yyy102.html Probleme unerwünschte PopUp

#1 Hy Leute, nen schönen Tag.
Auch ich habe Habe auch schon einiges probiert und nachgelesen aber keinen Erfolg. Hier mein Logfile

Logfile of HijackThis v1.99.1
Scan saved at 11:34:38, on 27.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\ch_utility.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\ConquerCam\ConquerCam.exe
C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Bakerman\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.de.netscape.com/de/home/winsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stolbinger.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.de.netscape.com/de/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.de.netscape.com/de/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programme\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.110:3128
O1 - Hosts: MINOLTA-QMS magicolor 2300 DL
O1 - Hosts: drucker
O1 - Hosts: drucker
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Chrontel TV] C:\WINDOWS\System32\ch_utility.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020706 Seri*hier nicht!*=DR12WEX-1508138-QRS lang=EN
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [ConquerCam] C:\Programme\ConquerCam\ConquerCam.exe /tray
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\en88l1lu1.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: License Management Service ESD - element5 - C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: RVS CAPI (RVS_CE) - Unknown owner - C:\WINDOWS\system32\rvs_cent.exe (file missing)


wenn mir jemand weiterhelfen kann, wäre ich sehr dankbar.

#2 L2mfix
http://www.downloads.subratam.org/l2mfix.exe
kopiere hier den scanreport von Option 1
http://virus-protect.org/l2mfix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Sorry war unterwegs und bin wieder da.
Schon im voraus vielen Dank für deine nette Hilfe.
L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\m6nqlg5516.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{849C3723-D59C-01EF-0657-A0FE55AAB8C8}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f�r Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn�pfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{6af09ec9-b429-11d4-a1fb-0090960218cb}"="My Bluetooth Places"
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}"="Nokia Phone Browser"
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}"="Contact View"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{9DED7A30-D572-4D21-8D82-6945EA697400}"="Macromedia FlashPaper Context Menu"
"{BE3B2C08-ADEB-472E-B48C-995FA9D3983D}"=""
"{2B997280-15AF-4ADB-8E53-685F9C0B715A}"=""
"{FE6A353B-05CD-465A-86E2-805AF966C2A2}"=""
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
@="CorelDRAW Shell Extension Component"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{905F8D3D-2F42-4B27-9591-011D595D7682}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BE3B2C08-ADEB-472E-B48C-995FA9D3983D}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{BE3B2C08-ADEB-472E-B48C-995FA9D3983D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BE3B2C08-ADEB-472E-B48C-995FA9D3983D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BE3B2C08-ADEB-472E-B48C-995FA9D3983D}\InprocServer32]
@="C:\\WINDOWS\\system32\\kjdne.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FE6A353B-05CD-465A-86E2-805AF966C2A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE6A353B-05CD-465A-86E2-805AF966C2A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE6A353B-05CD-465A-86E2-805AF966C2A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE6A353B-05CD-465A-86E2-805AF966C2A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\lfrhelp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{905F8D3D-2F42-4B27-9591-011D595D7682}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{905F8D3D-2F42-4B27-9591-011D595D7682}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{905F8D3D-2F42-4B27-9591-011D595D7682}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{905F8D3D-2F42-4B27-9591-011D595D7682}\InprocServer32]
@="C:\\WINDOWS\\system32\\whserror.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
axaltocm.dll Sat 29 Oct 2005 0:25:12 ..... 133.120 130,00 K
bcsprsrc.dll Sat 29 Oct 2005 0:50:50 ..... 26.112 25,50 K
browseui.dll Thu 24 Nov 2005 0:58:28 A.... 1.022.464 998,50 K
danim.dll Sat 5 Nov 2005 4:16:24 A.... 1.056.256 1,00 M
e6202g~1.dll Fri 27 Jan 2006 12:24:38 ..S.R 237.151 231,59 K
en68l1~1.dll Fri 27 Jan 2006 4:15:32 ..S.R 234.411 228,91 K
f40o0e~1.dll Thu 26 Jan 2006 22:18:16 ..S.R 234.576 229,08 K
gccoll~1.dll Tue 15 Nov 2005 12:12:08 A.... 126.680 123,71 K
gcunco~1.dll Tue 15 Nov 2005 12:12:06 A.... 95.448 93,21 K
gdi32.dll Thu 29 Dec 2005 3:54:38 A.... 280.064 273,50 K
hashlib.dll Tue 15 Nov 2005 12:12:08 A.... 117.976 115,21 K
i0jqla~1.dll Wed 18 Jan 2006 19:38:12 ..S.R 235.782 230,25 K
ifxcardm.dll Sat 29 Oct 2005 0:25:12 ..... 151.552 148,00 K
ir2ml5~1.dll Wed 18 Jan 2006 20:23:14 ..S.R 234.272 228,78 K
kfdaze.dll Fri 27 Jan 2006 0:42:46 ..S.R 234.411 228,91 K
l42s0e~1.dll Fri 27 Jan 2006 0:50:14 ..S.R 235.135 229,62 K
legitc~1.dll Fri 4 Nov 2005 16:27:24 A.... 534.280 521,76 K
lfrhelp.dll Fri 27 Jan 2006 16:43:30 ..S.R 235.420 229,90 K
lv4409~1.dll Fri 27 Jan 2006 0:42:46 ..S.R 234.860 229,36 K
m6nqlg~1.dll Fri 27 Jan 2006 11:38:48 ..S.R 235.420 229,90 K
msctl32.dll Wed 18 Jan 2006 19:30:28 A.... 68.096 66,50 K
mshtml.dll Thu 24 Nov 2005 0:58:28 A.... 3.013.632 2,87 M
n08ola~1.dll Thu 26 Jan 2006 21:45:58 ..S.R 235.652 230,13 K
ojtlwab.dll Fri 27 Jan 2006 8:45:18 ..S.R 237.151 231,59 K
shdocvw.dll Thu 1 Dec 2005 4:31:06 A.... 1.492.480 1,42 M
urlmon.dll Sat 5 Nov 2005 4:16:28 A.... 606.208 592,00 K
whserror.dll Fri 27 Jan 2006 0:54:30 ..S.R 234.411 228,91 K

