Nervende selbstständige Werbe-TABS unter Firefox.Alles beigetragen.Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
14.10.2006, 21:56
Member
Beiträge: 22 |
||
|
||
14.10.2006, 23:11
Ehrenmitglied
Beiträge: 29434 |
#2
Beetlejuice
1. wende bei L2mfix die Option 2 an , damit der Look2me auch geloescht wird http://virus-protect.org/l2mfix.html 2. poste dieses log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.10.2006, 00:49
Member
Themenstarter Beiträge: 22 |
#3
Nach L2MFix kommt das hier
╔══════════════════════════════════╗ ║ L2MFix Tool By Shadowwar 051206 ║ ╠══════════════════════════════════╣ ║ 1. Run Find Log ║ ║ 2. Run Fix ║ ║ 3. View Readme ║ ║ 4. Remove L2MFIX Account ║ ║ 5. Fix Autoexec.nt/cmd.exe error ║ ║ E. Exit ║ ╚══════════════════════════════════╝ {1,2,3,4,5,E}2 This fix will reboot automatically. Password will be entered automatically. Do not press any keys till instructed too. Geben Sie das Kennwort für "L2MFIX" ein: Es wird versucht, C:\WINDOWS\System32\second.bat als Benutzer "FESTRECHNER_MAR\L 2MFIX" zu starten... Processing Cleanup. .............................Dateiname existiert bereits, oder die Datei konnte nicht gefunden werden. . adding: readme.txt (deflated 51%) adding: pv.txt (deflated 57%) adding: direct.txt (stored 0%) adding: log.txt (deflated 74%) adding: report.txt (deflated 68%) The system is ready to reboot now. The log.txt will be in the l2mfix folder after the reboot if it does not open on its own. Please fix the missing file 020 with hijackthis. after the reboot. Drücken Sie eine beliebige Taste . . . -------------------------------------------------------------------------- Nachdem Neustart kommt eine Fehlermeldung das die "cleanup.bat nicht gefunden werden konnte. Manno!!! Ich krich nen Hörnchen!!! Combofix beendet sich dann mit vollgender Info: "Look2Me Orphaned entries found" Dieser Beitrag wurde am 15.10.2006 um 01:02 Uhr von Beetlejuice editiert.
|
|
|
||
15.10.2006, 11:37
Ehrenmitglied
Beiträge: 29434 |
#4
1.
wende an: Look2Me-Destroyer V1.0.5 http://virus-protect.org/l2mfix.html 2. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken Zitat REGEDIT4** Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** scanne noch mal mit Combofix, aber poste unbedingt das log hier ! __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.10.2006, 16:02
Member
Themenstarter Beiträge: 22 |
#5
Habe alles ausgeführt wie Du es beschrieben hast. Aber jetzt verabschidet sich Combofix ohne eine Nachricht. Das Fenster ist einfach weg und es bleibt ein lehrer Desktop.
Habe ich was falsch gemacht? Soll ich die Schritte noch mal abarbeiten? |
|
|
||
15.10.2006, 16:12
Ehrenmitglied
Beiträge: 29434 |
||
|
||
15.10.2006, 16:52
Member
Themenstarter Beiträge: 22 |
#7
Hier noch mal die aktuellen Files....
...oh man ich danke dir für die Mühe! ------------------------------------------------- 1.) Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D052-1815 Verzeichnis von C:\WINDOWS\system32 06-10-15 16:14 80,430 nvapps.xml 06-10-14 23:50 0 lo2.txtt 06-10-11 18:54 3,684 qtplugin.log 06-10-10 22:56 2,206 wpa.dbl 06-10-01 17:51 63,732 perfc007.dat 06-10-01 17:51 380,486 perfh009.dat 06-10-01 17:51 52,900 perfc009.dat 06-10-01 17:51 896,326 PerfStringBackup.INI 06-10-01 17:51 391,274 perfh007.dat 06-09-29 02:22 34,308 BASSMOD.dll 06-09-27 12:24 187,408 FNTCACHE.DAT 06-09-15 22:52 91,904 S32EVNT1.DLL 06-08-11 21:45 2,953,216 nvvitvsr.dll --------------------------------------------------------------------- 2.) Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D052-1815 Verzeichnis von C:\DOKUME~1\Mario\LOKALE~1\Temp 06-10-15 16:15 225 WCESCOMM.LOG 06-10-15 15:34 118 WcesView.log 06-10-15 15:30 127,378 avenger.zip 06-10-14 23:40 4,830 ACA.tmp 06-10-14 23:36 4,970 AC9.tmp 06-10-14 23:02 65,536 ~DFB7AD.tmp 6 Datei(en) 203,057 Bytes 0 Verzeichnis(se), 3,239,206,912 Bytes frei -------------------------------------------------------------------- 3.) Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D052-1815 Verzeichnis von C:\WINDOWS 06-10-15 16:14 51 iTouch.ini 06-10-15 16:13 0 0.log 06-10-15 16:13 159 wiadebug.log 06-10-15 16:13 2,048 bootstat.dat 06-10-15 16:11 32,630 SchedLgU.Txt 06-10-15 16:11 50 wiaservc.log 06-10-15 16:11 1,202,357 WindowsUpdate.log 06-10-15 15:41 95,488 ntbtlog.txt 06-10-15 04:51 54,156 QTFont.qfn 06-10-14 18:47 576 win.ini 06-10-14 18:47 227 system.ini 06-10-14 02:41 116 NeroDigital.ini 06-10-13 22:57 645 ULEAD32.INI 06-10-13 21:55 755,916 setupapi.log 06-10-12 03:46 1,409 QTFont.for 06-10-09 00:53 413 speedfan.INI 06-10-09 00:49 29,988 wmsetup.log 06-10-05 22:45 229,386 DirectX.log 06-10-01 21:54 6,093 mozver.dat 06-10-01 20:13 46,713 netfxocm.log 06-10-01 20:13 171,434 FaxSetup.log 06-10-01 20:13 281,454 iis6.log 06-10-01 20:13 29,854 plusoc.log 06-10-01 20:13 70,916 comsetup.log 06-10-01 20:13 13,352 ehOCGen.log 06-10-01 20:13 28,488 MedCtrOC.log 06-10-01 20:13 1,917 imsins.log 06-10-01 20:13 8,716 tabletoc.log 06-10-01 20:13 9,789 msgsocm.log 06-10-01 20:13 44,255 ntdtcsetup.log 06-10-01 20:13 10,560 ocmsn.log 06-10-01 20:13 93,839 tsoc.log 06-10-01 20:13 116,298 ocgen.log 06-10-01 20:13 69,296 msmqinst.log 06-10-01 18:07 1,917 imsins.BAK 06-09-27 03:09 33 CMSurround.ini 06-09-06 18:55 129 winamp.ini 06-09-04 19:10 315,060 Audi TT Coupe.scr 06-09-04 19:10 1,181,321 Audi TT Coupe.exe 06-09-04 19:10 29,696 mickey32.dll 06-08-14 00:45 178 CMMPLAY.INI 06-08-08 22:26 737,280 iun6002.exe 06-08-04 00:19 44 3D Text Factory.INI 06-08-03 23:00 10 ABC3D.SN 06-08-01 01:47 170 setup.log 06-07-23 17:08 2,510 Microsoft.MIF 06-07-20 20:37 2,359,350 Firefox Wallpaper.bmp 06-07-16 00:38 308 CMCDPLAY.TDB 06-07-14 20:58 34,527 LUINSTALL.LOG 06-07-14 20:26 19,830 SYMEVENT.LOG --------------------------------------------------------------------------- 4.) Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D052-1815 Verzeichnis von C:\WINDOWS\Temp 06-10-15 15:09 16,384 ~DFA964.tmp 1 Datei(en) 16,384 Bytes 0 Verzeichnis(se), 3,239,133,184 Bytes frei --------------------------------------------------------------------------- 5.) Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D052-1815 Verzeichnis von C:\WINDOWS\Downloaded Program Files 05-05-05 03:48 65 desktop.ini 03-12-08 13:58 3,759 swflash.inf 2 Datei(en) 3,824 Bytes 0 Verzeichnis(se), 3,239,124,992 Bytes frei --------------------------------------------------------------------------- 6.) Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D052-1815 Verzeichnis von C:\ 06-10-15 16:44 0 sys.txt 06-10-15 16:44 341 down.txt 06-10-15 16:43 274 tmp.txt 06-10-15 16:43 7,815 system.txt 06-10-15 16:42 519 systemtemp.txt 06-10-15 16:33 100,591 system32.txt 06-10-15 16:13 536,399,872 hiberfil.sys 06-10-15 16:13 805,306,368 pagefile.sys 06-10-15 15:59 149 ComboFix.txt 06-10-15 15:57 149 ComboFix2.txt 06-10-15 15:51 5,754 avenger.txt 06-10-15 00:57 149 ComboFix3.txt 06-10-14 18:47 209 boot.ini 06-09-30 19:30 191 files.txt 06-09-29 01:55 901 list 06-09-29 01:13 34,308 BASSMOD.DLL 06-07-24 19:38 36,864 Nevoreg1.dll 05-12-28 22:20 219 VideoEditor.log 05-12-28 22:11 0 DBS.TXT 05-05-08 21:44 13,030 PDOXUSRS.NET 05-05-08 21:39 2,986 INSTALL.LOG 05-05-05 11:42 0 itouch_config_crash_info.txt 05-05-05 11:39 0 itouch_crash_info.txt 05-05-05 03:52 0 AUTOEXEC.BAT 05-05-05 03:52 0 CONFIG.SYS 05-05-05 03:52 0 MSDOS.SYS 05-05-05 03:52 0 IO.SYS --------------------------------------------------------------------------- Danke!!!!!!! :-) |
|
|
||
15.10.2006, 17:39
Ehrenmitglied
Beiträge: 29434 |
#8
1.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. 2. scanne. lasse alles loeschen und poste den report http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.10.2006, 19:58
Member
Themenstarter Beiträge: 22 |
#9
Ich glaube das der Report von AVG zu lang war. Er ist über 12 MB groß :-(
Ist nicht zu glauben!!! Soll ich ihn hochladen? Habe auch noch nicht weiter mit AVG gemacht. Nur den Report gespeichert. Das Prog ist noch offen auf meinem Rechner..... |
|
|
||
16.10.2006, 09:22
Ehrenmitglied
Beiträge: 29434 |
||
|
||
16.10.2006, 18:09
Member
Themenstarter Beiträge: 22 |
#11
Ich werde jetzt noch mal scannen und den Report dan senden. Hoffe er ist kleiner. Ich darf max. 8,5 MB hochladen. Hoffe das es schnell geht. Bin leider immer erst ab 18 Uhr zuhause.
Aber tausend Dank!!! Das ist je echt nicht viel...: --------------------------------------------------------- AVG Anti-Spyware - Scan-Bericht --------------------------------------------------------- + Erstellt um: 19:50 06-10-16 + Scan-Ergebnis: :mozilla.41:C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\96wrupdx.default\cookies.txt -> TrackingCookie.2o7 : Keine Aktion durchgeführt. ::Berichtende ------------------------------------------------------------ Combofix läuft danach immer noch nicht. Aber die nervende Werbung ist bereits weg. Ist mein PC nun nicht mehr infiziert? Dieser Beitrag wurde am 16.10.2006 um 19:55 Uhr von Beetlejuice editiert.
|
|
|
||
17.10.2006, 00:47
Ehrenmitglied
Beiträge: 29434 |
#12
wende noch mal an:
Look2Me-Destroyer V1.0.5 http://virus-protect.org/l2mfix.html poste dann unbedingt den scanreport hier ! __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.10.2006, 01:50
Member
Themenstarter Beiträge: 22 |
#13
Mitternächtliche Aktivitäten haben das hier ergeben:
Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 06-10-17 01:31:09 Attempting to delete infected files... Making registry repairs. Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administratoren - Succeeded -------------------------------------------------------------------- Was soll ich sagen? Bin ja schon froh das es nicht so viel ist. |
|
|
||
17.10.2006, 02:10
Ehrenmitglied
Beiträge: 29434 |
||
|
||
17.10.2006, 15:21
Member
Themenstarter Beiträge: 22 |
#15
Hier der Log vom HijackThis.
--------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 15:18, on 06-10-17 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\WINDOWS\explorer.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Programme\Logitech\iTouch\iTouch.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Mixer.exe C:\Programme\HP\HP Software Update\HPWuSchd.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe F:\Programme\Norton AntiVirus\navapsvc.exe F:\Programme\Norton AntiVirus\IWP\NPFMntor.exe F:\PROGRA~1\NORTON~1\NPROTECT.EXE C:\Programme\QuickTime\qttask.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\NCLAUNCH.EXe F:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\SlySoft\AnyDVD\AnyDVD.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\Dokumente und Einstellungen\Mario\Desktop\Virenbekämpfung\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file) F2 - REG:system.ini: Shell=explorer.exe O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [C-Media Echo Control] C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [shell] "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{D1ADD41A-C5BD-43C7-AC2A-693BD822D015}: NameServer = 192.168.0.1 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\PROGRA~1\NORTON~1\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe O23 - Service: SAVScan - Symantec Corporation - F:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe |
|
|
||
---------------------------------------------------------------------------------
1.)
Logfile of HijackThis v1.99.1
Scan saved at 20:07:42, on 14.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
F:\Programme\Norton AntiVirus\navapsvc.exe
F:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
F:\PROGRA~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
F:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Mario\Desktop\Virenbekämpfung\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
F2 - REG:system.ini: Shell=explorer.exe
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [shell] "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1ADD41A-C5BD-43C7-AC2A-693BD822D015}: NameServer = 192.168.0.1
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\irp2l57o1.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\PROGRA~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
---------------------------------------------------------------------------------
2.)
Combofix hat mir immer nur : "Aktive look2me found" angezeigt. Habe dann im Forum gesucht und so weiter gemacht.
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\enpsl1771.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{EF025FAE-8798-FD00-C4CB-F0FD54F6B429}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschaftenseite fr vorherige Versionen"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorherige Versionen"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{93B64C44-26D7-47CC-9CC8-B3DC4C49E25C}"=""
"{8F54626D-1D31-405E-961A-A24FB764D8E8}"=""
"{B182CAC9-ED3A-4FFA-A493-A8215FEEBF87}"=""
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{93B64C44-26D7-47CC-9CC8-B3DC4C49E25C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{93B64C44-26D7-47CC-9CC8-B3DC4C49E25C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{93B64C44-26D7-47CC-9CC8-B3DC4C49E25C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{93B64C44-26D7-47CC-9CC8-B3DC4C49E25C}\InprocServer32]
@="C:\\WINDOWS\\system32\\dbprop.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
dbprop.dll Sat Oct 14 2006 8:55:30p ..... 236,331 230.79 K
nv4_disp.dll Fri Aug 11 2006 9:42:52p A.... 4,496,128 4.29 M
s32evnt1.dll Fri Sep 15 2006 10:52:12p A.... 91,904 89.75 K
nvhwvid.dll Fri Aug 11 2006 9:45:20p A.... 581,632 568.00 K
nvnt4cpl.dll Fri Aug 11 2006 9:43:00p A.... 286,720 280.00 K
nvmccs.dll Fri Aug 11 2006 9:45:22p A.... 229,376 224.00 K
nvdisps.dll Fri Aug 11 2006 9:45:28p A.... 5,611,520 5.35 M
p0r4la~1.dll Sat Oct 7 2006 12:32:16a ..S.R 235,830 230.30 K
lv6q09~1.dll Tue Oct 10 2006 10:58:06p ..S.R 235,852 230.32 K
nvapi.dll Fri Aug 11 2006 9:43:10p A.... 196,608 192.00 K
nview.dll Fri Aug 11 2006 9:43:00p A.... 1,470,464 1.40 M
nvoglnt.dll Fri Aug 11 2006 9:42:58p A.... 5,636,096 5.38 M
nvcpl.dll Fri Aug 11 2006 9:43:02p A.... 7,630,848 7.28 M
nvmctray.dll Fri Aug 11 2006 9:43:04p A.... 86,016 84.00 K
nvwddi.dll Fri Aug 11 2006 9:43:08p A.... 81,920 80.00 K
nvdispsr.dll Fri Aug 11 2006 9:45:30p A.... 5,251,072 5.01 M
nvgames.dll Fri Aug 11 2006 9:45:32p A.... 3,039,232 2.90 M
nvgamesr.dll Fri Aug 11 2006 9:45:34p A.... 2,928,640 2.79 M
nvmccss.dll Fri Aug 11 2006 9:45:38p A.... 188,416 184.00 K
nvmccssr.dll Fri Aug 11 2006 9:45:40p A.... 458,752 448.00 K
nvmobls.dll Fri Aug 11 2006 9:45:42p A.... 888,832 868.00 K
nvmoblsr.dll Fri Aug 11 2006 9:45:42p A.... 2,859,008 2.73 M
nvvitvs.dll Fri Aug 11 2006 9:45:44p A.... 2,904,064 2.77 M
nvvitvsr.dll Fri Aug 11 2006 9:45:46p A.... 2,953,216 2.82 M
nvwss.dll Fri Aug 11 2006 9:45:36p A.... 1,236,992 1.18 M
nvwssr.dll Fri Aug 11 2006 9:45:38p A.... 1,732,608 1.65 M
nvcod.dll Fri Aug 11 2006 9:42:44p A.... 35,840 35.00 K
nvcodins.dll Fri Aug 11 2006 9:42:44p A.... 35,840 35.00 K
nvshell.dll Fri Aug 11 2006 9:43:00p A.... 466,944 456.00 K
nvwdmcpl.dll Fri Aug 11 2006 9:43:00p A.... 1,662,976 1.59 M
nvwimg.dll Fri Aug 11 2006 9:43:00p A.... 1,019,904 996.00 K
nvmccsrs.dll Fri Aug 11 2006 9:45:22p A.... 45,056 44.00 K
nvcpluir.dll Fri Aug 11 2006 9:43:00p A.... 1,011,712 988.00 K
nvexpbar.dll Fri Aug 11 2006 9:43:00p A.... 311,296 304.00 K
nvrsar.dll Fri Aug 11 2006 9:44:30p A.... 323,584 316.00 K
nvwrsar.dll Fri Aug 11 2006 9:43:00p A.... 282,624 276.00 K
nvrscs.dll Fri Aug 11 2006 9:44:34p A.... 241,664 236.00 K
nvwrscs.dll Fri Aug 11 2006 9:43:00p A.... 286,720 280.00 K
nvrsda.dll Fri Aug 11 2006 9:43:48p A.... 245,760 240.00 K
nvwrsda.dll Fri Aug 11 2006 9:43:00p A.... 294,912 288.00 K
nvrsde.dll Fri Aug 11 2006 9:43:36p A.... 270,336 264.00 K
nvwrsde.dll Fri Aug 11 2006 9:43:00p A.... 311,296 304.00 K
nvrsel.dll Fri Aug 11 2006 9:44:28p A.... 274,432 268.00 K
nvwrsel.dll Fri Aug 11 2006 9:43:00p A.... 335,872 328.00 K
nvrseng.dll Fri Aug 11 2006 9:43:34p A.... 241,664 236.00 K
nvwrseng.dll Fri Aug 11 2006 9:43:00p A.... 286,720 280.00 K
nvrses.dll Fri Aug 11 2006 9:44:02p A.... 274,432 268.00 K
nvwrses.dll Fri Aug 11 2006 9:43:00p A.... 335,872 328.00 K
nvrsesm.dll Fri Aug 11 2006 9:45:16p A.... 266,240 260.00 K
nvwrsesm.dll Fri Aug 11 2006 9:43:00p A.... 327,680 320.00 K
nvrsfi.dll Fri Aug 11 2006 9:43:56p A.... 241,664 236.00 K
nvwrsfi.dll Fri Aug 11 2006 9:43:00p A.... 303,104 296.00 K
nvrsfr.dll Fri Aug 11 2006 9:43:22p A.... 278,528 272.00 K
nvwrsfr.dll Fri Aug 11 2006 9:43:00p A.... 327,680 320.00 K
nvrshe.dll Fri Aug 11 2006 9:44:54p A.... 323,584 316.00 K
nvwrshe.dll Fri Aug 11 2006 9:43:00p A.... 278,528 272.00 K
nvrshu.dll Fri Aug 11 2006 9:45:12p A.... 249,856 244.00 K
nvwrshu.dll Fri Aug 11 2006 9:43:00p A.... 315,392 308.00 K
nvrsit.dll Fri Aug 11 2006 9:43:44p A.... 274,432 268.00 K
nvwrsit.dll Fri Aug 11 2006 9:43:00p A.... 323,584 316.00 K
nvrsja.dll Fri Aug 11 2006 9:44:50p A.... 262,144 256.00 K
nvwrsja.dll Fri Aug 11 2006 9:43:00p A.... 212,992 208.00 K
nvrsko.dll Fri Aug 11 2006 9:45:02p A.... 258,048 252.00 K
nvwrsko.dll Fri Aug 11 2006 9:43:00p A.... 196,608 192.00 K
nvrsnl.dll Fri Aug 11 2006 9:43:26p A.... 266,240 260.00 K
nvwrsnl.dll Fri Aug 11 2006 9:43:00p A.... 319,488 312.00 K
nvrsno.dll Fri Aug 11 2006 9:44:58p A.... 249,856 244.00 K
nvwrsno.dll Fri Aug 11 2006 9:43:00p A.... 299,008 292.00 K
nvrspl.dll Fri Aug 11 2006 9:44:46p A.... 249,856 244.00 K
nvwrspl.dll Fri Aug 11 2006 9:43:00p A.... 294,912 288.00 K
nvrspt.dll Fri Aug 11 2006 9:44:36p A.... 266,240 260.00 K
nvwrspt.dll Fri Aug 11 2006 9:43:00p A.... 323,584 316.00 K
nvrsptb.dll Fri Aug 11 2006 9:43:40p A.... 262,144 256.00 K
nvwrsptb.dll Fri Aug 11 2006 9:43:00p A.... 319,488 312.00 K
nvrsru.dll Fri Aug 11 2006 9:43:20p A.... 262,144 256.00 K
nvwrsru.dll Fri Aug 11 2006 9:43:00p A.... 315,392 308.00 K
nvrssk.dll Fri Aug 11 2006 9:45:06p A.... 249,856 244.00 K
nvwrssk.dll Fri Aug 11 2006 9:43:00p A.... 299,008 292.00 K
nvrssl.dll Fri Aug 11 2006 9:45:10p A.... 249,856 244.00 K
nvwrssl.dll Fri Aug 11 2006 9:43:00p A.... 303,104 296.00 K
nvrssv.dll Fri Aug 11 2006 9:43:58p A.... 245,760 240.00 K
nvwrssv.dll Fri Aug 11 2006 9:43:00p A.... 294,912 288.00 K
nvrstr.dll Fri Aug 11 2006 9:44:40p A.... 249,856 244.00 K
nvwrstr.dll Fri Aug 11 2006 9:43:00p A.... 303,104 296.00 K
nvrszhc.dll Fri Aug 11 2006 9:43:52p A.... 221,184 216.00 K
nvwrszhc.dll Fri Aug 11 2006 9:43:00p A.... 163,840 160.00 K
nvrszht.dll Fri Aug 11 2006 9:43:30p A.... 122,880 120.00 K
nvwrszht.dll Fri Aug 11 2006 9:43:00p A.... 167,936 164.00 K
j0p0la~1.dll Thu Oct 12 2006 9:19:08p ..S.R 235,852 230.32 K
enpsl1~1.dll Sat Oct 14 2006 6:47:06p ..S.R 236,331 230.79 K
s6rslg~1.dll Sat Oct 14 2006 8:22:34p ..S.R 235,852 230.32 K
bassmod.dll Fri Sep 29 2006 2:22:28a A.... 34,308 33.50 K
92 items found: 92 files (5 H/S), 0 directories.
