Noch so jemand mit komischen PopUps! HELP

lyogen · 31.01.2006, 20:25

Hi also, bin wohl die Hundertste mit diesem komischen
Pop Up teil aber brauche genauso Hilfe.

Habe alle möglichen Programme wie Ad-Aware etc
durchlaufen lassen, nachdem sich bei mir nach einem
Besuch auf einer Speziellen Seite immer einfach Fenster etc geöffnet haben.

Jetz habe ich eine Systemwiederherstellung drüber laufen lassen und das Problem ist weg.
Aber wahrscheinlich nur oberflächlich, da ich ja wohl so einen Backdoor Trojaner hatte. (Sorry bin nich so fit mit dem Zeugs)

Brauch also von euch ne Gute Info was ich tun soll um den Schrott endgültig von meinem System runterzubekommen (XP _SP2)

PS: Hab schon vor längerer Zeit mal den Zonealarm installieren wollen (sagt nix ich weiß, dass das eigentlich keine so gute Idee ist aber jetzt wär ich froh drum wenn er drauf wäre ) auf jeden Fall kam damals schon eine Meldung, dass ich zuerste den true vector dienst deaktivieren müsste (was aber bis heute nicht geht weil der gar nicht bei mir drauf ist)
Hat das Zonalarm Problem was mit dem "Virus" zu tun?

So und hier kommt mal meine Logfile, die ich mit Hijack this gemacht habe:

Logfile of HijackThis v1.99.1
Scan saved at 20:00:42, on 31.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMME_NEU\ANTIVIR\AVGUARD.EXE
C:\Programme_NEU\AntiVir\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\anna\Desktop\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126441812985
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ACADB9A-7214-43A0-9791-BB88B22DE4C9}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A26CA920-9DA6-4997-8641-32A1B06AB362}: Domain = WLHeiBro17cde
O17 - HKLM\System\CCS\Services\Tcpip\..\{A26CA920-9DA6-4997-8641-32A1B06AB362}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2ACADB9A-7214-43A0-9791-BB88B22DE4C9}: NameServer = 192.168.1.1
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\
O20 - Winlogon Notify: winymp32 - C:\WINDOWS\SYSTEM32\winymp32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programme\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME_NEU\ANTIVIR\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme_NEU\AntiVir\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

SO schonmal danke für die hoffentlich schnelle hilfe

dartus · 31.01.2006, 23:47

Hallo lyogen,

lade Dir clearprog 1.4.1 final und nimm eine Datenträgerbereinigung vor (Programm starten Häkchen bei "Alles Löschen" und auf "Löschen" klicken). Lösche ebenfalls den Quaratäne-Ordner Deines Antivir-Programmes.
Scanne dann Dein System mit Escan . Bitte erst aufmerkam lesen und dann scannen. Teile das Ergebnis mittels der "find.bat" mit.

dartus

lyogen · 01.02.2006, 23:04

So hab das mal laut anweisung gemacht und heraus kam die
virus log information:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Feb 01 20:26:31 2006 => Scanning File C:\Dokumente und Einstellungen\a\Desktop\IMMER LÖSCHEN\INFECTED.lnk
Wed Feb 01 20:27:48 2006 => Total Disinfected Files: 0
Wed Feb 01 20:51:33 2006 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Wed Feb 01 20:51:33 2006 => System found infected with smitfraud variant Browser Hijacker ({3877c2cd-f137-4144-bdb2-0a811492f920})! Action taken: No Action Taken.
Wed Feb 01 21:01:50 2006 => Scanning Folder: C:\Bases_X\INFECTED\*.*
Wed Feb 01 21:01:55 2006 => Scanning File C:\Bases_X\infected.wav
Wed Feb 01 21:02:35 2006 => File C:\WINDOWS\system32\drivers\SYSBUS32.SYS.ren infected by "Trojan.Win32.Agent.of" Virus! Action Taken: File Deleted.
Wed Feb 01 21:19:04 2006 => Scanning File C:\Dokumente und Einstellungen\a\Desktop\IMMER LÖSCHEN\INFECTED.lnk
Wed Feb 01 21:53:06 2006 => Scanning Folder: C:\Programme_NEU\AntiVir\INFECTED\*.*
Wed Feb 01 22:06:03 2006 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Feb 01 22:00:04 2006 => Scanning File C:\Programme_NEU\Adobe\CS\Adobe InDesign CS\Plug-Ins\Filters\Tagged Text Attributes.apln
Wed Feb 01 22:00:04 2006 => Scanning File C:\Programme_NEU\Adobe\CS\Adobe InDesign CS\Plug-Ins\Filters\Tagged Text Export Filter.apln
Wed Feb 01 22:00:04 2006 => Scanning File C:\Programme_NEU\Adobe\CS\Adobe InDesign CS\Plug-Ins\Filters\Tagged Text Import Filter.apln
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Feb 01 20:51:42 2006 => Offending Folder found: C:\Dokumente und Einstellungen\a\Desktop\spiele\css\cstrike\save
Wed Feb 01 20:51:48 2006 => Offending Folder found: C:\Dokumente und Einstellungen\a\Desktop\spiele\css\hl2mp\save
Wed Feb 01 20:51:56 2006 => Offending Folder found: C:\Dokumente und Einstellungen\a\Eigene Dateien\ea games\die sims 2\music\cas
Wed Feb 01 20:52:01 2006 => Offending Folder found: C:\Dokumente und Einstellungen\a\Eigene Dateien\ea games\die sims 2\music\cas
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Feb 01 20:27:48 2006 => Total Objects Scanned: 7348
Wed Feb 01 22:06:03 2006 => Total Objects Scanned: 140450
Wed Feb 01 20:27:48 2006 => Total Deleted Objects: 0
Wed Feb 01 22:06:03 2006 => Total Deleted Objects: 1
Wed Feb 01 20:27:48 2006 => Total Virus(es) Found: 0
Wed Feb 01 22:06:03 2006 => Total Virus(es) Found: 7
Wed Feb 01 20:27:48 2006 => Total Errors: 0
Wed Feb 01 22:06:03 2006 => Total Errors: 94
Wed Feb 01 20:27:48 2006 => Time Elapsed: 00:01:33
Wed Feb 01 22:06:03 2006 => Time Elapsed: 01:17:16
Wed Feb 01 20:27:48 2006 => Virus Database Date: 2006/02/01
Wed Feb 01 20:31:09 2006 => Virus Database Date: 2006/02/01
Wed Feb 01 20:47:47 2006 => Virus Database Date: 2006/02/01
Wed Feb 01 22:06:03 2006 => Virus Database Date: 2006/02/01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

was kann ich jetzt machen?

vielen dank

dartus · 02.02.2006, 10:43

Hallo lyogen,

lösche folgende Datei (vorzugsweise im abgesicherten Modus, F8-Taste bei Start drücken):
C:\WINDOWS\system32\drivers\SYSBUS32.SYS.ren

Downloade Dir datfindbat und poste die 4 Logfiles wie beschrieben.

dartus

lyogen · 02.02.2006, 19:23

Verzeichnis von C:\WINDOWS\system32

01.02.2006 20:26 5.807 eInstall.dat
31.01.2006 19:33 179.448 FNTCACHE.DAT
31.01.2006 19:25 54.614 perfc009.dat
31.01.2006 19:25 384.930 perfh009.dat
31.01.2006 19:25 65.866 perfc007.dat
31.01.2006 19:25 396.586 perfh007.dat
31.01.2006 19:25 905.292 PerfStringBackup.INI
31.01.2006 18:09 1.158 wpa.dbl
31.01.2006 17:57 234.171 kldycl.dll
31.01.2006 17:57 235.902 enlsl1371.dll
31.01.2006 17:39 234.073 pnofmap.dll
31.01.2006 17:39 234.171 l8r00i9me8.dll
31.01.2006 17:36 234.073 enn6l15s1.dll
31.01.2006 17:36 236.010 bfackbox.dll
30.01.2006 22:36 234.018 axifile.dll
30.01.2006 22:31 236.010 rjched32.dll
30.01.2006 20:23 234.018 vldex.dll
29.01.2006 20:40 237.293 en82l1lo1.dll
29.01.2006 20:30 235.603 muvcrt40.dll
28.01.2006 19:15 154 AdService.bat
12.12.2005 21:10 909.312 contfilt.dll
08.12.2005 17:23 110.592 mwnsp.dll
08.12.2005 17:18 331.776 mwtsp.dll
08.12.2005 13:56 65.536 QuickTimeVR.qtx
08.12.2005 13:56 49.152 QuickTime.qts
10.11.2005 21:17 2.377.568 MRT.exe
10.11.2005 20:32 5.560 jupdate-1.5.0_05-b05.log
19.10.2005 19:48 4.212 zllictbl.dat
09.10.2005 18:53 125.440 UNZDLL.DLL
06.10.2005 04:18 280.064 gdi32.dll
06.10.2005 04:08 1.839.616 win32k.sys
04.10.2005 17:26 3.013.120 mshtml.dll
02.10.2005 23:36 176.167 rmoc3260.dll
02.10.2005 23:36 5.632 pndx5032.dll
02.10.2005 23:36 6.656 pndx5016.dll
02.10.2005 23:36 278.528 pncrt.dll
25.09.2005 21:35 98.304 CmdLineExt.dll
23.09.2005 04:06 8.491.520 shell32.dll
18.09.2005 20:21 90 spupdwxp.log
11.09.2005 14:59 16.832 amcompat.tlb
11.09.2005 14:59 23.392 nscompat.tlb
11.09.2005 13:43 656 $winnt$.inf
10.09.2005 02:54 2.067.968 cdosys.dll
03.09.2005 00:53 474.112 shlwapi.dll
03.09.2005 00:53 251.392 iepeers.dll
03.09.2005 00:53 605.696 urlmon.dll
03.09.2005 00:53 664.064 wininet.dll
03.09.2005 00:53 39.424 pngfilt.dll
03.09.2005 00:53 55.808 extmgr.dll
03.09.2005 00:53 205.312 dxtrans.dll
03.09.2005 00:53 146.432 msrating.dll
03.09.2005 00:53 96.768 inseng.dll
03.09.2005 00:53 448.512 mshtmled.dll
03.09.2005 00:53 530.432 mstime.dll
03.09.2005 00:53 1.484.288 shdocvw.dll
03.09.2005 00:53 152.064 cdfview.dll
03.09.2005 00:53 1.055.744 danim.dll
03.09.2005 00:53 1.019.904 browseui.dll
01.09.2005 02:44 292.352 winsrv.dll
01.09.2005 02:44 19.968 linkinfo.dll
30.08.2005 04:55 1.292.800 quartz.dll
29.08.2005 19:09 71.424 zlcommdb.dll
29.08.2005 19:09 79.616 zlcomm.dll
29.08.2005 19:09 382.720 vsutil.dll
29.08.2005 19:09 71.424 vsregexp.dll
29.08.2005 19:08 227.072 vspubapi.dll
29.08.2005 19:08 104.192 vsmonapi.dll
29.08.2005 19:08 141.056 vsinit.dll
29.08.2005 19:08 368.256 vsdatant.sys
29.08.2005 19:08 83.712 vsdata.dll
29.08.2005 18:52 54.960 vsutil_loc0407.dll
29.08.2005 13:27 520.968 LegitCheckControl.DLL
26.08.2005 18:14 127.078 javaws.exe
26.08.2005 18:14 49.265 jpicpl32.cpl
26.08.2005 15:55 49.250 javaw.exe
26.08.2005 15:55 49.248 java.exe
23.08.2005 04:39 124.416 umpnpmgr.dll
22.08.2005 19:31 197.632 netman.dll
26.07.2005 05:39 74.752 olecli32.dll
26.07.2005 05:39 37.888 olecnv32.dll
26.07.2005 05:39 1.285.120 ole32.dll
26.07.2005 05:39 11.776 xolehlp.dll
26.07.2005 05:39 397.824 rpcss.dll
26.07.2005 05:39 101.376 txflog.dll
26.07.2005 05:39 66.560 mtxclu.dll
26.07.2005 05:39 91.136 mtxoci.dll
26.07.2005 05:39 425.472 msdtcprx.dll
26.07.2005 05:39 945.152 msdtctm.dll
26.07.2005 05:39 161.280 msdtcuiu.dll
26.07.2005 05:39 1.267.200 comsvcs.dll
26.07.2005 05:39 540.160 comuid.dll
26.07.2005 05:39 243.200 es.dll
26.07.2005 05:39 225.792 catsrv.dll
26.07.2005 05:39 97.792 comrepl.dll
26.07.2005 05:39 60.416 colbact.dll
26.07.2005 05:39 498.688 clbcatq.dll
26.07.2005 05:39 110.080 clbcatex.dll
26.07.2005 05:39 625.152 catsrvut.dll
22.07.2005 19:59 2.319.568 d3dx9_27.dll
12.07.2005 18:04 23.304 GWFSPidGen.dll
08.07.2005 18:28 76.800 remotesp.tsp
08.07.2005 18:28 249.344 tapisrv.dll
29.06.2005 03:49 74.240 mscms.dll
29.06.2005 03:49 254.976 icm32.dll
15.06.2005 19:49 295.936 kerberos.dll
11.06.2005 01:53 57.856 spoolsv.exe
31.05.2005 10:20 79.432 GEARAspi.dll
27.05.2005 04:04 137.216 itss.dll
27.05.2005 04:04 41.472 hhsetup.dll
27.05.2005 04:04 546.304 hhctrl.ocx
27.05.2005 04:04 155.136 itircl.dll
26.05.2005 15:34 2.297.552 d3dx9_26.dll
26.05.2005 04:19 173.536 wuweb.dll
26.05.2005 04:16 18.200 wups2.dll
26.05.2005 04:16 41.240 wups.dll
26.05.2005 04:16 1.343.768 wuaueng.dll
26.05.2005 04:16 75.544 cdm.dll
26.05.2005 04:16 198.424 iuengine.dll
26.05.2005 04:16 174.872 wuauclt1.exe
26.05.2005 04:16 194.840 wuaueng1.dll
26.05.2005 04:16 124.696 wuauclt.exe
26.05.2005 04:16 466.200 wuapi.dll
26.05.2005 04:16 174.872 wuaucpl.cpl
26.05.2005 04:16 128.280 wucltui.dll
17.05.2005 02:42 17.408 xpsp3res.dll
11.05.2005 04:30 78.336 telnet.exe
05.05.2005 23:23 679.424 inetcomm.dll
04.05.2005 14:45 15.360 msisip.dll
04.05.2005 14:45 271.360 msihnd.dll
04.05.2005 14:45 78.848 msiexec.exe
04.05.2005 14:45 884.736 msimsg.dll
04.05.2005 14:45 2.890.240 msi.dll
18.03.2005 17:19 2.337.488 d3dx9_25.dll
02.03.2005 20:09 578.560 user32.dll
02.03.2005 20:09 56.832 authz.dll
02.03.2005 20:06 2.181.632 ntoskrnl.exe
02.03.2005 20:06 2.059.136 ntkrnlpa.exe
25.02.2005 05:34 22.752 spupdsvc.exe
24.02.2005 20:34 15.584 spmsg.dll
24.01.2005 12:50 508.928 eInstall.exe

Verzeichnis von C:\DOKUME~1\anna\LOKALE~1\Temp

01.02.2006 22:32 34.305.062 clipboardcache
01.02.2006 19:34 168 esupdate.log
01.02.2006 19:33 7.128.064 ESUPDATE.EXE
01.02.2006 19:31 20.919.808 INSTAL.EXE
19.09.2005 10:36 81.223 unp023.avc
19.09.2005 10:36 81.982 unp026.avc
19.09.2005 10:36 49.994 troj019.avc
19.09.2005 10:36 2.100 daily-ex.avc
19.09.2005 10:36 27.179 daily.avc
19.09.2005 10:36 50.490 troj029.avc
19.09.2005 10:36 34.902 virus020.avc
19.09.2005 10:36 48.258 ext002.avc
19.09.2005 10:36 11.403 avp.klb
19.09.2005 10:36 37.970 malw004.avc
19.09.2005 10:36 19.525 ext005.avc
19.09.2005 10:36 22.363 worm006.avc
19.09.2005 10:36 20.920 fa.avc
19.09.2005 10:36 86.025 troj034.avc
17.09.2005 19:14 266.816 mwavscan.com
16.09.2005 10:51 101.225 troj001.avc
16.09.2005 10:51 43.397 troj027.avc
16.09.2005 10:51 50.211 troj010.avc
15.09.2005 12:12 144.468 spydb.avs
15.09.2005 10:48 54.966 unp003.avc
13.09.2005 12:10 79.269 virus017.avc
13.09.2005 12:10 49.281 troj032.avc
13.09.2005 12:10 51.011 unp025.avc
12.09.2005 12:09 56.335 unp006.avc
12.09.2005 12:09 43.035 gen999.avc
12.09.2005 12:09 29.332 gen004.avc
09.09.2005 11:22 8.234 unp000.avc
09.09.2005 11:22 70.033 ca.avc
09.09.2005 11:22 36.207 unp012.avc
09.09.2005 11:22 48.713 troj030.avc
09.09.2005 11:22 61.156 unp014.avc
09.09.2005 11:22 48.242 ext004.avc
09.09.2005 11:22 49.203 ext001.avc
09.09.2005 11:22 51.447 troj025.avc
09.09.2005 11:22 56.620 troj022.avc
09.09.2005 11:22 50.052 troj031.avc
08.09.2005 11:30 67.407 unp004.avc
08.09.2005 11:30 50.243 troj020.avc
08.09.2005 11:30 57.965 unp013.avc
06.09.2005 10:58 41.454 troj028.avc
06.09.2005 10:58 49.607 troj033.avc
06.09.2005 10:58 55.660 troj023.avc
04.09.2005 23:12 56.341 troj024.avc
03.09.2005 12:49 80.833 virus016.avc
03.09.2005 12:49 48.106 ext003.avc
03.09.2005 12:49 41.540 gen003.avc
01.09.2005 10:21 47.082 troj026.avc
01.09.2005 10:21 43.227 unp024.avc
31.08.2005 10:44 54.699 malw002.avc
31.08.2005 10:44 52.069 unp009.avc
31.08.2005 10:44 49.965 troj015.avc
30.08.2005 10:27 75.197 virus008.avc
30.08.2005 10:27 77.385 virus012.avc
29.08.2005 10:49 1.570 avp.set
29.08.2005 10:49 47.309 gen002.avc
29.08.2005 10:49 109.327 troj003.avc
29.08.2005 10:49 1.970 eicar.avc
26.08.2005 12:06 61.028 krnunp.avc
26.08.2005 12:06 50.406 troj016.avc
26.08.2005 12:06 51.801 troj011.avc
26.08.2005 12:06 50.483 troj008.avc
26.08.2005 12:06 56.901 unp001.avc
24.08.2005 16:29 1.693 Polish.tcp
24.08.2005 16:29 9.655 Polish.con
24.08.2005 16:29 10.372 French.con
24.08.2005 16:29 1.886 French.tcp
24.08.2005 16:29 10.655 Portuguese.con
24.08.2005 16:29 1.895 Portuguese.tcp
24.08.2005 13:01 78.228 virus013.avc
20.08.2005 18:18 9.704 English.con
20.08.2005 14:48 59.950 malw001.avc
18.08.2005 17:45 71.736 unp002.avc
17.08.2005 16:36 49.623 troj012.avc
17.08.2005 16:36 50.230 troj021.avc
16.08.2005 15:33 74.128 virus007.avc
16.08.2005 15:33 51.387 troj006.avc
16.08.2005 15:33 50.678 troj007.avc
16.08.2005 15:33 34.766 gen001.avc
16.08.2005 15:33 56.352 virus019.avc
16.08.2005 15:24 58.536 bitmap1.bmp
13.08.2005 19:43 50.873 troj009.avc
12.08.2005 19:01 80.280 unp019.avc
12.08.2005 19:01 51.739 worm003.avc
10.08.2005 18:32 76.290 virus015.avc
29.07.2005 16:43 10.060 Finnish.con
29.07.2005 16:43 1.748 Finnish.tcp
29.07.2005 16:43 10.405 Spanish.con
29.07.2005 16:43 1.718 Spanish.tcp
29.07.2005 16:43 1.718 Romanian.tcp
29.07.2005 16:43 10.067 Romanian.con
29.07.2005 16:42 1.718 Italian.tcp
29.07.2005 16:42 9.710 Italian.con
29.07.2005 16:42 9.702 German.con
29.07.2005 16:42 1.718 German.tcp
29.07.2005 16:25 75.047 virus014.avc
26.07.2005 14:59 351.744 viewtcp.exe
22.07.2005 17:12 1.062 000B45EB.KEY
22.07.2005 17:11 1.042 000B45EE.KEY
21.07.2005 15:12 74.210 virus010.avc
21.07.2005 15:12 49.438 worm005.avc
21.07.2005 15:12 70.881 unp016.avc
21.07.2005 15:12 8.406 kernel.avc
21.07.2005 15:12 50.121 troj017.avc
21.07.2005 15:12 17.725 ext999.avc
21.07.2005 15:12 50.135 unp022.avc
20.07.2005 20:35 1.689 English.tcp
05.07.2005 18:33 88.496 krnmacro.avc
05.07.2005 18:33 51.462 troj005.avc
25.06.2005 20:28 50.117 troj013.avc
24.06.2005 11:14 71.438 virus009.avc
23.06.2005 10:41 61.884 unp005.avc
18.06.2005 11:21 50.465 troj018.avc
16.06.2005 12:31 56.632 unp008.avc
15.06.2005 15:09 62.390 unp015.avc
13.06.2005 13:11 48.738 krnexe32.avc
09.06.2005 23:46 50.865 troj014.avc
09.06.2005 10:07 39.097 unp020.avc
08.06.2005 10:11 34.296 krn001.avc
08.06.2005 10:11 33.196 unp017.avc
08.06.2005 10:11 30.417 unp021.avc
06.06.2005 17:08 26.812 krnengn.avc
02.06.2005 10:44 44.483 unp018.avc
31.05.2005 10:06 78.449 virus011.avc
28.05.2005 14:13 48.317 malw003.avc
23.05.2005 10:41 52.495 worm002.avc
23.05.2005 10:41 50.243 worm001.avc
23.05.2005 10:41 55.442 unp011.avc
09.05.2005 21:24 32.823 krnexe.avc
05.05.2005 14:29 53.724 worm004.avc
03.05.2005 21:49 81.734 unp007.avc
03.05.2005 15:58 5.165 smart.avc
16.03.2005 10:42 76.795 virus018.avc
16.03.2005 10:42 11.816 ocr.avc
10.03.2005 22:22 5.274 krndos.avc
10.03.2005 22:22 37.618 krnjava.avc
10.03.2005 22:22 5.333 worm999.avc
10.03.2005 22:22 70.968 unp010.avc
10.03.2005 22:22 76.112 virus006.avc
10.03.2005 22:22 73.431 virus005.avc
10.03.2005 22:22 78.954 virus004.avc
10.03.2005 22:22 73.721 virus003.avc
10.03.2005 22:22 76.504 virus002.avc
10.03.2005 22:22 76.584 virus001.avc

Verzeichnis von C:\WINDOWS

02.02.2006 18:54 296.080 ntbtlog.txt
02.02.2006 18:54 0 0.log
02.02.2006 18:54 2.048 bootstat.dat
02.02.2006 18:54 49.378 WindowsUpdate.log
02.02.2006 18:53 1.638 SchedLgU.Txt
02.02.2006 18:40 335 DEFESMS.HTML
02.02.2006 18:40 258 DEFESMS.VX
02.02.2006 18:39 2.928 win.ini
02.02.2006 18:38 36.984 ESCAN.LOG
02.02.2006 18:36 3.832 ModemLog_Agere Systems AC'97 Modem.txt
02.02.2006 18:36 1.878 frights.log
01.02.2006 22:52 116 NeroDigital.ini
01.02.2006 20:34 27.787 ocmsn.log
01.02.2006 20:34 188.290 comsetup.log
01.02.2006 20:34 274.455 tsoc.log
01.02.2006 20:34 1.891 imsins.log
01.02.2006 20:34 99.583 iis6.log
01.02.2006 20:34 118.601 ntdtcsetup.log
01.02.2006 20:34 681.996 FaxSetup.log
01.02.2006 20:34 385.778 ocgen.log
01.02.2006 20:34 35.257 msgsocm.log
01.02.2006 20:34 108.002 setupapi.log
01.02.2006 20:28 20.724 WSSPORD.DAT
01.02.2006 20:28 952 MAILINST.LOG
01.02.2006 20:26 22 escan.dbf
01.02.2006 20:22 505 INST_TSP.LOG
01.02.2006 20:22 237 system.ini
01.02.2006 20:07 4.006 mailremv.log
01.02.2006 19:34 99.910 winsbak2.reg
01.02.2006 19:34 13.756 winsbak.reg
01.02.2006 19:34 96 FLASH.LOG
31.01.2006 19:41 1.510 pcwListKill.ini
30.01.2006 19:04 1.917 imsins.BAK
30.01.2006 18:38 32.006 pfirewall.log
30.01.2006 18:25 54.156 QTFont.qfn
29.01.2006 23:29 1.409 QTFont.for
29.01.2006 20:57 107.132 UninstallFirefox.exe
29.01.2006 20:56 4.768 mozver.dat
28.01.2006 19:13 0 uniq
24.01.2006 21:56 1.169 wiadebug.log
24.01.2006 21:56 50 wiaservc.log
24.01.2006 20:25 2.250.054 Firefox Wallpaper.bmp
24.01.2006 19:22 667 cdplayer.ini
19.01.2006 18:27 121 GEARInstall.log
05.01.2006 18:16 70.583 SetupWLD.log
03.01.2006 17:45 1.989 uninstall_nmon.vbs
18.12.2005 22:20 157.954 wmsetup.log
08.12.2005 14:32 90.112 inst_tsp.exe
08.12.2005 14:14 41.984 killproc.exe
04.12.2005 10:33 220.321 setupact.log
27.11.2005 22:18 49.931 DirectX.log
25.11.2005 17:58 400 ODBC.INI
13.11.2005 15:00 24.953 KB896424.log
13.11.2005 15:00 27.183 updspapi.log
13.11.2005 15:00 24.885 KB900725.log
13.11.2005 15:00 22.350 KB905749.log
13.11.2005 15:00 19.471 KB896688.log
13.11.2005 14:59 17.073 KB904706.log
13.11.2005 14:59 17.279 KB905414.log
13.11.2005 14:59 16.468 KB901017.log
13.11.2005 14:59 19.498 KB902400.log
12.11.2005 12:39 1.039.264 setupapi.log.0.old
05.11.2005 13:40 12 screenmx.ini
03.11.2005 20:35 74.752 ST6UNST.EXE
03.11.2005 20:35 692 ST6UNST.000
03.11.2005 20:35 290.816 Setup1.exe
11.10.2005 06:17 77 SAWReg.ini
25.09.2005 21:35 316.640 WMSysPr9.prx
23.09.2005 19:20 10.105 KB900930.log
23.09.2005 19:20 9.647 KB887797.log
23.09.2005 19:04 378 wmsetup10.log
18.09.2005 20:23 57.910 spupdsvc.log
18.09.2005 20:22 963 DtcInstall.log
18.09.2005 20:20 445.968 svcpack.log
18.09.2005 20:19 225.218 KB896423.log
18.09.2005 20:19 224.281 KB899587.log
18.09.2005 20:19 223.146 KB899591.log
18.09.2005 20:19 224.090 KB893756.log
18.09.2005 20:19 223.218 KB899588.log
18.09.2005 20:19 218.475 KB896358.log
18.09.2005 20:19 222.705 KB890859.log
18.09.2005 20:18 215.924 KB901214.log
18.09.2005 20:18 216.276 KB893066.log
18.09.2005 20:18 215.404 KB896428.log
18.09.2005 20:18 214.387 KB896422.log
18.09.2005 20:18 214.620 KB890046.log
18.09.2005 20:18 212.610 KB885835.log
18.09.2005 20:18 210.726 KB893086.log
18.09.2005 20:18 204.838 KB873333.log
18.09.2005 20:17 198.186 KB888113.log
18.09.2005 20:17 198.280 KB891781.log
18.09.2005 20:17 198.385 KB888302.log
18.09.2005 20:17 197.974 KB885836.log
18.09.2005 20:17 197.820 KB873339.log
18.09.2005 20:17 373 cmsetacl.log
18.09.2005 20:17 3.396 sessmgr.setup.log
18.09.2005 20:15 1.170 medctroc.Log
14.09.2005 03:00 14.988 KB885250.log
14.09.2005 03:00 17.057 KB896727.log
14.09.2005 03:00 11.909 KB887742.log
14.09.2005 03:00 11.572 KB887472.log
14.09.2005 03:00 7.834 KB886185.log
14.09.2005 03:00 13.018 KB894391.log
12.09.2005 19:36 1.519 OEWABLog.txt
11.09.2005 20:08 335 nsreg.dat
11.09.2005 19:15 2.884 COM+.log
11.09.2005 15:51 31.441 KB896727-IE6SP1-20050719.165959.log
11.09.2005 15:49 31.372 KB896426.log
11.09.2005 15:48 19.714 KB835732.log
11.09.2005 15:48 1.989 xpsp1hfm.log
11.09.2005 15:45 10.229 KB828741.log
11.09.2005 14:38 8.046 KB898461.log
11.09.2005 14:38 8.161 KB893803v2.log
11.09.2005 14:38 5.676 KB842773.log
11.09.2005 13:47 83 alaunch.ini
11.09.2005 13:43 220 setuperr.log
11.09.2005 13:41 2.772 regopt.log
11.09.2005 13:40 8.192 REGLOCS.OLD
27.05.2005 01:22 10.752 hh.exe

Verzeichnis von C:\

02.02.2006 19:24 0 sys.txt
02.02.2006 19:23 10.231 system.txt
02.02.2006 19:22 7.607 systemtemp.txt
02.02.2006 19:06 97.891 system32.txt
02.02.2006 18:54 1.073.741.824 pagefile.sys
02.02.2006 18:40 2 AVPCallback.log
01.02.2006 23:04 3.349 eScan_neu.txt
01.02.2006 20:19 203 BOOT.INI
01.02.2006 20:16 33.495.270 escan.exe
15.01.2006 19:27 2.203 Find.bat
07.01.2006 23:02 211 bootini.ins
12.09.2005 18:29 47.564 NTDETECT.COM
12.09.2005 18:29 251.184 ntldr

lyogen · 02.02.2006, 19:29

achja folgende datei konnte ich nicht löschen, da ich sie nicht gefunden hab:

C:\WINDOWS\system32\drivers\SYSBUS32.SYS.ren

dartus · 03.02.2006, 01:55

Hallo lyogen,

downloade Killbox , öffnen.
Optioin -> delete by reboot
Füge folgende Pfade ein, klicke auf das weisse Kreuz mit rotem Hintergrund und beantwote mit "Nein". Erst beim letzte mit "Ja":

C:\WINDOWS\system32\drivers\SYSBUS32.SYS.ren
C:\WINDOWS\system32\AdService.bat
C:\WINDOWS\uniq

Desweiteren lade Dir L2mfix und führe die Option 2 durch. Poste das entspr. Logfile.

Wende wie schon beschrieben "clearprog" an.

Hast Du Dich an die Anleitung von "Escan" gehalten? So wie es aussieht: Nein.

dartus

lyogen · 03.02.2006, 17:05

hi deinen vorschlag werde ich gleich ausführen
und escan auch nochmal richtig machen, wenn nötig wenn mir einer sagt wie es richtig geht?

warum habe ich diese eine datei nicht gefunden?

was habe ich denn bei escan falsch gemacht, habe laut anwendung gearbeitet, aber es fällt mir einfach schwer das ganze nachzuvollziehen, da ich einfach nicht in der materie drin bin, kannst du mir sagen inwieweit ich mich NICHT an die escan anleitung gehalten habe ? danke

lyogen · 03.02.2006, 17:11

hier ist die logfile von l2mfix:

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate]
"Startup"="WinlogonStartupEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmws32]
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F96557DE-7A04-84D1-D103-F9D1B0D77AC2}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}"="Multiscan"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universelle Plug & Play-Ger„te"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{7C23633F-E149-42BA-8FF7-0BE532F199D3}"=""
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7C23633F-E149-42BA-8FF7-0BE532F199D3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7C23633F-E149-42BA-8FF7-0BE532F199D3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7C23633F-E149-42BA-8FF7-0BE532F199D3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7C23633F-E149-42BA-8FF7-0BE532F199D3}\InprocServer32]
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
muvcrt40.dll Sun 29 Jan 2006 20:30:42 ..S.R 235.603 230,08 K
rjched32.dll Mon 30 Jan 2006 22:31:04 ..S.R 236.010 230,48 K
mwtsp.dll Thu 8 Dec 2005 17:18:44 A.... 331.776 324,00 K
axifile.dll Mon 30 Jan 2006 22:36:00 ..S.R 234.018 228,53 K
bfackbox.dll Tue 31 Jan 2006 17:36:46 ..S.R 236.010 230,48 K
en82l1~1.dll Sun 29 Jan 2006 20:40:26 ..... 237.293 231,73 K
l8r00i~1.dll Tue 31 Jan 2006 17:39:34 ..... 234.171 228,68 K
vldex.dll Mon 30 Jan 2006 20:23:20 ..S.R 234.018 228,53 K
enn6l1~1.dll Tue 31 Jan 2006 17:36:46 ..... 234.073 228,59 K
pnofmap.dll Tue 31 Jan 2006 17:39:36 ..S.R 234.073 228,59 K
kldycl.dll Tue 31 Jan 2006 17:57:46 ..S.R 234.171 228,68 K
enlsl1~1.dll Tue 31 Jan 2006 17:57:44 ..S.R 235.902 230,37 K
mwnsp.dll Thu 8 Dec 2005 17:23:04 A.... 110.592 108,00 K
contfilt.dll Mon 12 Dec 2005 21:10:32 A.... 909.312 888,00 K

14 items found: 14 files (8 H/S), 0 directories.
Total of file sizes: 3.937.022 bytes 3,75 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\WINDOWS\System32

