Ungewollte Werbe PopUps im Internet Explorer
 

Na gut dann will ich mal einen neuen und eigenen Thread aufmachen.

Also ich habe dieses Problem mit den ständigen Werbe-PopUps und wollte ja eigentlich nur von herbstie wissen welche Dateien man aus dem C:/Windows Verzeichnis löschen soll oder wie er es gemacht. So ohne viel Aufwand und neue Programme zu installieren. Wenn es aber nicht anders geht dann bitte. Ich will Endlich diese nervigen PopUps loswerden...

Hier dann mal mein HiJackLogFile:

Logfile of HijackThis v1.99.1
Scan saved at 13:15:34, on 29.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\bmwebcfg.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Programme\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE
C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://*****.**********.de/
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Programme\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [QT4StBtn] C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Software 16 Wave Audio] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\downloadwinsoftware16\corn wave.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eachthunk] C:\DOKUME~1\tl***e\ANWEND~1\DRVPLA~1\SetupKindMeow.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - h**ps://ex-wob-01:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - h**ps://ex-wob-01:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - h**ps://ex-wob-01:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - h**ps://ex-wob-01:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097757661842
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fpc.local
O17 - HKLM\Software\..\Telephony: DomainName = fpc.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fpc.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fpc.local
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\d0j0la1m1d.dll
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\System32\bmwebcfg.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe

Hallo,
ohne das ein oder andere Zusatzprogramm wird es nicht funktionieren, mach mal folgendes, aber nur bis zum posten des ersten Logfiles, noch nicht die Option 2 des Tools ausführen!


Grüße Wildone

Na dann halt mit Zusatzprogrammen, will diese blöden PopUps einfach nur loswerden. Also habe dann mal dieses l2mfix runtergeladen und ein Logfile erstellt.

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en26l1fs1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{EFEE885D-2F7A-969B-1785-87C61710EF3A}"=""

So und noch einer, da es zu lang war...

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f�r Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn�pfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{AF4F7471-FCFB-11d0-80B6-0080C838D5F9}"="OfficeScan NT"
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}"="Contact View"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BD23E0A1-59F5-4C1E-BEE9-23F20E1486A3}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BD23E0A1-59F5-4C1E-BEE9-23F20E1486A3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BD23E0A1-59F5-4C1E-BEE9-23F20E1486A3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BD23E0A1-59F5-4C1E-BEE9-23F20E1486A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BD23E0A1-59F5-4C1E-BEE9-23F20E1486A3}\InprocServer32]
@="C:\\WINDOWS\\system32\\muaatext.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Sat 3 Sep 2005 1:53:20 A.... 1.019.904 996,00 K
cdfview.dll Sat 3 Sep 2005 1:53:20 A.... 152.064 148,50 K
cdosys.dll Sat 10 Sep 2005 3:54:28 A.... 2.067.968 1,97 M
cmdlin~1.dll Sun 16 Oct 2005 23:14:02 A.... 43.520 42,50 K
cvodm.dll Wed 26 Oct 2005 10:53:38 ..S.R 233.442 227,97 K
danim.dll Sat 3 Sep 2005 1:53:20 A.... 1.055.744 1,00 M
divx.dll Wed 28 Sep 2005 23:29:14 A.... 693.248 677,00 K
divx_x~1.dll Wed 28 Sep 2005 23:29:12 A.... 688.128 672,00 K
divx_x~2.dll Wed 28 Sep 2005 23:29:12 A.... 688.128 672,00 K
divx_x~3.dll Wed 28 Sep 2005 23:29:12 A.... 671.744 656,00 K
dpl100.dll Thu 8 Sep 2005 16:49:52 A.... 86.016 84,00 K
dpu11.dll Thu 8 Sep 2005 16:49:48 A.... 253.952 248,00 K
dpugui11.dll Thu 8 Sep 2005 16:49:50 A.... 589.824 576,00 K
dpus11.dll Thu 8 Sep 2005 16:49:50 A.... 315.392 308,00 K
dpv11.dll Thu 8 Sep 2005 16:49:48 A.... 57.344 56,00 K
dtu100.dll Thu 8 Sep 2005 16:49:50 A.... 200.704 196,00 K
dxtrans.dll Sat 3 Sep 2005 1:53:22 A.... 205.312 200,50 K
en26l1~1.dll Sat 29 Oct 2005 19:21:32 ..S.R 237.098 231,54 K
extmgr.dll Sat 3 Sep 2005 1:53:22 ..... 55.808 54,50 K
iepeers.dll Sat 3 Sep 2005 1:53:22 A.... 251.392 245,50 K
inseng.dll Sat 3 Sep 2005 1:53:22 A.... 96.768 94,50 K
libeay32.dll Wed 10 Aug 2005 0:13:32 A.... 831.488 812,00 K
linkinfo.dll Thu 1 Sep 2005 3:44:42 A.... 19.968 19,50 K
mshtml.dll Tue 4 Oct 2005 17:26:02 A.... 3.013.120 2,87 M
mshtmled.dll Sat 3 Sep 2005 1:53:22 A.... 448.512 438,00 K
msrating.dll Sat 3 Sep 2005 1:53:22 A.... 146.432 143,00 K
mstime.dll Sat 3 Sep 2005 1:53:22 A.... 530.432 518,00 K
muaatext.dll Sat 29 Oct 2005 23:55:56 ..S.R 237.098 231,54 K
netman.dll Mon 22 Aug 2005 20:31:48 A.... 197.632 193,00 K
nwwks.dll Thu 11 Aug 2005 17:11:34 A.... 65.024 63,50 K
p0n80a~1.dll Sat 29 Oct 2005 23:55:56 ..S.R 233.673 228,20 K
pngfilt.dll Sat 3 Sep 2005 1:53:22 A.... 39.424 38,50 K
pynmap.dll Tue 25 Oct 2005 20:41:40 ..S.R 237.034 231,48 K
qt-dx331.dll Wed 10 Aug 2005 0:12:30 A.... 3.596.288 3,43 M
quartz.dll Tue 30 Aug 2005 5:55:36 A.... 1.292.800 1,23 M
sddisply.dll Mon 24 Oct 2005 16:10:34 ..S.R 235.419 229,90 K
shdocvw.dll Sat 3 Sep 2005 1:53:22 A.... 1.484.288 1,41 M
shell32.dll Fri 23 Sep 2005 5:06:22 A.... 8.491.520 8,10 M
shlwapi.dll Sat 3 Sep 2005 1:53:22 A.... 474.112 463,00 K
sos.dll Tue 25 Oct 2005 14:35:32 ..S.R 234.120 228,63 K
ssleay32.dll Wed 10 Aug 2005 0:13:32 A.... 159.744 156,00 K
szdoclc.dll Wed 26 Oct 2005 11:04:52 ..S.R 235.028 229,52 K
umpnpmgr.dll Tue 23 Aug 2005 5:39:58 A.... 124.416 121,50 K
unicows.dll Wed 10 Aug 2005 0:13:32 A.... 245.408 239,66 K
urlmon.dll Sat 3 Sep 2005 1:53:22 A.... 605.696 591,50 K
wininet.dll Sat 3 Sep 2005 1:53:22 A.... 664.064 648,50 K
winsrv.dll Thu 1 Sep 2005 3:44:44 A.... 292.352 285,50 K

47 items found: 47 files (8 H/S), 0 directories.
Total of file sizes: 33.798.592 bytes 32,23 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 9C34-8571

Verzeichnis von C:\WINDOWS\System32

29.10.2005 23:55 237.098 muaatext.dll
29.10.2005 23:55 233.673 p0n80a5ued.dll
29.10.2005 19:21 237.098 en26l1fs1.dll
26.10.2005 11:04 235.028 szdoclc.dll
26.10.2005 10:56 <DIR> dllcache
26.10.2005 10:53 233.442 cvodm.dll
25.10.2005 20:41 237.034 pYnmap.dll
25.10.2005 14:35 234.120 sos.dll
24.10.2005 16:10 235.419 SDDisply.dll
04.08.2004 09:57 30.749 vbajet32.dll
04.08.2004 09:57 413.696 msvcp60.dll
04.08.2004 09:57 343.040 msvcrt.dll
04.08.2004 09:57 1.028.096 mfc42.dll
04.08.2004 09:57 611.328 comctl32.dll
16.09.2002 13:38 <DIR> Microsoft
29.08.2002 14:00 57.344 mfc42loc.dll
29.08.2002 14:00 253.952 msvcrt20.dll
03.12.1996 14:50 37.376 VEN2232.OLB
16 Datei(en) 4.658.493 Bytes
2 Verzeichnis(se), 3.349.454.848 Bytes frei

Hallo,
führe mal folgendes aus. Danach führst du das l2mfix Tool mit Option 2 aus, und poste dann wieder das Logfile.


Grüße Wildone

Gut hat ein bisschen gedauert, gab einige Probleme beim scannen. Habe jetzt das Zweite Logfile, ist es damit jetzt erledigt?

Setting Directory
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1912 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 340 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\cvodm.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\lvns0957e.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\pYnmap.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\SDDisply.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\sos.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\szdoclc.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\vdsde.dll
1 Datei(en) kopiert.
deleting: C:\WINDOWS\system32\cvodm.dll
Successfully Deleted: C:\WINDOWS\system32\cvodm.dll
deleting: C:\WINDOWS\system32\lvns0957e.dll
Successfully Deleted: C:\WINDOWS\system32\lvns0957e.dll
deleting: C:\WINDOWS\system32\pYnmap.dll
Successfully Deleted: C:\WINDOWS\system32\pYnmap.dll
deleting: C:\WINDOWS\system32\SDDisply.dll
Successfully Deleted: C:\WINDOWS\system32\SDDisply.dll
deleting: C:\WINDOWS\system32\sos.dll
Successfully Deleted: C:\WINDOWS\system32\sos.dll
deleting: C:\WINDOWS\system32\szdoclc.dll
Successfully Deleted: C:\WINDOWS\system32\szdoclc.dll
deleting: C:\WINDOWS\system32\vdsde.dll
Successfully Deleted: C:\WINDOWS\system32\vdsde.dll


Zipping up files for submission:
adding: cvodm.dll (188 bytes security) (deflated 4%)
adding: lvns0957e.dll (188 bytes security) (deflated 5%)
adding: pYnmap.dll (188 bytes security) (deflated 5%)
adding: SDDisply.dll (188 bytes security) (deflated 5%)
adding: sos.dll (188 bytes security) (deflated 4%)
adding: szdoclc.dll (188 bytes security) (deflated 5%)
adding: vdsde.dll (188 bytes security) (deflated 6%)
adding: clear.reg (188 bytes security) (deflated 36%)
adding: tmuninst.ini (188 bytes security) (stored 0%)
adding: Lang.txt (188 bytes security) (deflated 45%)
adding: lo2.txt (188 bytes security) (deflated 75%)
adding: test.txt (188 bytes security) (deflated 69%)
adding: test2.txt (188 bytes security) (deflated 16%)
adding: test3.txt (188 bytes security) (deflated 16%)
adding: test5.txt (188 bytes security) (deflated 16%)
adding: xfind.txt (188 bytes security) (deflated 63%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (h**p://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (h**p://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1789

Restoring Windows Update Certificates.:

deleting local copy: cvodm.dll
deleting local copy: lvns0957e.dll
deleting local copy: pYnmap.dll
deleting local copy: SDDisply.dll
deleting local copy: sos.dll
deleting local copy: szdoclc.dll
deleting local copy: vdsde.dll

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cvodm.dll
C:\WINDOWS\system32\lvns0957e.dll
C:\WINDOWS\system32\pYnmap.dll
C:\WINDOWS\system32\SDDisply.dll
C:\WINDOWS\system32\sos.dll
C:\WINDOWS\system32\szdoclc.dll
C:\WINDOWS\system32\vdsde.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BD23E0A1-59F5-4C1E-BEE9-23F20E1486A3}"=-
"{0D996BC2-8CFB-4E92-815F-ABE07BCDE4F9}"=-
[-HKEY_CLASSES_ROOT\CLSID\{BD23E0A1-59F5-4C1E-BEE9-23F20E1486A3}]
[-HKEY_CLASSES_ROOT\CLSID\{0D996BC2-8CFB-4E92-815F-ABE07BCDE4F9}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

Hallo,
das sollte es gewesen sein. Ich nehme auch mal an du bekommst keine Popups mehr. Du kannst noch mal zur Kontrolle ein neues HijackThis Log posten.


Grüße Wildone

Also erst mal ein ganz großes und dickes Danke soweit!
Irgendwie habe ich aber den Eindruck das da immernoch ungewollte PopUps sind. Denn irgendwie taucht jetzt meist eines von Jamba auf, was vorher nicht da war.
Der Rechner mit dem ich diese Probleme habe ist auch ein Firmen-Laptop und läuft unter XP. Zuhause habe ich ein WLAN und benutze eigentlch nur ME und hatte damit noch nie Probleme.
Habe in der Registry einen Eintrag zu SpySpotterSystemDefender gefunden und im Verzeichnis "C:\Programme\" einen Ordner "S3" in dem dann wieder "P4M266" lag, dort dann die exe "s3setvga.exe". Kommt mir auch irgendwie komisch vor.
Na ich sende noch mal ein HiJackLog:

Logfile of HijackThis v1.99.1
Scan saved at 12:04:38, on 31.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\bmwebcfg.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Programme\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://*****.**********.de/
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Programme\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [QT4StBtn] C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [Software 16 Wave Audio] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\downloadwinsoftware16\corn wave.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eachthunk] C:\DOKUME~1\tl***e\ANWEND~1\DRVPLA~1\SetupKindMeow.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - h**ps://ex-wob-01:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - h**ps://ex-wob-01:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - h**ps://ex-wob-01:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - h**ps://ex-wob-01:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097757661842
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ***.local
O17 - HKLM\Software\..\Telephony: DomainName = ***.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ***.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ***.local
O20 - Winlogon Notify: policies - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\System32\bmwebcfg.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe

Hallo,
also was den S3 Ordner angeht, der sollte ganz normal sein, und etwas mit dem treiber der Grafikkarte des Laptop zu tun haben.
Ob das Jamba Popup mit der ganzen Problematik etwas zu tun hat ist schwer zu sagen, kommt das nur auf einer bestimmten Internetseite, oder ist das unabhängig?
Fixe(Haken davor und auf fix checked) mal mit HijackThis noch folgenden Eintrag:
O20 - Winlogon Notify: policies - C:\WINDOWS\
Ob der SpySpotterSystemDefender Eintrag in der Registry verdächtig ist kann ich nicht sagen, es gibt aber ein antispyware tool das spyspotter heißt, auch wenn dieses wohl eher umstritten ist.
Du kannst mal noch dein System mit Escan (Anleitung sorgfältig lesen!) und poste das Log wie in der Anleitung beschrieben.


Grüße Wildone

Sieht nach Lop aus

Mit HijackThis zusätzlich das fixen:
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [Software 16 Wave Audio] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\downloadwinsoftware16\corn wave.exe
O4 - HKCU\..\Run: [eachthunk] C:\DOKUME~1\tl***e\ANWEND~1\DRVPLA~1\SetupKindMeow .exe

Dann solltest Du Spyspotter deinstallieren, es ist bekannt dafür falsche Alarme zu produzieren, damit Du es kaufst... Siehe auch hier:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Downloade und entpacke http://metallica.geekstogo.com/findlop.zip

In dem Ordner suche findlop.bat

Doppelkllick es, es produziert eine neue Datei C:\findlop.txt
Bitte den Inhalt dieser Datei posten.

Okay, vielen Dank für die ausführliche Hilfe!
Ich habe jetzt mit HiJack mal diese ganzen verdächtigen Einträge gefixt. Mir kamen diese Einträge von Anfang an komisch vor. Wüßte nicht was tsl2, corn wave und SetupKindMeow bei mir zu suchen haben. Sowieso schon seltsam wenn Programme im Pfad "C:\Dokumente und Einstellungen\" auftauchen denke ich.

Spyspotter kann ich nicht mehr deinstallieren, taucht gar nicht in der Systemsteuerung auf. Ist jetzt nach dem fixen aber aus der Registry raus. Genau wie die anderen Einträge. Lasse gerade noch mal den Spy Sweeper laufen, denn der hat auch immer wieder was gefunden, vorallem meist von a-d-ware.

Nur was soll ich dann machen? Escan und findlop oder nur noch findlop?

Hallo,
mach mal zur Sicherheit beides, am besten erst findlop und dann Escan.


Grüße Wildone

HOI:Bei mir tauchen staendig spamnachrichten von z. B. a-d-ware aber auch viele andere. Da ich mich hier schon seit 2 stunden Informiere und immer noch keine ahnung hab wuerde ich euch bitten das ihr euch mal meine Logfile anschat und mir event. erklärt ob und was net damit stimmt.
Bitte fuer verstaendnis bei dummen fragen den die werden 100 pro kommen :kloppen:

Logfile of HijackThis v1.99.1
Scan saved at 02:10:48, on 01.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVirenKit 2004\AVKService.exe
C:\Programme\AntiVirenKit 2004\AVKWCtl.exe
C:\WINDOWS\YmFzdGkA\command.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
E:\games\Valve\Steam.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111867613701
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\fp2s03f7e.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit 2004\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit 2004\AVKWCtl.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YmFzdGkA\command.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

@Vertrauenswuerdig
Eröffne einen eigenen Thread und mache das selbe wie ich in Posting #2 geraten habe.


Grüße Wildone

So da bin ich wieder, konnte 'ne Weile nicht on kommen.
So wie es aussieht habe ich jetzt Ruhe vor den Plagegeistern.
Soll ich Sicherheitshalber trotzdem noch findlop und escan durchführen? Na ich werde mich mal heute nachmittag ranmachen.
Danke soweit!

Okay das ist der findlop, sagt mir überhaupt nichts:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A64D5D6591F6D6E1.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\dokume~1\tl***e\anwend~1\drvpla~1\fastarmytitle.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'tl***e'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/30/2005 13:00:00
NextRun: 11/08/2005 16:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/03/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Nur mit diesem escan komme ich überhaupt nicht klar. Irgendwie habe ich mich auf der Website zu diesem MWAV total verlaufen und dann kam ich mit diesem abgesicherten Modus nicht klar. Ich hatte dann schon mal einen Scan laufen lassen, hat aber ganz schön lange gedauert. Da er aber schon so einiges gefunden hat werde ich das ganze morgen wenn ich etwas mehr Zeit habe noch mal durchführen. Nur soll ich das ganze Log von MWAV posten? Das ist doch ziemlich lang...

So habe einfach nur den glaube ich wichtigsten Teil aus dem Log kopiert:

Wed Nov 09 12:52:01 2005 => Virus Database Date: 2005/11/07
Wed Nov 09 12:52:01 2005 => Virus Database Count: 158608
Wed Nov 09 13:21:34 2005 => AV Library Unloaded (3)...
Wed Nov 09 13:57:40 2005 => **********************************************************
Wed Nov 09 13:57:40 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Wed Nov 09 13:57:40 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Wed Nov 09 13:57:40 2005 => **********************************************************
Wed Nov 09 13:57:40 2005 => Version 7.2.9 (C:\Dokumente und Einstellungen\tlange\Lokale Einstellungen\Temp\mwavscan.com)
Wed Nov 09 13:57:40 2005 => Log File: C:\DOKUME~1\tlange\LOKALE~1\Temp\MWAV.LOG
Wed Nov 09 13:57:40 2005 => Last Scan Date and Time: 09.11.2005 10:24:08
Wed Nov 09 13:57:40 2005 => MWAV Registered: FALSE.
Wed Nov 09 13:57:40 2005 => MWAV Mode: Only Scan files.
Wed Nov 09 13:57:43 2005 => AV Library Loaded...
Wed Nov 09 13:57:43 2005 => MWAV doing self scanning...
Wed Nov 09 13:57:43 2005 => Scanning File C:\DOKUME~1\tlange\LOKALE~1\Temp\kavss.exe
Wed Nov 09 13:57:43 2005 => Scanning File C:\DOKUME~1\tlange\LOKALE~1\Temp\Getvlist.exe
Wed Nov 09 13:57:44 2005 => Scanning File C:\DOKUME~1\tlange\LOKALE~1\Temp\kavss.dll
Wed Nov 09 13:57:44 2005 => Scanning File C:\DOKUME~1\tlange\LOKALE~1\Temp\kavssdi.dll
Wed Nov 09 13:57:44 2005 => Scanning File C:\DOKUME~1\tlange\LOKALE~1\Temp\kavssi.dll
Wed Nov 09 13:57:44 2005 => Scanning File C:\DOKUME~1\tlange\LOKALE~1\Temp\kavvlg.dll
Wed Nov 09 13:57:44 2005 => Scanning File C:\DOKUME~1\tlange\LOKALE~1\Temp\msvlclnt.dll
Wed Nov 09 13:57:44 2005 => Scanning File C:\DOKUME~1\tlange\LOKALE~1\Temp\ipc.dll
Wed Nov 09 13:57:44 2005 => Scanning File C:\DOKUME~1\tlange\LOKALE~1\Temp\main.avi
Wed Nov 09 13:57:44 2005 => Scanning File C:\DOKUME~1\tlange\LOKALE~1\Temp\virus.avi
Wed Nov 09 13:57:44 2005 => MWAV files are clean.
Wed Nov 09 13:57:44 2005 => Virus Database Date: 2005/11/07
Wed Nov 09 13:57:44 2005 => Virus Database Count: 158257

Wed Nov 09 13:57:51 2005 => **********************************************************
Wed Nov 09 13:57:51 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Wed Nov 09 13:57:51 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Wed Nov 09 13:57:51 2005 =>
Wed Nov 09 13:57:51 2005 => Support: support@mwti.net
Wed Nov 09 13:57:51 2005 => Web: http://www.mwti.net
Wed Nov 09 13:57:51 2005 => **********************************************************
Wed Nov 09 13:57:51 2005 => Version 7.2.9 (C:\Dokumente und Einstellungen\tlange\Lokale Einstellungen\Temp\mwavscan.com)
Wed Nov 09 13:57:51 2005 => Log File: C:\DOKUME~1\tlange\LOKALE~1\Temp\MWAV.LOG
Wed Nov 09 13:57:51 2005 => User Account: tlange
Wed Nov 09 13:57:51 2005 => Windows Root Folder: C:\WINDOWS
Wed Nov 09 13:57:51 2005 => Windows Sys32 Folder: C:\WINDOWS\system32
Wed Nov 09 13:57:51 2005 => OS: Windows NT

Wed Nov 09 13:57:51 2005 => Options Selected by User:
Wed Nov 09 13:57:51 2005 => Memory Check: Enabled
Wed Nov 09 13:57:51 2005 => Registry Check: Enabled
Wed Nov 09 13:57:51 2005 => StartUp Folder Check: Disabled
Wed Nov 09 13:57:51 2005 => System Folder Check: Disabled
Wed Nov 09 13:57:51 2005 => System Area Check: Disabled
Wed Nov 09 13:57:51 2005 => Services Check: Enabled
Wed Nov 09 13:57:51 2005 => Drive Check: Disabled
Wed Nov 09 13:57:51 2005 => All Drive Check :Enabled
Wed Nov 09 13:57:51 2005 => Folder Check: Disabled

Wed Nov 09 13:58:08 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Wed Nov 09 13:58:08 2005 => Loading Spyware Signatures from new External Database (Size: 145242).
Wed Nov 09 13:58:08 2005 => Indexed Spyware Databases Successfully Created...

Wed Nov 09 14:07:22 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Wed Nov 09 14:07:27 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\bjw2aecl\stylesheet[1].css
Wed Nov 09 14:07:27 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.

Wed Nov 09 14:07:28 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\ojuittei\ticker[1].js
Wed Nov 09 14:07:28 2005 => System found infected with whenu.savenow Spyware/Adware (ticker[1].js)! Action taken: No Action Taken.

Wed Nov 09 14:07:28 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\tu3iif6s\global[1].js
Wed Nov 09 14:07:28 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.

Wed Nov 09 14:07:28 2005 => Offending file found: C:\WINDOWS\system32\loader.dll
Wed Nov 09 14:07:28 2005 => System found infected with platform-a adult content dialer Spyware/Adware (loader.dll)! Action taken: No Action Taken.