Total of file sizes: 71,625,588 bytes 68.30 M
Locate .tmp files:
C:\WINDOWS\SYSTEM32\
guard.tmp Sat Oct 14 2006 8:56:30p ..S.R 236,331 230.79 K
1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 236,331 bytes 230.79 K
**********************************************************************************
Directory Listing of system files:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815
Verzeichnis von C:\WINDOWS\System32
06-10-14 20:56 236,331 guard.tmp
06-10-14 20:22 235,852 s6rslg9716.dll
06-10-14 18:47 236,331 enpsl1771.dll
06-10-12 21:19 235,852 j0p0la7m1d.dll
06-10-10 22:58 235,852 lv6q09j5e.dll
06-10-07 00:32 235,830 p0r4la9q1d.dll
05-05-05 04:02 <DIR> Microsoft
05-05-05 00:14 <DIR> dllcache
6 Datei(en) 1,416,048 Bytes
2 Verzeichnis(se), 3,248,922,624 Bytes frei
------------------------------------------------------------------------------------------
3.)
Hier die Logfils von datfind.bat
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815
Verzeichnis von C:\WINDOWS\system32
06-10-14 21:18 235,852 guard.tmp
06-10-14 21:17 80,430 nvapps.xml
06-10-14 21:16 235,852 di7vb.dll
06-10-14 20:56 236,331 o684lglq16qe.dll
06-10-14 20:22 235,852 s6rslg9716.dll
06-10-12 21:19 235,852 j0p0la7m1d.dll
06-10-11 18:54 3,684 qtplugin.log
06-10-10 22:58 235,852 lv6q09j5e.dll
06-10-10 22:56 2,206 wpa.dbl
06-10-07 00:32 235,830 p0r4la9q1d.dll
06-10-01 17:51 380,486 perfh009.dat
06-10-01 17:51 391,274 perfh007.dat
06-10-01 17:51 63,732 perfc007.dat
06-10-01 17:51 52,900 perfc009.dat
06-10-01 17:51 896,326 PerfStringBackup.INI
06-09-30 12:19 1,233 ctu12877.ini
06-09-29 18:21 1,233 ctu12877.sys
06-09-29 02:22 34,308 BASSMOD.dll
06-09-29 01:21 0 inistone.ini
06-09-27 12:24 187,408 FNTCACHE.DAT
06-09-15 22:52 91,904 S32EVNT1.DLL
06-08-11 21:45 2,953,216 nvvitvsr.dll
06-08-11 21:45 2,904,064 nvvitvs.dll
06-08-11 21:45 2,859,008 nvmoblsr.dll
06-08-11 21:45 888,832 nvmobls.dll
06-08-11 21:45 458,752 nvmccssr.dll
06-08-11 21:45 1,732,608 nvwssr.dll
--------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815
Verzeichnis von C:\DOKUME~1\Mario\LOKALE~1\Temp
06-10-14 21:21 289 datFind.zip
06-10-14 21:17 225 WCESCOMM.LOG
2 Datei(en) 514 Bytes
0 Verzeichnis(se), 3,248,193,536 Bytes frei
--------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815
Verzeichnis von C:\WINDOWS
06-10-14 21:17 0 0.log
06-10-14 21:17 159 wiadebug.log
06-10-14 21:17 51 iTouch.ini
06-10-14 21:16 2,048 bootstat.dat
06-10-14 21:15 50 wiaservc.log
06-10-14 21:15 32,630 SchedLgU.Txt
06-10-14 21:15 1,199,161 WindowsUpdate.log
06-10-14 18:47 576 win.ini
06-10-14 18:47 227 system.ini
06-10-14 15:27 54,156 QTFont.qfn
06-10-14 02:41 116 NeroDigital.ini