27 items found: 27 files (13 H/S), 0 directories.
Total of file sizes: 11.783.020 bytes 11,23 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 7C43-FF30

Verzeichnis von C:\WINDOWS\System32

27.01.2006 16:43 235.420 lfrhelp.dll
27.01.2006 12:24 237.151 e6202gfmg62a2.dll
27.01.2006 11:38 235.420 m6nqlg5516.dll
27.01.2006 08:45 237.151 OJTLWAB.DLL
27.01.2006 04:15 234.411 en68l1ju1.dll
27.01.2006 00:54 234.411 whserror.dll
27.01.2006 00:50 235.135 l42s0ef7eh2.dll
27.01.2006 00:42 234.411 kfdaze.dll
27.01.2006 00:42 234.860 lv4409hqe.dll
27.01.2006 00:35 <DIR> dllcache
26.01.2006 22:18 234.576 f40o0ed3eh0.dll
26.01.2006 21:45 235.652 n08olal31dq.dll
18.01.2006 20:23 234.272 ir2ml5f11.dll
18.01.2006 19:38 235.782 i0jqla151d.dll
14.07.2005 12:31 27.648 AVSredirect.dll
26.06.2005 15:32 616.448 cygwin1.dll
21.06.2005 22:37 45.568 cygz.dll
28.02.2005 13:16 240.128 x.264.exe
07.07.2003 20:49 <DIR> Microsoft
17 Datei(en) 3.988.444 Bytes
2 Verzeichnis(se), 6.372.462.592 Bytes frei

#4 loesche:
C:\WINDOWS\System32\x.264.exe

dann arbeite nach Anweisung auf meiner Seite die Option 2 ab

Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program

und poste nach neustart und scan den scanreport von Option 2
Dann kommen weitere Anweisungen
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Hy Sabina,
konnte leider oben genannte Datei nicht finden. Habe die Suchfunktion verwendet.
Hat leider nichts geholfen.
Soll ich mit Option 2 weitermachen? Wenn ja,
wie komme ich an die Anweisung auf deiner Seite.

Mittlerweilen nervt mein Notebook noch mehr, da sich jedesmal die Verbindung sich trennt und ich jedesmal nen Neustart machen muß.

