01 20:13 13,352 ehOCGen.log
06-10-01 20:13 28,488 MedCtrOC.log
06-10-01 20:13 1,917 imsins.log
06-10-01 20:13 8,716 tabletoc.log
06-10-01 20:13 9,789 msgsocm.log
06-10-01 20:13 44,255 ntdtcsetup.log
06-10-01 20:13 10,560 ocmsn.log
06-10-01 20:13 93,839 tsoc.log
06-10-01 20:13 116,298 ocgen.log
06-10-01 20:13 69,296 msmqinst.log
06-10-01 18:07 1,917 imsins.BAK
06-09-27 03:09 33 CMSurround.ini
06-09-06 18:55 129 winamp.ini
06-09-04 19:10 315,060 Audi TT Coupe.scr
06-09-04 19:10 1,181,321 Audi TT Coupe.exe
06-09-04 19:10 29,696 mickey32.dll
06-08-14 00:45 178 CMMPLAY.INI
06-08-08 22:26 737,280 iun6002.exe
06-08-04 00:19 44 3D Text Factory.INI
06-08-03 23:00 10 ABC3D.SN
06-08-01 01:47 170 setup.log
06-07-23 17:08 2,510 Microsoft.MIF
06-07-20 20:37 2,359,350 Firefox Wallpaper.bmp
06-07-16 00:38 308 CMCDPLAY.TDB
06-07-14 20:58 34,527 LUINSTALL.LOG
06-07-14 20:26 19,830 SYMEVENT.LOG
---------------------------------------------------------------------------
4.)
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815

Verzeichnis von C:\WINDOWS\Temp

06-10-15 15:09 16,384 ~DFA964.tmp
1 Datei(en) 16,384 Bytes
0 Verzeichnis(se), 3,239,133,184 Bytes frei
---------------------------------------------------------------------------
5.)
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815

Verzeichnis von C:\WINDOWS\Downloaded Program Files

05-05-05 03:48 65 desktop.ini
03-12-08 13:58 3,759 swflash.inf
2 Datei(en) 3,824 Bytes
0 Verzeichnis(se), 3,239,124,992 Bytes frei
---------------------------------------------------------------------------
6.)
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815

Verzeichnis von C:\

06-10-15 16:44 0 sys.txt
06-10-15 16:44 341 down.txt
06-10-15 16:43 274 tmp.txt
06-10-15 16:43 7,815 system.txt
06-10-15 16:42 519 systemtemp.txt
06-10-15 16:33 100,591 system32.txt
06-10-15 16:13 536,399,872 hiberfil.sys
06-10-15 16:13 805,306,368 pagefile.sys
06-10-15 15:59 149 ComboFix.txt
06-10-15 15:57 149 ComboFix2.txt
06-10-15 15:51 5,754 avenger.txt
06-10-15 00:57 149 ComboFix3.txt
06-10-14 18:47 209 boot.ini
06-09-30 19:30 191 files.txt
06-09-29 01:55 901 list
06-09-29 01:13 34,308 BASSMOD.DLL
06-07-24 19:38 36,864 Nevoreg1.dll
05-12-28 22:20 219 VideoEditor.log
05-12-28 22:11 0 DBS.TXT
05-05-08 21:44 13,030 PDOXUSRS.NET
05-05-08 21:39 2,986 INSTALL.LOG
05-05-05 11:42 0 itouch_config_crash_info.txt
05-05-05 11:39 0 itouch_crash_info.txt
05-05-05 03:52 0 AUTOEXEC.BAT
05-05-05 03:52 0 CONFIG.SYS
05-05-05 03:52 0 MSDOS.SYS
05-05-05 03:52 0 IO.SYS
---------------------------------------------------------------------------

Danke!!!!!!! :-)

#8 1.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

2.
scanne. lasse alles loeschen und poste den report
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Ich glaube das der Report von AVG zu lang war. Er ist über 12 MB groß :-(
Ist nicht zu glauben!!! Soll ich ihn hochladen?

Habe auch noch nicht weiter mit AVG gemacht. Nur den Report gespeichert. Das Prog ist noch offen auf meinem Rechner.....

#10 lade den report als Anhang hoch ( siehe unten)
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Ich werde jetzt noch mal scannen und den Report dan senden. Hoffe er ist kleiner. Ich darf max. 8,5 MB hochladen. Hoffe das es schnell geht. Bin leider immer erst ab 18 Uhr zuhause.

Aber tausend Dank!!!

Das ist je echt nicht viel...:

---------------------------------------------------------
AVG Anti-Spyware - Scan-Bericht
---------------------------------------------------------

+ Erstellt um: 19:50 06-10-16

+ Scan-Ergebnis:



:mozilla.41:C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\96wrupdx.default\cookies.txt -> TrackingCookie.2o7 : Keine Aktion durchgeführt.


::Berichtende
------------------------------------------------------------

Combofix läuft danach immer noch nicht. Aber die nervende Werbung ist bereits weg.
Ist mein PC nun nicht mehr infiziert?

#12 wende noch mal an:
Look2Me-Destroyer V1.0.5
http://virus-protect.org/l2mfix.html
poste dann unbedingt den scanreport hier !
__________
MfG Sabina

rund um die PC-Sicherheit

#13 Mitternächtliche Aktivitäten haben das hier ergeben:


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 06-10-17 01:31:09


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administratoren - Succeeded
--------------------------------------------------------------------

Was soll ich sagen? Bin ja schon froh das es nicht so viel ist.

#14 poste das neue Log vom HijackThis, bitte
__________
MfG Sabina

rund um die PC-Sicherheit

#15 Hier der Log vom HijackThis.
---------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 15:18, on 06-10-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\explorer.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Mixer.exe
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
F:\Programme\Norton AntiVirus\navapsvc.exe
F:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
F:\PROGRA~1\NORTON~1\NPROTECT.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
F:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\Mario\Desktop\Virenbekämpfung\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
F2 - REG:system.ini: Shell=explorer.exe
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [shell] "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1ADD41A-C5BD-43C7-AC2A-693BD822D015}: NameServer = 192.168.0.1
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\PROGRA~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe