ständiges pop-up -->conversion.cpvfeed.com (ie)

#16 Hi!
So - jetzt siehts gar nicht schlecht aus. Der Look2Me scheint entgültig vertrieben. eScan zeigt ihn nichts mehr an und auch die Anzahl der Fehler ist deutlich gesunken auf 21.

Hier der Auszug aus dem Log (mwav.log) mit den angezeigten Viren und Fehlern:
-----------------------------------------------------------------------
Fri Nov 18 10:51:59 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Fri Nov 18 10:51:59 2005 => Loading Spyware Signatures from new External Database (Size: 145242).
Fri Nov 18 10:51:59 2005 => Indexed Spyware Databases Successfully Created...

Fri Nov 18 10:51:59 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Fri Nov 18 10:52:01 2005 => Offending Key found: HKCU\Software\maxthon !!!
Fri Nov 18 10:52:01 2005 => Object "abxtoolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Fri Nov 18 10:52:03 2005 => Offending file found: C:\WINDOWS\system32\tsuninst.exe
Fri Nov 18 10:52:03 2005 => System found infected with target saver Spyware/Adware (tsuninst.exe)! Action taken: No Action Taken.

Fri Nov 18 10:52:06 2005 => Offending file found: C:\WINDOWS\system32\tsuninst.exe
Fri Nov 18 10:52:06 2005 => System found infected with target saver Spyware/Adware (C:\WINDOWS\system32\tsuninst.exe)! Action taken: No Action Taken.


Fri Nov 18 10:52:07 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Fri Nov 18 10:52:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing\". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".0/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".0/windows/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".0/windows/win32/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1/windows/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1/windows/win32/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1/windows/win32/sea/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".3/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".3/windows/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".3/windows/win32/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/pub/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/pub/netscape7/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/pub/netscape7/german/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/pub/netscape8/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/pub/netscape8/english/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cr". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/pub/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/pub/mirror/". Action Taken: No Action Taken.

Fri Nov 18 10:52:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HijackThis". Action Taken: No Action Taken.
-----------------------------------------------------------------------

Beim öffnen des Logs mit eScan sagt mir das Programm nach wie vor, dass keine Dateien zum Löschen vorhanden seien. Was rätst du mir jetzt? System so lassen oder besser noch was gegen diese Einträge unternehmen???
Michael

#17 loesche:
C:\WINDOWS\system32\tsuninst.exe

Start-->Ausfuehren--> regedit
HKCU\Software\maxthon <--loeschen

der Rest sind nur ungueltige Eintraege...also nichts schlimmes.
__________
MfG Sabina

rund um die PC-Sicherheit

#18 Hi!
Done!
Vielen Dank für die sehr umfangreiche und erfolgreiche Hilfe! Neben einem sauberen Rechner, habe ich auch viel gelernt. Ich hoffe natürlich, dass ich mich nicht so bald wieder hier melden muss... :-)

Weiter so!
Michael

#19 Hallo,

habe euer sehr nützliches forum (und sogar mal eins auf deutsch) erst dadurch entdeckt, weil ich auch einen LOOK2ME hatte.

Ja, hatte...

habe was entsprechendes gefunden, ausgeführt und alles ist wieder ok.
hier der link:

http://www.pchell.com/support/look2me.shtml

Ich habe -bequem wie ich bin- deren VB-script nach den Anweisungen gestartet (im Task-Manager). Nach einen Neustart war alles behoben,
keine popups mehr, counterspy hat auch nichts mehr gefunden.

Ich hoffe, ich konnte durch meine Rückmeldung auch euch helfe.

Viele Grüße aus Stuttgart

Oliver Schwarz

#20 hallo,
bin neu hier und habe wohl das gleiche Problem wie viele... ständig popups wie z.B. conversion.cpvfeed.com...

hier gleich der log von l2mfix mit Option1!

Kann mir bitte jemand helfen!!!

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Dynamic Directory]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\k4440ehqeh4e0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{DBDA5A54-9988-4EA6-709E-6C8F604BAAF0}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn�pfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Sammelmappen-Teiler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension"
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}"="Multiscan"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{B8323370-FF27-11D2-97B6-204C4F4F5020}"="SmartFTP Shell Extension DLL"
"{F371B873-3CAE-49A3-B16E-B65758DA6C4D}"=""
"{2C382790-2970-4611-9A05-5998D967E118}"=""
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v7"
"{5FB2AC1C-9C75-4B46-81DA-4B9311799595}"=""
"{CD07FBCC-F5B4-46C1-B20E-04DAE6CDA2BF}"=""
"{C467E9D6-A58C-4BA5-B9CE-740D34AC2330}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F371B873-3CAE-49A3-B16E-B65758DA6C4D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F371B873-3CAE-49A3-B16E-B65758DA6C4D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F371B873-3CAE-49A3-B16E-B65758DA6C4D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F371B873-3CAE-49A3-B16E-B65758DA6C4D}\InprocServer32]
@="C:\\WINDOWS\\system32\\dtvxdec_0407.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C467E9D6-A58C-4BA5-B9CE-740D34AC2330}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C467E9D6-A58C-4BA5-B9CE-740D34AC2330}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C467E9D6-A58C-4BA5-B9CE-740D34AC2330}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C467E9D6-A58C-4BA5-B9CE-740D34AC2330}\InprocServer32]
@="C:\\WINDOWS\\system32\\jbmd400.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
acdiosrv.dll Sun 30 Oct 2005 10:27:32 A.... 236.210 230,67 K
bassmod.dll Sat 22 Oct 2005 9:39:56 A.... 15.360 15,00 K
bhowselc.dll Sun 30 Oct 2005 10:27:34 A.... 234.169 228,68 K
boowsewm.dll Sun 13 Nov 2005 17:07:50 ..S.R 235.898 230,37 K
camcat.dll Sun 30 Oct 2005 10:27:32 A.... 235.677 230,15 K
cbtsrvut.dll Fri 4 Nov 2005 17:54:54 ..S.R 234.108 228,62 K
cdosys.dll Sat 10 Sep 2005 2:54:28 A.... 2.067.968 1,97 M
cimmtb32.dll Sun 27 Nov 2005 19:00:02 ..S.R 236.089 230,55 K
cxmdlg32.dll Sun 30 Oct 2005 10:26:20 A.... 234.271 228,78 K
d0j0la~1.dll Sun 27 Nov 2005 12:23:46 ..S.R 234.103 228,61 K
dcnaddr.dll Fri 4 Nov 2005 17:48:34 ..S.R 236.376 230,84 K