31.01.2006 17:57 234.171 kldycl.dll
31.01.2006 17:57 235.902 enlsl1371.dll
31.01.2006 17:39 234.073 pnofmap.dll
31.01.2006 17:36 236.010 bfackbox.dll
30.01.2006 22:36 234.018 axifile.dll
30.01.2006 22:31 236.010 rjched32.dll
30.01.2006 20:23 234.018 vldex.dll
29.01.2006 20:30 235.603 muvcrt40.dll
06.09.2004 12:56 204.800 archlib.dll
01.03.2004 14:40 <DIR> Microsoft
01.03.2004 14:27 <DIR> dllcache
9 Datei(en) 2.084.605 Bytes
2 Verzeichnis(se), 14.908.456.960 Bytes frei

lyogen · 03.02.2006, 17:17

hier kommt jetzt die zweite logfile von l2mfix:

L2mfix 010406
Creating Account.
Der Befehl wurde erfolgreich ausgefhrt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 476 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 548 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1404 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administratoren ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
1 Datei(en) kopiert.
Deleting: C:\WINDOWS\system32\axifile.dll
Successfully Deleted: C:\WINDOWS\system32\axifile.dll
Deleting: C:\WINDOWS\system32\bfackbox.dll
Successfully Deleted: C:\WINDOWS\system32\bfackbox.dll
Deleting: C:\WINDOWS\system32\en82l1lo1.dll
Successfully Deleted: C:\WINDOWS\system32\en82l1lo1.dll
Deleting: C:\WINDOWS\system32\enlsl1371.dll
Successfully Deleted: C:\WINDOWS\system32\enlsl1371.dll
Deleting: C:\WINDOWS\system32\enn6l15s1.dll
Successfully Deleted: C:\WINDOWS\system32\enn6l15s1.dll
Deleting: C:\WINDOWS\system32\kldycl.dll
Successfully Deleted: C:\WINDOWS\system32\kldycl.dll
Deleting: C:\WINDOWS\system32\l8r00i9me8.dll
Successfully Deleted: C:\WINDOWS\system32\l8r00i9me8.dll
Deleting: C:\WINDOWS\system32\muvcrt40.dll
Successfully Deleted: C:\WINDOWS\system32\muvcrt40.dll
Deleting: C:\WINDOWS\system32\pnofmap.dll
Successfully Deleted: C:\WINDOWS\system32\pnofmap.dll
Deleting: C:\WINDOWS\system32\rjched32.dll
Successfully Deleted: C:\WINDOWS\system32\rjched32.dll
Deleting: C:\WINDOWS\system32\vldex.dll
Successfully Deleted: C:\WINDOWS\system32\vldex.dll

msg11?.dll
0 Datei(en) kopiert.
Desktop.ini sucessfully removed

Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate]
"Startup"="WinlogonStartupEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmws32]
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\axifile.dll
C:\WINDOWS\system32\bfackbox.dll
C:\WINDOWS\system32\en82l1lo1.dll
C:\WINDOWS\system32\enlsl1371.dll
C:\WINDOWS\system32\enn6l15s1.dll
C:\WINDOWS\system32\kldycl.dll
C:\WINDOWS\system32\l8r00i9me8.dll
C:\WINDOWS\system32\muvcrt40.dll
C:\WINDOWS\system32\pnofmap.dll
C:\WINDOWS\system32\rjched32.dll
C:\WINDOWS\system32\vldex.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7C23633F-E149-42BA-8FF7-0BE532F199D3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7C23633F-E149-42BA-8FF7-0BE532F199D3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7C23633F-E149-42BA-8FF7-0BE532F199D3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7C23633F-E149-42BA-8FF7-0BE532F199D3}\InprocServer32]
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{7C23633F-E149-42BA-8FF7-0BE532F199D3}"=-
[-HKEY_CLASSES_ROOT\CLSID\{7C23633F-E149-42BA-8FF7-0BE532F199D3}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/axifile.dll (deflated 4%)
adding: dlls/bfackbox.dll (deflated 5%)
adding: dlls/en82l1lo1.dll (deflated 6%)
adding: dlls/enlsl1371.dll (deflated 5%)
adding: dlls/enn6l15s1.dll (deflated 4%)
adding: dlls/kldycl.dll (deflated 4%)
adding: dlls/l8r00i9me8.dll (deflated 4%)
adding: dlls/muvcrt40.dll (deflated 5%)
adding: dlls/pnofmap.dll (deflated 4%)
adding: dlls/rjched32.dll (deflated 5%)
adding: dlls/vldex.dll (deflated 4%)
adding: backregs/notibac.reg (deflated 88%)
adding: backregs/shell.reg (deflated 73%)
adding: backregs/7C23633F-E149-42BA-8FF7-0BE532F199D3.reg (deflated 71%)

dartus · 04.02.2006, 00:32

Hallo lyogen,

scheint alles gelöscht zu sein.
Hast Du noch irgendwelche Probleme mit Popups?

dartus

lyogen · 05.02.2006, 20:45

nein keine popups mehr

ist also jetzt wirklich alles wieder virenfrei?
na dann herzlichen dank

was hatte ich denn da bei escan falsch gemacht?

Noch so jemand mit komischen PopUps! HELP

Plagegeister aller Art und deren Bekämpfung: Noch so jemand mit komischen PopUps! HELP