hi an alle computer spezalisten!
ich habe folgendes problem:
es gehen ständig lässtige pop up fenster auf unf ich kann nix dagegen machen!auch das updaten von windows geht nicht!es steht dann da: uüdate insatllation konnte nicht beendet werden--->messender sicherheitstool K8......!!
die pop up seiten sind zb.:
h**p://www.ez-savings.com/normal/XBCYINT.html

ich habe jetzt dieses e scan das im forum empfohlen wird installiert und im abgesicherten modus laufen lassen und das ist das ergebniss:
wenn ich auf löschen klicke dann steht immer--->es konnten nicht alle dateien gelöscht werden!!

Fri Oct 28 17:36:13 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Fri Oct 28 17:36:15 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!!
Fri Oct 28 17:36:15 2005 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 28 17:36:16 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\3gblb0co\s_code[1].js
Fri Oct 28 17:36:16 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken
Fri Oct 28 17:36:17 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\uox78cue\show_ads[2].js
Fri Oct 28 17:36:17 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Fri Oct 28 17:36:17 2005 => Offending file found: C:\WINDOWS\system32\objsafe.tlb
Fri Oct 28 17:36:17 2005 => System found infected with roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken.
Fri Oct 28 17:36:19 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temp\outlook logging\firstrun.log
Fri Oct 28 17:36:19 2005 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken.
Fri Oct 28 17:36:20 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temp\temporary internet files\content.ie5\4965opup\show_ads[2].js
Fri Oct 28 17:36:20 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Fri Oct 28 17:36:20 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temp\temporary internet files\content.ie5\i749uhot\ads[1].htm
Fri Oct 28 17:36:20 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Fri Oct 28 17:36:21 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temp\temporary internet files\content.ie5\i749uhot\s_code[1].js
Fri Oct 28 17:36:21 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken.
Fri Oct 28 17:36:23 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Fri Oct 28 17:36:23 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Fri Oct 28 17:37:46 2005 => File C:\WINDOWS\system32\rsajit.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
Fri Oct 28 17:41:03 2005 => Scanning File C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0JVBU499\lookinfected[1].jpg [**]
Fri Oct 28 17:46:16 2005 => Scanning File C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UT70T0ZU\title_infected[1].gif [**]
Fri Oct 28 17:53:30 2005 => File C:\escheck\ECBackup\a0022124.exe.bkp infected by "Trojan-Downloader.Win32.VB.ri" Virus! Action Taken: No Action Taken.
Fri Oct 28 17:53:30 2005 => File C:\escheck\ECBackup\a0022128.dll.bkp infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:30 2005 => Scanning File C:\escheck\ECBackup\a0022129.exe.bkp
Fri Oct 28 17:53:30 2005 => File C:\escheck\ECBackup\a0022129.exe.bkp infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:30 2005 => Scanning File C:\escheck\ECBackup\a0022130.exe.bkp
Fri Oct 28 17:53:30 2005 => File C:\escheck\ECBackup\a0022130.exe.bkp infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:30 2005 => Scanning File C:\escheck\ECBackup\a0022142.exe.bkp
Fri Oct 28 17:53:30 2005 => File C:\escheck\ECBackup\a0022142.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:30 2005 => Scanning File C:\escheck\ECBackup\a0022143.exe.bkp
Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022143.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022305.exe.bkp
Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022305.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.jm" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022311.exe.bkp
Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022311.exe.bkp infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022318.dll.bkp
Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022318.dll.bkp infected by "Trojan-Downloader.Win32.IstBar.ms" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022395.exe.bkp
Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022395.exe.bkp infected by "Trojan-Downloader.Win32.VB.nh" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022407.exe.bkp
Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022407.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.is" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022409.exe.bkp
Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022409.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.is" Virus! Action Taken: No Action Taken.
Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022476.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.is" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022564.exe.bkp
Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022564.exe.bkp infected by "Trojan-Downloader.Win32.VB.nh" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\cp[1].ist2.bkp
Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\cp[1].ist2.bkp infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\istdownload[1].exe.bkp
Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\istdownload[1].exe.bkp infected by "Trojan-Downloader.Win32.IstBar.lw" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\istsvc[1].exe.bkp
Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\istsvc[1].exe.bkp infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\jfghjhhfgudk.exe.bkp
Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\jfghjhhfgudk.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.lw" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\msuvfw32.dll.bkp
Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\msuvfw32.dll.bkp infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\prompt[1].htm.bkp [**]
Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\protect[1].htm.bkp [**]
Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\usemqsvc.exe.bkp
Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\usemqsvc.exe.bkp infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.

Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\ysb[1].dll.bkp
Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\ysb[1].dll.bkp infected by "Trojan-Downloader.Win32.IstBar.ms" Virus! Action Taken: No Action Taken.
Fri Oct 28 18:03:11 2005 => File C:\Programme\Theenger\ace.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
Fri Oct 28 18:03:28 2005 => File C:\Programme\Theenger\dsdraspi.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.

Fri Oct 28 18:03:28 2005 => Scanning File C:\Programme\Theenger\pxwwups.exe
Fri Oct 28 18:03:28 2005 => File C:\Programme\Theenger\pxwwups.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
Fri Oct 28 18:06:39 2005 => File C:\System Volume Information\_restore{A36EF0B5-57B7-4460-8D7E-29870FD246FD}\RP78\A0023626.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.

Fri Oct 28 18:06:39 2005 => Scanning File C:\System Volume Information\_restore{A36EF0B5-57B7-4460-8D7E-29870FD246FD}\RP78\A0023627.exe
Fri Oct 28 18:06:39 2005 => File C:\System Volume Information\_restore{A36EF0B5-57B7-4460-8D7E-29870FD246FD}\RP78\A0023627.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.

Fri Oct 28 18:06:39 2005 => Scanning File C:\System Volume Information\_restore{A36EF0B5-57B7-4460-8D7E-29870FD246FD}\RP78\A0023628.dll
Fri Oct 28 18:06:39 2005 => File C:\System Volume Information\_restore{A36EF0B5-57B7-4460-8D7E-29870FD246FD}\RP78\A0023628.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
Fri Oct 28 18:17:13 2005 => File C:\WINDOWS\system32\rsajit.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
Fri Oct 28 18:18:45 2005 => Scanning File E:\Shared Files\Musik\Mp3\My Shared Folder\Sum41 - Does This Look Infected - No Brains (1).mp3 [**]

ich hab einfach alles mit INFECTED kopiert und hoffe dass ihr mir helfen könnt
lg

[edit]
links entfernt
[/edit]

und hier ist das HijackThis log file:
ich weiss zwar nicht was das ist aber ihr könnt sicher was damit anfangen:
Logfile of HijackThis v1.97.7
Scan saved at 20:03:35, on 28.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\QW5uYQAA\command.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\****\LOKALE~1\Temp\Rar$EX00.578\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQ.exe -minimize
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - h**p://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B027DD99-B60D-4387-8D72-D6A8F4453CD7}: NameServer = 192.168.0.1

LG

[edit]
links entfernt
[/edit]

Lade und update Ad-aware und Spybot und lasse die Programme laufen.
http://www.comsafe.de/download.html
MiT Spybot immunisieren.
Installiere cleanup, rufe es auf und setze den Haken bei alles löschen und dann Löschen drücken.
http://www.clearprog.de/

Danach neues HJT-LOG, aber vollständig.

hi zuerst mal BIG THX für die antwort!!
habe ad aware und spybot geladen upgedated und dann immunisiert!!
ad aware hat 212 sachen gefunden und gelöscht und spybot hat dann nichts gefunden!!
mit clean up habe ich alles gelöscht (waren so 340 mb)!!
die pop ups kommen aber trotzdem noch immer!

hier das hijack:

Logfile of HijackThis v1.99.1
Scan saved at 13:03:45, on 30.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\QW5uYQAA\command.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\++++\LOKALE~1\Temp\Rar$EX01.265\HijackThis.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQ.exe -minimize
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B027DD99-B60D-4387-8D72-D6A8F4453CD7}: NameServer = 192.168.0.1
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\ir00l5dm1.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5uYQAA\command.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

ich weiss jetzt nicht ob das hijack vollständig ist aber mehr kommt bei mir nicht!!!
LG

Hallo,
mache mal folgendes aber das Tool erstmal nur mit der Option eins durchführen und dann das Logfile posten (wenn zu groß auf zwei Beiträge verteilt).


Grüße Wildone

hi habe das mit dem L2mfix gemacht und hier ist das LOG:

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\c6000gdme60a0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{5668E7E4-0606-68FE-BD91-0B7B36819735}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f�r Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn�pfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{c2c1d8a0-016a-11d1-a7fa-444553540000}"="Shell Extension Sample"
"{f802f260-519b-11d1-bb5d-0060974c6013}"="ICQ Shell Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{F8425849-0718-4C21-8AAB-16C9AAB1C61F}"=""
"{E44E5ED2-0B22-4AB8-8832-E410AD3125B2}"=""
"{6E1D99D4-D8F4-4F27-8687-0518D09FE16F}"=""
"{083C9524-665F-4E66-9E58-D19313B7DAD2}"=""
"{4A749C8C-9C3C-4E94-9399-F7D8F8B302B7}"=""
"{03D897B1-988D-4630-AE91-D8E950F351CF}"=""
"{31559450-4A51-47FF-BA2D-EF9CA225089E}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F8425849-0718-4C21-8AAB-16C9AAB1C61F}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{F8425849-0718-4C21-8AAB-16C9AAB1C61F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8425849-0718-4C21-8AAB-16C9AAB1C61F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8425849-0718-4C21-8AAB-16C9AAB1C61F}\InprocServer32]
@="C:\\WINDOWS\\system32\\msrdim.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E44E5ED2-0B22-4AB8-8832-E410AD3125B2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E44E5ED2-0B22-4AB8-8832-E410AD3125B2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E44E5ED2-0B22-4AB8-8832-E410AD3125B2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E44E5ED2-0B22-4AB8-8832-E410AD3125B2}\InprocServer32]
@="C:\\WINDOWS\\system32\\kgdsl1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6E1D99D4-D8F4-4F27-8687-0518D09FE16F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6E1D99D4-D8F4-4F27-8687-0518D09FE16F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6E1D99D4-D8F4-4F27-8687-0518D09FE16F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6E1D99D4-D8F4-4F27-8687-0518D09FE16F}\InprocServer32]
@="C:\\WINDOWS\\system32\\nOrrhook.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{083C9524-665F-4E66-9E58-D19313B7DAD2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{083C9524-665F-4E66-9E58-D19313B7DAD2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{083C9524-665F-4E66-9E58-D19313B7DAD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{083C9524-665F-4E66-9E58-D19313B7DAD2}\InprocServer32]
@="C:\\WINDOWS\\system32\\obbccu32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4A749C8C-9C3C-4E94-9399-F7D8F8B302B7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4A749C8C-9C3C-4E94-9399-F7D8F8B302B7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4A749C8C-9C3C-4E94-9399-F7D8F8B302B7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4A749C8C-9C3C-4E94-9399-F7D8F8B302B7}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{03D897B1-988D-4630-AE91-D8E950F351CF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{03D897B1-988D-4630-AE91-D8E950F351CF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{03D897B1-988D-4630-AE91-D8E950F351CF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{03D897B1-988D-4630-AE91-D8E950F351CF}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{31559450-4A51-47FF-BA2D-EF9CA225089E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{31559450-4A51-47FF-BA2D-EF9CA225089E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{31559450-4A51-47FF-BA2D-EF9CA225089E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{31559450-4A51-47FF-BA2D-EF9CA225089E}\InprocServer32]
@="C:\\WINDOWS\\system32\\drrgui.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
atmtd.dll Wed 26 Oct 2005 19:29:54 A.... 687.592 671,48 K
browseui.dll Sat 3 Sep 2005 0:53:20 A.... 1.019.904 996,00 K
c6000g~1.dll Sun 30 Oct 2005 18:08:30 ..S.R 233.999 228,51 K
cdfview.dll Sat 3 Sep 2005 0:53:20 A.... 152.064 148,50 K
cdosys.dll Sat 10 Sep 2005 2:54:28 A.... 2.067.968 1,97 M
danim.dll Sat 3 Sep 2005 0:53:20 A.... 1.055.744 1,00 M
dlmsvinn.dll Fri 28 Oct 2005 17:53:00 ..S.R 233.774 228,29 K
dn2001~1.dll Fri 28 Oct 2005 12:39:10 ..S.R 236.578 231,03 K
drrgui.dll Sat 29 Oct 2005 7:36:10 ..S.R 233.774 228,29 K
dxtrans.dll Sat 3 Sep 2005 0:53:22 A.... 205.312 200,50 K
e220lc~1.dll Sun 30 Oct 2005 18:19:32 ..S.R 235.021 229,51 K
extmgr.dll Sat 3 Sep 2005 0:53:22 ..... 55.808 54,50 K
g204lc~1.dll Fri 28 Oct 2005 8:23:04 ..S.R 236.149 230,61 K
hr4o05~1.dll Thu 27 Oct 2005 13:41:24 ..S.R 236.149 230,61 K
iepeers.dll Sat 3 Sep 2005 0:53:22 A.... 251.392 245,50 K
inseng.dll Sat 3 Sep 2005 0:53:22 A.... 96.768 94,50 K
kgdsl1.dll Sun 30 Oct 2005 18:19:32 ..S.R 233.999 228,51 K
linkinfo.dll Thu 1 Sep 2005 2:44:42 A.... 19.968 19,50 K
mshtml.dll Tue 4 Oct 2005 16:26:02 A.... 3.013.120 2,87 M
mshtmled.dll Sat 3 Sep 2005 0:53:22 A.... 448.512 438,00 K
msrating.dll Sat 3 Sep 2005 0:53:22 A.... 146.432 143,00 K
mstime.dll Sat 3 Sep 2005 0:53:22 A.... 530.432 518,00 K
mzl_hp.dll Sun 30 Oct 2005 17:58:06 ..S.R 235.889 230,36 K
netman.dll Mon 22 Aug 2005 19:31:48 A.... 197.632 193,00 K
norrhook.dll Thu 27 Oct 2005 14:35:50 ..S.R 234.580 229,08 K
nwwks.dll Thu 11 Aug 2005 16:11:34 A.... 65.024 63,50 K
obbccu32.dll Thu 27 Oct 2005 17:23:32 ..S.R 236.149 230,61 K
plpsvc.dll Fri 28 Oct 2005 14:16:30 ..S.R 236.557 231,01 K
pngfilt.dll Sat 3 Sep 2005 0:53:22 A.... 39.424 38,50 K
quartz.dll Tue 30 Aug 2005 4:55:36 A.... 1.292.800 1,23 M
shdocvw.dll Sat 3 Sep 2005 0:53:22 A.... 1.484.288 1,41 M
shell32.dll Fri 23 Sep 2005 4:06:22 A.... 8.491.520 8,10 M
shlwapi.dll Sat 3 Sep 2005 0:53:22 A.... 474.112 463,00 K
umpnpmgr.dll Tue 23 Aug 2005 4:39:58 A.... 124.416 121,50 K
urlmon.dll Sat 3 Sep 2005 0:53:22 A.... 605.696 591,50 K
uxrrtosa.dll Fri 28 Oct 2005 12:10:08 ..S.R 235.882 230,35 K
wininet.dll Sat 3 Sep 2005 0:53:22 A.... 664.064 648,50 K
winsrv.dll Thu 1 Sep 2005 2:44:44 A.... 292.352 285,50 K