ddsapi.dll Wed 2 Nov 2005 7:44:54 ..S.R 234.050 228,56 K
dhdiagn.dll Sat 26 Nov 2005 14:46:58 ..S.R 233.789 228,31 K
dtvxde~1.dll Sun 4 Dec 2005 16:54:18 ..S.R 236.287 230,75 K
eicdec.dll Fri 11 Nov 2005 17:59:40 ..S.R 235.050 229,54 K
enlsl1~1.dll Wed 16 Nov 2005 20:30:56 ..... 236.708 231,16 K
fppm03~1.dll Fri 18 Nov 2005 13:37:26 ..S.R 235.446 229,93 K
gccoll~1.dll Tue 15 Nov 2005 12:12:08 A.... 126.680 123,71 K
gcunco~1.dll Tue 15 Nov 2005 12:12:06 A.... 95.448 93,21 K
gdi32.dll Thu 6 Oct 2005 4:18:12 A.... 280.064 273,50 K
hashlib.dll Tue 15 Nov 2005 12:12:08 A.... 117.976 115,21 K
ihwdial.dll Sun 13 Nov 2005 12:37:36 ..S.R 234.166 228,68 K
ihxsap.dll Sun 30 Oct 2005 10:26:58 A.... 234.163 228,67 K
ij41_qcx.dll Thu 1 Dec 2005 14:17:56 ..S.R 237.087 231,53 K
ijsecsvc.dll Sun 30 Oct 2005 10:27:00 A.... 236.854 231,30 K
imsetup.dll Sat 3 Dec 2005 11:15:14 ..S.R 236.763 231,21 K
iqssam.dll Sun 30 Oct 2005 10:27:00 A.... 236.210 230,67 K
ir06l5~1.dll Sun 6 Nov 2005 18:59:08 ..S.R 234.050 228,56 K
ir80l5~1.dll Thu 1 Dec 2005 14:58:04 ..S.R 235.946 230,41 K
ir8ml5~1.dll Sun 4 Dec 2005 11:31:08 ..S.R 233.840 228,36 K
irn4l5~1.dll Sun 30 Oct 2005 10:27:00 A.... 235.624 230,10 K
izmp.dll Fri 2 Dec 2005 16:55:56 ..S.R 236.722 231,17 K
izpromon.dll Sun 4 Dec 2005 16:26:28 ..S.R 236.617 231,07 K
jbmd400.dll Wed 7 Dec 2005 18:45:14 ..S.R 237.167 231,61 K
k4440e~1.dll Wed 7 Dec 2005 9:57:26 ..S.R 237.167 231,61 K
kedgae.dll Sun 30 Oct 2005 10:27:02 A.... 234.169 228,68 K
kgrberos.dll Sun 30 Oct 2005 10:27:02 A.... 234.885 229,38 K
ktdsw.dll Sat 26 Nov 2005 14:55:24 ..S.R 236.089 230,55 K
lladperf.dll Fri 25 Nov 2005 20:13:34 ..S.R 233.789 228,31 K
lvnq09~1.dll Wed 7 Dec 2005 18:45:12 ..S.R 233.527 228,05 K
mcdart.dll Sun 4 Dec 2005 15:38:02 ..S.R 237.266 231,70 K
mcjdbc10.dll Thu 3 Nov 2005 18:57:56 ..S.R 236.369 230,83 K
mdr.dll Thu 1 Dec 2005 14:54:50 ..S.R 234.387 228,89 K
mfc71u.dll Wed 26 Oct 2005 17:12:00 A.... 1.047.552 1023,00 K
mgdemui.dll Fri 4 Nov 2005 10:18:10 ..S.R 236.391 230,85 K
mh4sdmod.dll Sun 30 Oct 2005 10:26:44 A.... 236.987 231,43 K
mhxml2.dll Thu 1 Dec 2005 16:21:32 ..S.R 234.861 229,36 K
mmcmcde.dll Thu 17 Nov 2005 7:49:16 ..S.R 236.708 231,16 K
mnconf.dll Thu 1 Dec 2005 15:02:10 ..S.R 234.861 229,36 K
mnorc32r.dll Sat 12 Nov 2005 8:26:04 ..S.R 234.108 228,62 K
mojava.dll Thu 1 Dec 2005 14:40:46 ..S.R 237.087 231,53 K
mshtml.dll Tue 4 Oct 2005 16:26:02 A.... 3.013.120 2,87 M
mydex.dll Sun 4 Dec 2005 16:13:20 ..S.R 234.821 229,32 K