MFG Commi

Sorry, habe in der Ordneransicht versteckte Dateien anzeigen aktiviert und habe das File gefunden und gelöscht. Warte auf deinen Anweisungen.
Sorry,habe jetzt auch die Anweisungen verstanden. Hier das Logfile

L2mfix 010406
Creating Account.
Der Befehl wurde erfolgreich ausgef�hrt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 492 'smss.exe'
Killing PID 492 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 564 'winlogon.exe'
Killing PID 564 'winlogon.exe'
Killing PID 564 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1020 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1320 'rundll32.exe'
Killing PID 1428 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administratoren ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
Deleting: C:\WINDOWS\system32\en68l1ju1.dll
Successfully Deleted: C:\WINDOWS\system32\en68l1ju1.dll
Deleting: C:\WINDOWS\system32\f40o0ed3eh0.dll
Successfully Deleted: C:\WINDOWS\system32\f40o0ed3eh0.dll
Deleting: C:\WINDOWS\system32\h6j4lg1q16.dll
Successfully Deleted: C:\WINDOWS\system32\h6j4lg1q16.dll
Deleting: C:\WINDOWS\system32\hr8805lue.dll
Successfully Deleted: C:\WINDOWS\system32\hr8805lue.dll
Deleting: C:\WINDOWS\system32\i0jqla151d.dll
Successfully Deleted: C:\WINDOWS\system32\i0jqla151d.dll
Deleting: C:\WINDOWS\system32\kfdaze.dll
Successfully Deleted: C:\WINDOWS\system32\kfdaze.dll
Deleting: C:\WINDOWS\system32\l42s0ef7eh2.dll
Successfully Deleted: C:\WINDOWS\system32\l42s0ef7eh2.dll
Deleting: C:\WINDOWS\system32\lv4409hqe.dll
Successfully Deleted: C:\WINDOWS\system32\lv4409hqe.dll
Deleting: C:\WINDOWS\system32\mals31.dll
Successfully Deleted: C:\WINDOWS\system32\mals31.dll
Deleting: C:\WINDOWS\system32\n08olal31dq.dll
Successfully Deleted: C:\WINDOWS\system32\n08olal31dq.dll
Deleting: C:\WINDOWS\system32\OJTLWAB.DLL
Successfully Deleted: C:\WINDOWS\system32\OJTLWAB.DLL
Deleting: C:\WINDOWS\system32\whserror.dll
Successfully Deleted: C:\WINDOWS\system32\whserror.dll

msg11?.dll
0 Datei(en) kopiert.



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\h6j4lg1q16.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\en68l1ju1.dll
C:\WINDOWS\system32\f40o0ed3eh0.dll
C:\WINDOWS\system32\h6j4lg1q16.dll
C:\WINDOWS\system32\hr8805lue.dll
C:\WINDOWS\system32\i0jqla151d.dll
C:\WINDOWS\system32\kfdaze.dll
C:\WINDOWS\system32\l42s0ef7eh2.dll
C:\WINDOWS\system32\lv4409hqe.dll
C:\WINDOWS\system32\mals31.dll
C:\WINDOWS\system32\n08olal31dq.dll
C:\WINDOWS\system32\OJTLWAB.DLL
C:\WINDOWS\system32\whserror.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BE3B2C08-ADEB-472E-B48C-995FA9D3983D}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{BE3B2C08-ADEB-472E-B48C-995FA9D3983D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BE3B2C08-ADEB-472E-B48C-995FA9D3983D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BE3B2C08-ADEB-472E-B48C-995FA9D3983D}\InprocServer32]
@="C:\\WINDOWS\\system32\\kjdne.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FE6A353B-05CD-465A-86E2-805AF966C2A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE6A353B-05CD-465A-86E2-805AF966C2A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE6A353B-05CD-465A-86E2-805AF966C2A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE6A353B-05CD-465A-86E2-805AF966C2A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\mals31.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{905F8D3D-2F42-4B27-9591-011D595D7682}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{905F8D3D-2F42-4B27-9591-011D595D7682}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{905F8D3D-2F42-4B27-9591-011D595D7682}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{905F8D3D-2F42-4B27-9591-011D595D7682}\InprocServer32]
@="C:\\WINDOWS\\system32\\whserror.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BE3B2C08-ADEB-472E-B48C-995FA9D3983D}"=-
"{2B997280-15AF-4ADB-8E53-685F9C0B715A}"=-
"{FE6A353B-05CD-465A-86E2-805AF966C2A2}"=-
"{905F8D3D-2F42-4B27-9591-011D595D7682}"=-
[-HKEY_CLASSES_ROOT\CLSID\{BE3B2C08-ADEB-472E-B48C-995FA9D3983D}]
[-HKEY_CLASSES_ROOT\CLSID\{2B997280-15AF-4ADB-8E53-685F9C0B715A}]
[-HKEY_CLASSES_ROOT\CLSID\{FE6A353B-05CD-465A-86E2-805AF966C2A2}]
[-HKEY_CLASSES_ROOT\CLSID\{905F8D3D-2F42-4B27-9591-011D595D7682}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/en68l1ju1.dll (184 bytes security) (deflated 4%)
adding: dlls/f40o0ed3eh0.dll (184 bytes security) (deflated 4%)
adding: dlls/h6j4lg1q16.dll (184 bytes security) (deflated 4%)
adding: dlls/hr8805lue.dll (184 bytes security) (deflated 5%)
adding: dlls/i0jqla151d.dll (184 bytes security) (deflated 5%)
adding: dlls/kfdaze.dll (184 bytes security) (deflated 4%)
adding: dlls/l42s0ef7eh2.dll (184 bytes security) (deflated 5%)
adding: dlls/lv4409hqe.dll (184 bytes security) (deflated 5%)
adding: dlls/mals31.dll (184 bytes security) (deflated 4%)
adding: dlls/n08olal31dq.dll (184 bytes security) (deflated 5%)
adding: dlls/OJTLWAB.DLL (184 bytes security) (deflated 5%)
adding: dlls/whserror.dll (184 bytes security) (deflated 4%)
adding: backregs/905F8D3D-2F42-4B27-9591-011D595D7682.reg (188 bytes security) (deflated 70%)
adding: backregs/BE3B2C08-ADEB-472E-B48C-995FA9D3983D.reg (188 bytes security) (deflated 69%)
adding: backregs/FE6A353B-05CD-465A-86E2-805AF966C2A2.reg (188 bytes security) (deflated 70%)
adding: backregs/notibac.reg (184 bytes security) (deflated 87%)
adding: backregs/shell.reg (184 bytes security) (deflated 73%)

Hallo Sabina,
habe ich was falsch gemacht, oder bist du sauer weil ich vorhin die Anweisung nicht so richtig verstanden habe. Tut mir ja wirklich sorry.

P.S hatte seitdem keine PopUp mehr und das NB hat wieder den Turbogang eingelegt. Ist nun schon alles in Ordnung, oder müßen noch weitere Schritte durchgeführt werden?

Sollte alles in Ordnung sein möchte ich mich bei DIR recht herzlich für die schnelle Hilfe bedanken. Würde ich in Deiner Nähe sein, würde ich dich ganz fest ind den Arm nehmen und ganz lieb knuddeln. Du bist Spitze.

Nochmals vielen Dank für Deine Mühe.

#6 ich war arbeiten..und bin gerade erst nach Hause gekommen

scanne mit SpySweeper (trial) und poste den scanreport
http://virus-protect.org/spysweeper.html
__________
MfG Sabina

rund um die PC-Sicherheit

#7 Hallo, schönen guten Tag.
Bin auch wieder zu Hause und habe Deine Anweisung befolgt.
Hier das Logfile

********
09:50: | Start of Session, Samstag, 28. Januar 2006 |
09:50: Spy Sweeper started
09:50: Sweep initiated using definitions version 606
09:50: Starting Memory Sweep
09:54: Memory Sweep Complete, Elapsed Time: 00:03:33
09:54: Starting Registry Sweep
09:55: Registry Sweep Complete, Elapsed Time:00:00:50
09:55: Starting Cookie Sweep
09:55: Cookie Sweep Complete, Elapsed Time: 00:00:00
09:55: Starting File Sweep
09:58: Found Adware: spysheriff fakealert
09:58: winstall.exe.q_27c00_q (ID = 233151)
09:58: Found Adware: look2me
09:58: appwrap[1].exe (ID = 65722)
09:58: Found Adware: coolwebsearch (cws)
09:58: paytime.exe.q_8041c49_q (ID = 235793)
10:12: appwrap[1].exe (ID = 65739)
10:14: Found Adware: cydoor peer-to-peer dependency
10:14: cd_clint.dll (ID = 57300)
10:17: lv4409hqe.dll (ID = 159)
10:20: mals31.dll (ID = 159)
10:20: f40o0ed3eh0.dll (ID = 159)
10:20: h6j4lg1q16.dll (ID = 159)
10:20: hr8805lue.dll (ID = 159)
10:20: n08olal31dq.dll (ID = 159)
10:22: ojtlwab.dll (ID = 159)
10:22: whserror.dll (ID = 159)
10:22: i0jqla151d.dll (ID = 159)
10:22: en68l1ju1.dll (ID = 159)
10:22: kfdaze.dll (ID = 159)
10:22: l42s0ef7eh2.dll (ID = 159)
10:22: File Sweep Complete, Elapsed Time: 00:26:55
10:22: Full Sweep has completed. Elapsed time 00:31:39
10:22: Traces Found: 17
10:24: Removal process initiated
10:25: Quarantining All Traces: look2me
10:25: Quarantining All Traces: spysheriff fakealert
10:25: Quarantining All Traces: coolwebsearch (cws)
10:25: Quarantining All Traces: cydoor peer-to-peer dependency
10:25: Removal process completed. Elapsed time 00:00:55
********
09:49: | Start of Session, Samstag, 28. Januar 2006 |
09:49: Spy Sweeper started
09:50: Your spyware definitions have been updated.
09:50: | End of Session, Samstag, 28. Januar 2006 |