38 items found: 38 files (13 H/S), 0 directories.
Total of file sizes: 26.540.844 bytes 25,31 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8C73-3E12

Verzeichnis von C:\WINDOWS\System32

30.10.2005 18:19 233.999 kgdsl1.dll
30.10.2005 18:19 235.021 e220lcfm1f2a.dll
30.10.2005 18:08 233.999 c6000gdme60a0.dll
30.10.2005 17:58 235.889 mzl_hp.dll
29.10.2005 07:36 233.774 drrgui.dll
28.10.2005 17:52 233.774 dlmsvinn.dLL
28.10.2005 14:16 236.557 pLpsvc.dll
28.10.2005 12:39 236.578 dn2001fme.dll
28.10.2005 12:10 235.882 uxrrtosa.dll
28.10.2005 08:23 236.149 g204lcdq1f0e.dll
27.10.2005 17:23 236.149 obbccu32.dll
27.10.2005 14:35 234.580 nOrrhook.dll
27.10.2005 13:41 236.149 hr4o05h3e.dll
25.10.2005 08:39 <DIR> dllcache
09.02.2005 14:26 <DIR> Microsoft
13 Datei(en) 3.058.500 Bytes
2 Verzeichnis(se), 18.268.651.520 Bytes frei


WIE GIBTS ES SOWAS Überhaupt??
wieso können diese ***** so dumme sachen programmieren die man nicht mehr wegbekommt?? was sind das für leute und was erwarten sich die von ihrem vertrottelten online casino oder von ihren date siten??
_____________
Anm.
Ich kann deinen Unmut zwar verstehen, aber solche Ausdrücke haben hier im Forum nichts verloren.

Gruß Cidre
S-Mod TB

Hallo,
also erstmal ein wenig mehr Selbstkontrolle wäre angebracht, den Mixer mit W solltest du editieren, das hat hier nichts zu suchen!
Führe mal folgendes aus, danach nochmal das l2mfix Tool diese mal mit der zweiten Option, dann das neue Logfile von l2mfix posten.



Grüße Wildone

sorry aber das editieren zeichen ist bei mir verschwunden!ich habe bisher einen eintrag editiert und seitdem gehts nimma!
ABER VIELEN VIELEN DANK an WILDONE...das letzte das du vorgeschlagen hast hat funktioniert!am anfang war es so dass beim neustart nichts mehr gegangen ist und der pc nur noch fehler aangezeigt hat aber dann kam doch der windows desktop und seitdem keine pop ups mehr!!!!!!!!!
DANKE