n46q0e~1.dll Sun 30 Oct 2005 10:27:32 A.... 234.835 229,33 K
ngtapi.dll Fri 18 Nov 2005 16:21:56 ..S.R 237.196 231,64 K
nuprint.dll Fri 4 Nov 2005 18:20:16 ..S.R 234.312 228,82 K
o6lulg~1.dll Thu 3 Nov 2005 19:01:46 ..S.R 234.216 228,73 K
oebcstf.dll Thu 3 Nov 2005 18:31:06 ..S.R 236.369 230,83 K
oehlp30e.dll Fri 4 Nov 2005 17:37:52 ..S.R 234.595 229,09 K
ogffilt.dll Sat 26 Nov 2005 14:50:12 ..S.R 234.288 228,80 K
ojecnv32.dll Sat 26 Nov 2005 13:34:02 ..S.R 235.250 229,73 K
rcsman.dll Sun 30 Oct 2005 10:26:20 A.... 235.677 230,15 K
rfpdd.dll Sun 4 Dec 2005 16:51:10 ..S.R 234.821 229,32 K
sclwapi.dll Fri 18 Nov 2005 12:11:52 ..S.R 234.248 228,76 K
sflgntfy.dll Thu 1 Dec 2005 13:52:46 ..S.R 234.185 228,70 K
shell32.dll Fri 23 Sep 2005 4:06:22 A.... 8.491.520 8,10 M
spcfiles.dll Thu 1 Dec 2005 14:49:52 ..S.R 233.342 227,87 K
srsvcs.dll Fri 2 Dec 2005 17:28:20 ..S.R 236.763 231,21 K
svnscfg.dll Sun 30 Oct 2005 10:26:18 A.... 234.898 229,39 K
sxbrccsp.dll Thu 1 Dec 2005 14:28:32 ..S.R 233.437 227,96 K
szc_os.dll Sun 13 Nov 2005 12:20:12 ..S.R 235.898 230,37 K
sztupdll.dll Sun 4 Dec 2005 15:32:52 ..S.R 233.830 228,35 K
tvpmon.dll Sun 4 Dec 2005 11:48:40 ..S.R 237.266 231,70 K
umrv80a.dll Wed 7 Dec 2005 8:30:24 ..S.R 237.167 231,61 K
vk5db.dll Tue 6 Dec 2005 15:03:52 ..S.R 237.167 231,61 K
vsdata.dll Tue 15 Nov 2005 0:50:30 A.... 83.720 81,76 K
vsinit.dll Tue 15 Nov 2005 0:50:42 A.... 141.064 137,76 K
vsmonapi.dll Tue 15 Nov 2005 0:50:52 A.... 104.208 101,77 K
vspubapi.dll Tue 15 Nov 2005 0:50:56 A.... 227.088 221,77 K
vsregexp.dll Tue 15 Nov 2005 0:51:00 A.... 71.440 69,77 K
vsutil.dll Tue 15 Nov 2005 0:51:12 A.... 382.728 373,76 K
vsutil~1.dll Tue 15 Nov 2005 0:34:04 A.... 54.960 53,67 K
vsxml.dll Tue 15 Nov 2005 0:51:20 A.... 100.104 97,76 K
wcstream.dll Sun 30 Oct 2005 10:26:18 A.... 236.897 231,34 K
whvdmoe.dll Sun 30 Oct 2005 9:24:26 ..S.R 235.677 230,15 K
wndap32.dll Thu 3 Nov 2005 18:54:04 ..S.R 236.391 230,85 K
wpdap32.dll Sun 30 Oct 2005 10:26:20 A.... 233.785 228,30 K
wuhrm.dll Sun 4 Dec 2005 15:41:36 ..S.R 234.121 228,63 K
wxdmtp.dll Thu 1 Dec 2005 14:44:02 ..S.R 237.295 231,73 K
wysdmoe2.dll Sat 5 Nov 2005 11:47:44 ..S.R 234.428 228,93 K
wz2help.dll Mon 7 Nov 2005 15:00:52 ..S.R 236.623 231,07 K
xqctsrv.dll Fri 25 Nov 2005 20:45:42 ..S.R 235.675 230,15 K
zlcomm.dll Tue 15 Nov 2005 0:51:40 A.... 79.624 77,76 K
zlcommdb.dll Tue 15 Nov 2005 0:51:44 A.... 71.440 69,77 K