06-10-13 22:57 645 ULEAD32.INI
06-10-13 21:55 755,916 setupapi.log
06-10-12 03:46 1,409 QTFont.for
06-10-09 00:53 413 speedfan.INI
06-10-09 00:49 29,988 wmsetup.log
06-10-05 22:45 229,386 DirectX.log
06-10-01 21:54 6,093 mozver.dat
06-10-01 20:13 29,854 plusoc.log
06-10-01 20:13 28,488 MedCtrOC.log
06-10-01 20:13 116,298 ocgen.log
06-10-01 20:13 171,434 FaxSetup.log
06-10-01 20:13 9,789 msgsocm.log
06-10-01 20:13 1,917 imsins.log
06-10-01 20:13 13,352 ehOCGen.log
06-10-01 20:13 8,716 tabletoc.log
06-10-01 20:13 46,713 netfxocm.log
06-10-01 20:13 10,560 ocmsn.log
06-10-01 20:13 70,916 comsetup.log
06-10-01 20:13 93,839 tsoc.log
06-10-01 20:13 44,255 ntdtcsetup.log
06-10-01 20:13 281,454 iis6.log
06-10-01 20:13 69,296 msmqinst.log
06-10-01 18:07 1,917 imsins.BAK
06-10-01 11:35 0 keyboard1.dat
06-09-27 03:09 33 CMSurround.ini
06-09-06 18:55 129 winamp.ini
06-09-04 19:10 315,060 Audi TT Coupe.scr
06-09-04 19:10 1,181,321 Audi TT Coupe.exe
06-09-04 19:10 29,696 mickey32.dll
06-08-14 00:45 178 CMMPLAY.INI
06-08-08 22:26 737,280 iun6002.exe
06-08-04 00:19 44 3D Text Factory.INI
06-08-03 23:00 10 ABC3D.SN
06-08-01 01:47 170 setup.log
06-07-23 17:08 2,510 Microsoft.MIF
06-07-20 20:37 2,359,350 Firefox Wallpaper.bmp
06-07-16 00:38 308 CMCDPLAY.TDB
06-07-14 20:58 34,527 LUINSTALL.LOG
06-07-14 20:26 19,830 SYMEVENT.LOG
----------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815
Verzeichnis von C:\WINDOWS\Temp
----------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815
Verzeichnis von C:\WINDOWS\Downloaded Program Files
05-05-05 03:48 65 desktop.ini
03-12-08 13:58 3,759 swflash.inf
2 Datei(en) 3,824 Bytes
0 Verzeichnis(se), 3,248,136,192 Bytes frei
----------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D052-1815
Verzeichnis von C:\
06-10-14 21:31 0 sys.txt
06-10-14 21:30 341 down.txt
06-10-14 21:30 117 tmp.txt
06-10-14 21:29 7,817 system.txt
06-10-14 21:28 338 systemtemp.txt
06-10-14 21:26 101,352 system32.txt
06-10-14 21:16 536,399,872 hiberfil.sys
06-10-14 21:16 805,306,368 pagefile.sys
06-10-14 21:12 53 direct.txt
06-10-14 21:11 133 ComboFix.txt
06-10-14 20:59 133 ComboFix2.txt
06-10-14 20:52 133 ComboFix3.txt
06-10-14 18:47 209 boot.ini
06-09-30 19:30 191 files.txt
06-09-29 01:55 901 list
06-09-29 01:13 34,308 BASSMOD.DLL
06-07-24 19:38 36,864 Nevoreg1.dll
----------------------------------------------------------------------------
Ich hoffe das ich alles bedacht habe und nicht falsch gemacht hab.
Hatte noch nie so nervende Werbung auf meinem Rechner. Habe echt schon alles probiert. Aber nichts hat was gebracht.
Danke schon mal für eure hilfe! Dieses Forum ist wohl kaum zu ersetzen!