Wed Nov 09 14:07:30 2005 => Offending file found: C:\Dokumente und Einstellungen\tlange\Lokale Einstellungen\temp\temporary internet files\content.ie5\kdazwl2n\show_ads[2].js
Wed Nov 09 14:07:30 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Wed Nov 09 14:07:30 2005 => Offending file found: C:\Dokumente und Einstellungen\tlange\Lokale Einstellungen\temporary internet files\content.ie5\ixk1unq7\common[1].js
Wed Nov 09 14:07:30 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Wed Nov 09 14:07:31 2005 => Offending file found: C:\Dokumente und Einstellungen\tlange\Lokale Einstellungen\temporary internet files\content.ie5\k50f85w3\common[1].js
Wed Nov 09 14:07:31 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Wed Nov 09 14:07:31 2005 => Offending file found: C:\Dokumente und Einstellungen\tlange\Lokale Einstellungen\temporary internet files\content.ie5\st6ng9ir\common[1].js
Wed Nov 09 14:07:31 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Wed Nov 09 14:07:32 2005 => Offending file found: C:\Dokumente und Einstellungen\tlange\Lokale Einstellungen\temporary internet files\content.ie5\u52zad6l\common[1].js
Wed Nov 09 14:07:32 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Wed Nov 09 14:07:32 2005 => Offending file found: C:\Dokumente und Einstellungen\tlange\Lokale Einstellungen\Temporary Internet Files\content.ie5\ixk1unq7\common[1].js
Wed Nov 09 14:07:32 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Wed Nov 09 14:07:32 2005 => Offending file found: C:\Dokumente und Einstellungen\tlange\Lokale Einstellungen\Temporary Internet Files\content.ie5\k50f85w3\common[1].js
Wed Nov 09 14:07:32 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Wed Nov 09 14:07:32 2005 => Offending file found: C:\Dokumente und Einstellungen\tlange\Lokale Einstellungen\Temporary Internet Files\content.ie5\st6ng9ir\common[1].js
Wed Nov 09 14:07:32 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Wed Nov 09 14:07:32 2005 => Offending file found: C:\Dokumente und Einstellungen\tlange\Lokale Einstellungen\Temporary Internet Files\content.ie5\u52zad6l\common[1].js
Wed Nov 09 14:07:32 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Wed Nov 09 14:07:34 2005 => Offending file found: C:\WINDOWS\iun6002.exe
Wed Nov 09 14:07:34 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.

Wed Nov 09 14:39:03 2005 => ***** Checking for specific ITW Viruses *****
Wed Nov 09 14:39:03 2005 => Checking for Welchia Virus...
Wed Nov 09 14:39:03 2005 => Checking for LovGate Virus...
Wed Nov 09 14:39:03 2005 => Checking for CodeRed Virus...
Wed Nov 09 14:39:03 2005 => Checking for OpaServ Virus...
Wed Nov 09 14:39:03 2005 => Checking for Sobig.e Virus...
Wed Nov 09 14:39:03 2005 => Checking for Winupie Virus...
Wed Nov 09 14:39:03 2005 => Checking for Swen Virus...
Wed Nov 09 14:39:03 2005 => Checking for JS.Fortnight Virus...
Wed Nov 09 14:39:03 2005 => Checking for Novarg Virus...
Wed Nov 09 14:39:03 2005 => Checking for Pagabot Virus...
Wed Nov 09 14:39:03 2005 => Checking for Parite.b Virus...
Wed Nov 09 14:39:03 2005 => Checking for Parite.a Virus...
Wed Nov 09 14:39:03 2005 => Checking for Adware.SeekSeek Virus...

Wed Nov 09 14:39:03 2005 => ***** Scanning complete. *****

Wed Nov 09 14:39:03 2005 => Total Objects Scanned: 68670
Wed Nov 09 14:39:03 2005 => Total Virus(es) Found: 15
Wed Nov 09 14:39:03 2005 => Total Disinfected Files: 0
Wed Nov 09 14:39:03 2005 => Total Files Renamed: 0
Wed Nov 09 14:39:03 2005 => Total Deleted Objects: 0
Wed Nov 09 14:39:03 2005 => Total Errors: 97
Wed Nov 09 14:39:03 2005 => Time Elapsed: 00:41:08
Wed Nov 09 14:39:03 2005 => Virus Database Date: 2005/11/07
Wed Nov 09 14:39:03 2005 => Virus Database Count: 158257

Wed Nov 09 14:39:03 2005 => Scan Completed.

Guckt hier noch jemand rein und kann mir nun noch weiterhelfen? Irgendwie muß ich doch diese Plagegeister endgültig loswerden können, bevor die sich wieder vermehren... :teufel1:

Würde doch gerne wissen was ich jetzt noch machen muß oder ob ich noch mehr posten soll?

Hallo,
du hast leider das Escan Log in sehr unübersuichtlicher Weise gepostet, besser wäre gewesen du hättest im Log nach den Wörtern "infected" "tagged" und offending gesucht und die jeweiligen Einträge gepostet.
Aber was ich so sehe ist alles harmlos, lösche mal deine temorären Internetdateien "im IE unter extra>>internetoptionen.


Grüße Wildone