94 items found: 94 files (58 H/S), 0 directories.
Total of file sizes: 34.229.628 bytes 32,64 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\WINDOWS\System32

07.12.2005 18:45 237.167 jbmd400.dll
07.12.2005 18:45 233.527 lvnq0955e.dll
07.12.2005 09:57 237.167 k4440ehqeh4e0.dll
07.12.2005 08:30 237.167 umrv80a.dll
06.12.2005 15:03 237.167 VK5DB.DLL
04.12.2005 16:54 236.287 dtvxdec_0407.dll
04.12.2005 16:51 234.821 rfpdd.dll
04.12.2005 16:26 236.617 izpromon.dll
04.12.2005 16:13 234.821 mydex.dll
04.12.2005 15:41 234.121 wuhrm.dll
04.12.2005 15:38 237.266 mcdart.dll
04.12.2005 15:32 233.830 sztupdll.dll
04.12.2005 11:48 237.266 tvpmon.dll
04.12.2005 11:31 233.840 ir8ml5l11.dll
03.12.2005 11:15 236.763 imsetup.dll
02.12.2005 17:28 236.763 srsvcs.dll
02.12.2005 16:55 236.722 izmp.dll
01.12.2005 16:21 234.861 mhxml2.dll
01.12.2005 15:02 234.861 mnconf.dll
01.12.2005 14:58 235.946 ir80l5lm1.dll
01.12.2005 14:54 234.387 mdr.dll
01.12.2005 14:49 233.342 spcfiles.dll
01.12.2005 14:44 237.295 wxdmtp.dll
01.12.2005 14:40 237.087 mojava.dll
01.12.2005 14:28 233.437 sxbrccsp.dll
01.12.2005 14:17 237.087 ij41_qcx.dll
01.12.2005 13:52 234.185 sflgntfy.dll
27.11.2005 19:00 236.089 CIMMTB32.DLL
27.11.2005 12:23 234.103 d0j0la1m1d.dll
26.11.2005 14:55 236.089 ktdsw.dll
26.11.2005 14:50 234.288 ogffilt.dll
26.11.2005 14:46 233.789 dhdiagn.dll
26.11.2005 13:34 235.250 ojecnv32.dll
25.11.2005 20:45 235.675 xQctsrv.dll
25.11.2005 20:13 233.789 lladperf.dll
18.11.2005 16:27 <DIR> dllcache
18.11.2005 16:21 237.196 ngtapi.dll
18.11.2005 13:37 235.446 fppm0371e.dll
18.11.2005 12:11 234.248 sclwapi.dll
17.11.2005 07:49 236.708 mmcmcde.dll
13.11.2005 17:07 235.898 boowsewm.dll
13.11.2005 12:37 234.166 ihwdial.dll
13.11.2005 12:20 235.898 szc_os.dll
12.11.2005 08:26 234.108 mnorc32r.dll
11.11.2005 17:59 235.050 eicdec.dll
07.11.2005 15:00 236.623 wz2help.dll
06.11.2005 18:59 234.050 ir06l5ds1.dll
05.11.2005 11:47 234.428 wysdmoe2.dll
04.11.2005 18:20 234.312 nuprint.dll
04.11.2005 17:54 234.108 cBtsrvut.dll
04.11.2005 17:48 236.376 dcnaddr.dll
04.11.2005 17:37 234.595 oehlp30e.dll
04.11.2005 10:18 236.391 mgdemui.dll
03.11.2005 19:01 234.216 o6lulg3916.dll
03.11.2005 18:57 236.369 mcjdbc10.dll
03.11.2005 18:54 236.391 wndap32.dll
03.11.2005 18:31 236.369 OEBCSTF.DLL
02.11.2005 07:44 234.050 ddsapi.dll
30.10.2005 09:24 235.677 whvdmoe.dll
17.09.2002 05:38 <DIR> Microsoft
58 Datei(en) 13.655.545 Bytes
2 Verzeichnis(se), 20.119.658.496 Bytes frei

#21 tolange

http://virus-protect.org/l2mfix.html
wende Option 2 an--> neustarten--> option 4 , dann poste das neue Log (von Option2)

Hoster.zip -> anwenden
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

spysweeper trial
http://virus-protect.org/spysweeper.html
__________
MfG Sabina

rund um die PC-Sicherheit