#8 - dekativiere die Systemwiederherstellung (erst nach der Reinigung wieder aktivieren)

- scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Hallo Sabina,
habe beim Spyswepper etwas voreilig reagiert und mit aktiver Systemwiederherstellung die Sachen entfernt.
Habe aber einen Neustart durchgeführt und neu gescannt. Danach die Systemwiederherstellung deaktiviert und die Sachen gelöscht. Jetzt habe ich die Systemwiederherstellung aktiviert und mit Panda gescannt.
Hier das Logfile.
Habe aber noch nichts weiteres unternommen (gelöscht etc)


Incident Status Location

Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[en68l1ju1.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[f40o0ed3eh0.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[h6j4lg1q16.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[hr8805lue.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[i0jqla151d.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[kfdaze.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[l42s0ef7eh2.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[lv4409hqe.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[mals31.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[n08olal31dq.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[OJTLWAB.DLL]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[whserror.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\Process.exe
Spyware:Cookie/Reliablestats Not disinfected C:\Dokumente und Einstellungen\Bakerman\Lokale Einstellungen\Temp\Cookies\bakerman@stats1.reliablestats[1].txt
Adware:Adware/BrilliantDigital Not disinfected C:\Programme\KaZaA Lite\bdcore.dll
Virus:W32/Loosky.C.worm Disinfected C:\WINDOWS\country.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload.dat
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Temp\Cookies\bakerman@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\WINDOWS\Temp\Cookies\bakerman@adopt.hbmediapro[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\WINDOWS\Temp\Cookies\bakerman@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Temp\Cookies\bakerman@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Temp\Cookies\bakerman@dist.belnk[2].txt
Spyware:Cookie/Paypopup Not disinfected C:\WINDOWS\Temp\Cookies\bakerman@paypopup[2].txt
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\tool1.exe

#10 CAP-Commi

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 7C43-FF30

Verzeichnis von C:\

28.01.2006 16:11 0 sys.txt
28.01.2006 16:11 12.178 system.txt
28.01.2006 16:11 136 systemtemp.txt
28.01.2006 16:11 107.148 system32.txt
28.01.2006 10:50 234.405.888 hiberfil.sys
28.01.2006 10:50 352.321.536 pagefile.sys
10.01.2006 21:28 201 UVS7_WKLog.txt
30.11.2004 21:46 246 BcBtRmv.log
24.10.2004 15:56 211 boot.ini
24.10.2004 15:38 47.564 NTDETECT.COM
24.10.2004 15:38 251.184 ntldr

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 7C43-FF30

Verzeichnis von C:\WINDOWS

28.01.2006 11:34 995 win.ini
28.01.2006 11:32 672.474 setupapi.log
28.01.2006 10:50 1.503.689 WindowsUpdate.log
28.01.2006 10:50 159 wiadebug.log
28.01.2006 10:50 50 wiaservc.log
28.01.2006 10:50 0 0.log
28.01.2006 10:50 2.048 bootstat.dat
28.01.2006 10:49 32.540 SchedLgU.Txt
27.01.2006 04:15 211.536 ntbtlog.txt
27.01.2006 00:41 2.896 COM+.log
27.01.2006 00:35 89.662 iis6.log
27.01.2006 00:35 197.634 comsetup.log
27.01.2006 00:35 27.544 ocmsn.log
27.01.2006 00:35 222.262 tsoc.log
27.01.2006 00:35 1.374 imsins.log
27.01.2006 00:35 119.115 ntdtcsetup.log
27.01.2006 00:35 6.899 KB902344.log
27.01.2006 00:35 286.208 ocgen.log
27.01.2006 00:35 28.516 msgsocm.log
27.01.2006 00:35 563.745 FaxSetup.log
27.01.2006 00:34 80.759 wmsetup.log
27.01.2006 00:33 322 wmsetup10.log
27.01.2006 00:18 30.066 spupdsvc.log
26.01.2006 22:41 1.374 imsins.BAK
26.01.2006 22:41 6.671 WMCSetup.log
26.01.2006 22:41 3.560 basecsp.log
26.01.2006 22:40 6.429 KB891122.log
26.01.2006 22:40 316.640 WMSysPr9.prx
26.01.2006 22:34 12.766 KB900930.log
26.01.2006 22:34 12.511 KB887797.log
26.01.2006 15:25 208.448 setupact.log
25.01.2006 11:06 478.720 WRUninstall.dll
23.01.2006 18:22 1.125 winamp.ini
23.01.2006 18:11 109 homeDVD-Fotos5.INI
20.01.2006 00:45 197 homeDVD-Fotos3_5.INI
19.01.2006 19:49 443 SynInst.log
18.01.2006 19:31 0 winsysupd1.dat
18.01.2006 19:31 43 drsmartload.dat
18.01.2006 19:30 74.752 tool1.exe
18.01.2006 19:29 0 uniq
18.01.2006 00:36 49 NeroDigital.ini
14.01.2006 20:48 160 mafosav.INI
14.01.2006 00:34 52 Relax.ini
11.01.2006 01:35 10.191 KB908519.log
10.01.2006 19:37 1.326 Directx.log
09.01.2006 11:04 11.097 KB912919.log
09.01.2006 11:04 24.092 updspapi.log
16.12.2005 05:33 9.370 KB910437.log
16.12.2005 05:33 15.463 KB905915.log
15.12.2005 16:57 29.233 KB890923.log
02.12.2005 16:05 11.890 KB896424.log
24.10.2005 14:24 21.006 KB901017.log
24.10.2005 14:24 23.427 KB902400.log
24.10.2005 14:23 14.116 KB896688.log
24.10.2005 14:23 13.597 KB905414.log
24.10.2005 14:23 13.457 KB900725.log
24.10.2005 14:22 11.234 KB904706.log
24.10.2005 14:22 11.975 KB905749.log

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 7C43-FF30

Verzeichnis von C:\DOKUME~1\Bakerman\LOKALE~1\Temp

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 7C43-FF30

Verzeichnis von C:\WINDOWS\system32

28.01.2006 11:34 0 asfiles.txt
28.01.2006 11:31 2.550 Uninstall.ico
28.01.2006 11:31 1.406 Help.ico
28.01.2006 11:31 30.590 pavas.ico
27.01.2006 19:05 0 lo2.txtt
27.01.2006 00:45 1.158 wpa.dbl
27.01.2006 00:30 401.398 perfh009.dat
27.01.2006 00:30 62.678 perfc009.dat
27.01.2006 00:30 416.044 perfh007.dat
27.01.2006 00:30 75.392 perfc007.dat
27.01.2006 00:30 941.716 PerfStringBackup.INI
26.01.2006 22:38 23.392 nscompat.tlb
26.01.2006 22:38 16.832 amcompat.tlb
26.01.2006 15:32 1.111.560 FNTCACHE.DAT
25.01.2006 11:06 492.544 WRLogonNtf.dll
25.01.2006 11:06 8.192 ssiefr.EXE
25.01.2006 11:05 17.920 wrlzma.dll
22.01.2006 20:45 402.296 AdobeFnt.lst
18.01.2006 20:23 234.272 ir2ml5f11.dll
18.01.2006 19:30 68.096 msctl32.dll
18.01.2006 13:05 57.344 avsda.dll
05.01.2006 04:41 2.836.320 MRT.exe
29.12.2005 03:54 280.064 gdi32.dll
01.12.2005 04:31 1.492.480 shdocvw.dll
24.11.2005 00:58 1.022.464 browseui.dll
24.11.2005 00:58 3.013.632 mshtml.dll
15.11.2005 12:12 117.976 hashlib.dll
15.11.2005 12:12 126.680 GCCollection.dll
15.11.2005 12:12 95.448 gcUnCompress.dll
05.11.2005 04:16 606.208 urlmon.dll
05.11.2005 04:16 1.056.256 danim.dll
04.11.2005 16:27 534.280 LegitCheckControl.DLL
29.10.2005 00:50 26.112 bcsprsrc.dll
29.10.2005 00:50 86.016 pintool.exe
29.10.2005 00:25 151.552 ifxcardm.dll
29.10.2005 00:25 133.120 axaltocm.dll
28.10.2005 16:40 96.792 basecsp.dll
21.10.2005 04:40 664.064 wininet.dll
21.10.2005 04:40 474.112 shlwapi.dll
21.10.2005 04:40 530.944 mstime.dll
21.10.2005 04:40 448.512 mshtmled.dll
21.10.2005 04:40 39.424 pngfilt.dll
21.10.2005 04:40 146.432 msrating.dll
21.10.2005 04:40 96.768 inseng.dll
21.10.2005 04:40 205.312 dxtrans.dll
21.10.2005 04:40 251.392 iepeers.dll
21.10.2005 04:40 55.808 extmgr.dll
21.10.2005 04:40 152.064 cdfview.dll
20.10.2005 23:25 1.094.144 esent.dll
17.10.2005 22:20 118.272 t2embed.dll
17.10.2005 22:20 80.896 fontsub.dll
13.10.2005 00:11 15.584 spmsg.dll
06.10.2005 04:08 1.839.616 win32k.sys

#12 KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren:

C:\WINDOWS\winsysupd1.dat
C:\WINDOWS\drsmartload.dat
C:\WINDOWS\tool1.exe
C:\WINDOWS\uniq
C:\WINDOWS\system32\asfiles.txt
C:\WINDOWS\system32\Uninstall.ico
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\system32\pavas.ico
C:\WINDOWS\system32\lo2.txtt
C:\WINDOWS\system32\nscompat.tlb
C:\WINDOWS\system32\amcompat.tlb
C:\WINDOWS\system32\ir2ml5f11.dll
C:\WINDOWS\system32\msctl32.dll

PC neustarten

kopiere das Log von Winpfind
http://virus-protect.org/winpfind.html
__________
MfG Sabina

rund um die PC-Sicherheit

#13 WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 18.08.2001 13:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 04.11.2005 16:27:24 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 05.01.2006 04:41:32 2836320 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 05.01.2006 04:41:32 2836320 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 08:57:08 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
PEC2 08.10.2001 12:37:32 13107200 C:\WINDOWS\SYSTEM32\oembios.bin
Umonitor 04.08.2004 08:57:32 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 18.08.2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 04.08.2004 06:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
28.01.2006 17:38:16 S 2048 C:\WINDOWS\bootstat.dat
26.01.2006 22:31:18 RHS 227 C:\WINDOWS\assembly\Desktop.ini
26.01.2006 22:46:40 RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
26.01.2006 22:46:40 RH 0 C:\WINDOWS\assembly\pubpol1.dat
26.01.2006 22:58:38 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat
26.01.2006 22:58:46 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
01.12.2005 04:44:42 S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
02.12.2005 01:12:38 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
03.01.2006 00:09:26 S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
28.01.2006 17:40:02 H 1024 C:\WINDOWS\system32\config\default.LOG
28.01.2006 17:38:30 H 1024 C:\WINDOWS\system32\config\SAM.LOG
28.01.2006 17:48:42 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
28.01.2006 17:42:32 H 1024 C:\WINDOWS\system32\config\software.LOG
28.01.2006 17:40:24 H 1024 C:\WINDOWS\system32\config\system.LOG
11.01.2006 01:35:16 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
18.01.2006 20:36:24 S 19846 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1
18.01.2006 20:36:22 S 408 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
18.01.2006 20:36:24 S 120 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1
18.01.2006 20:36:22 S 124 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
27.12.2005 01:51:00 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e13a2719-c9ec-4e5b-a51c-0a9b3ecbb105
27.12.2005 01:51:00 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
28.01.2006 17:38:34 H 6 C:\WINDOWS\Tasks\SA.DAT
27.01.2006 00:21:42 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
27.01.2006 00:21:42 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\5R1NPQ6M\desktop.ini
27.01.2006 00:21:42 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\655L0NFE\desktop.ini
27.01.2006 00:21:42 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KXPC6CS5\desktop.ini
27.01.2006 00:21:42 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\R5GV3TDR\desktop.ini
19.01.2006 00:40:10 HS 113 C:\WINDOWS\Temp\Verlauf\History.IE5\desktop.ini

Checking for CPL files...
Microsoft Corporation 04.08.2004 08:58:22 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04.08.2004 08:58:22 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
23.10.2002 08:22:22 225339 C:\WINDOWS\SYSTEM32\btcpl.cpl
Microsoft Corporation 04.08.2004 08:58:22 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 08:58:22 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 08:58:22 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 08:58:22 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 04.08.2004 08:58:22 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 08:58:22 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 08:58:22 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
InstallShield Software Corporation16.04.2004 11:24:54 61440 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 04.08.2004 08:58:22 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 18.08.2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 08:58:22 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 18.08.2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 08:58:22 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 08:58:22 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04.08.2004 08:58:22 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04.08.2004 08:58:22 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 04.08.2004 08:58:22 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 18.08.2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 08:58:22 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 08:58:22 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 03:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 18.08.2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 18.08.2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 18.08.2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26.05.2005 03:16:22 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
26.01.2006 16:17:40 1768 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
02.04.2002 18:13:36 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
29.05.2002 14:54:56 1709 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
02.04.2002 19:02:12 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
02.04.2002 18:13:36 HS 84 C:\Dokumente und Einstellungen\Bakerman\Startmenü\Programme\Autostart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
02.04.2002 19:02:12 HS 62 C:\Dokumente und Einstellungen\Bakerman\Anwendungsdaten\desktop.ini
26.04.2002 21:08:22 42 C:\Dokumente und Einstellungen\Bakerman\Anwendungsdaten\sversion.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IPSContMenu
{EBDF1F20-C829-11D1-8233-0020AF3E97A9} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Macromedia.FlashPaper.ContextMenu
{9DED7A30-D572-4D21-8D82-6945EA697400} = C:\Programme\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IPSContMenu
{EBDF1F20-C829-11D1-8233-0020AF3E97A9} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IPSContMenu
{EBDF1F20-C829-11D1-8233-0020AF3E97A9} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMan soundman.exe
SynTPLpr C:\Programme\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh C:\Programme\Synaptics\SynTP\SynTPEnh.exe
SiS Tray C:\WINDOWS\System32\sistray.EXE
Chrontel TV C:\WINDOWS\System32\ch_utility.exe
ISUSScheduler "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
PCSuiteTrayApplication C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
DataLayer C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
CorelDRAW Graphics Suite 11b C:\Programme\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020706 Seri*hier nicht!*=DR12WEX-1508138-QRS lang=EN
ISUSPM Startup c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
avgnt "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
SpySweeper "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ConquerCam C:\Programme\ConquerCam\ConquerCam.exe /tray
PcSync C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallpaper 0
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoHTMLWallPaper 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
ClassicShell 0
ForceActiveDesktopOn 0
ClearRecentDocsOnExit 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate
= C:\WINDOWS\system32\h6j4lg1q16.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 28.01.2006 17:49:07

MFG Commi

#14 Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

---------------------------------------------------------------------------

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]
"NoChangingWallpaper"=-
"NoComponents"=-
"NoAddingComponents"=-
"NoDeletingComponents"=-
"NoEditingComponents"=-
"NoHTMLWallPaper"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=-
"ForceActiveDesktopOn"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""

Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken

scanne mit panda und kopiere den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#15 Bin wieder im Normalmodus hochgefahren und hier das Logfile

Incident Status Location

Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[en68l1ju1.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[f40o0ed3eh0.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[h6j4lg1q16.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[hr8805lue.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[i0jqla151d.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[kfdaze.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[l42s0ef7eh2.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[lv4409hqe.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[mals31.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[n08olal31dq.dll]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[OJTLWAB.DLL]
Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\backup.zip[whserror.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Bakerman\Eigene Dateien\l2mfix\Process.exe
Adware:Adware/BrilliantDigital Not disinfected C:\Programme\KaZaA Lite\bdcore.dll