**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C10817E4-792C-B985-77B3-6E1767CC7222}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f�r Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn�pfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1CAA843A-6DBD-40EF-AB71-8F7B209997C0}"="IntelliType Pro Key Settings Control Panel Property Page"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{2D1D33E0-8A8F-11D1-9626-444553540000}"="DMEX"
"{BB7DF450-F119-11CD-8465-00AA00425D90}"="Microsoft Access Custom Icon Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{B6D5044E-73DD-42FC-B67F-613831173CEE}"=""
"{D77A37A1-2DD3-4478-AA22-D2CB8ED26BD4}"=""
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B6D5044E-73DD-42FC-B67F-613831173CEE}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{B6D5044E-73DD-42FC-B67F-613831173CEE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B6D5044E-73DD-42FC-B67F-613831173CEE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B6D5044E-73DD-42FC-B67F-613831173CEE}\InprocServer32]
@="F:\\WINDOWS\\system32\\bhowseui(2).dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D77A37A1-2DD3-4478-AA22-D2CB8ED26BD4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D77A37A1-2DD3-4478-AA22-D2CB8ED26BD4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D77A37A1-2DD3-4478-AA22-D2CB8ED26BD4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D77A37A1-2DD3-4478-AA22-D2CB8ED26BD4}\InprocServer32]
@="F:\\WINDOWS\\system32\\majava.dll"
"ThreadingModel"="Apartment"

@wildone
hier der erste scan file

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run-]
"Asynchronous"=dword:00000000
"DllName"="F:\\WINDOWS\\system32\\ir0ml5d11.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER

ziemlich langer log-file und da der server das nicht schafft hab ichs zerschnippelt, ich hoffe man kanns erkennen

tja wie es in der anleitung stand ist es nicht gelaufen (hat nach neustart nicht geblunken, keine dos box kam und einen 2.log file gibts auch nicht)
ich hab mal HJT laufen lassen und 020 Eintrag ist weg, dann kann ich doch die winlogon standardeintellungen wiederherstellen, oder?

Hallo,
ja die Länge ist normal, kommt gleich noch das zweite? Bei dem kann man nämlich mehr erkennen.


Grüße Wildone

Zitat:

Zitat von Wildone

Hallo,
ja die Länge ist normal, kommt gleich noch das zweite? Bei dem kann man nämlich mehr erkennen.


Grüße Wildone

keine ahnung

Hallo,
hmm, wenn der O20 Eintrag weg ist, sollte das okay sein, dann solltest du mit dem nächsten Schritt fortfahren können. Also mit der Wiederherstellung.
Danach kannst du dann mal ein neues HijackThis Log posten.


Grüße Wildone

Ok danke (besser nachfragen als irgendwas falsches machen)

der hjt logfile vor standardeinstellungen:

Logfile of HijackThis v1.99.1
Scan saved at 01:14:23, on 21.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
D:\Programme\UpANDDown\WinStylerThemeSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\rundll32.exe
F:\Programme\Logitech\Mouseware\SYSTEM\EM_EXEC.EXE
F:\Programme\Microsoft Hardware\Keyboard\type32.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\Programme\ahead\InCD\InCD.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\Programme\QuickTime\qttask.exe
F:\WINDOWS\system32\drivers\CDAC11BA.EXE
F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
F:\Programme\Winamp\winampa.exe
F:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
H:\Programme\ICQ4\ICQLite.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Programme\Java\jre1.5.0_05\bin\jusched.exe
F:\WINDOWS\system32\UAService7.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\WINDOWS\system32\ctfmon.exe
I:\programme\valve\steam\steam.exe
D:\Programme\UpANDDown\MemOptimizer.exe
F:\Programme\WinTV\WinTV2K.EXE
F:\Programme\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\taskmgr.exe
H:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://w*w.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] "F:\Programme\Logitech\Mouseware\SYSTEM\EM_EXEC.EXE"
O4 - HKLM\..\Run: [IntelliType] "F:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "F:\Programme\ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StorageGuard] "F:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] F:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] H:\Programme\ICQ4\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "i:\programme\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Programme\UpANDDown\MemOptimizer.exe" autostart
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Programme\ICQ4\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = F:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinTV2000.lnk = F:\Programme\WinTV\WinTV2K.EXE
O8 - Extra context menu item: &Google-Suche - res://F:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://H:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://F:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\My Download Files\FREEDOWNLOAD\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\My Download Files\FREEDOWNLOAD\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\My Download Files\FREEDOWNLOAD\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\My Download Files\FREEDOWNLOAD\dlpage.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://F:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://F:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://F:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQ4\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQ4\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {8EA29612-399F-466D-B3F7-6261672E9018} - F:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {8EA29612-399F-466D-B3F7-6261672E9018} - F:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129732372140
O23 - Service: .nc2w2bedst - - (no file)
O23 - Service: Adobe LM Service - Unknown owner - F:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\UpANDDown\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - F:\WINDOWS\system32\UAService7.exe

mit standardeinstellungen

Logfile of HijackThis v1.99.1
Scan saved at 01:17:22, on 21.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
D:\Programme\UpANDDown\WinStylerThemeSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\rundll32.exe
F:\Programme\Logitech\Mouseware\SYSTEM\EM_EXEC.EXE
F:\Programme\Microsoft Hardware\Keyboard\type32.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\Programme\ahead\InCD\InCD.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\Programme\QuickTime\qttask.exe
F:\WINDOWS\system32\drivers\CDAC11BA.EXE
F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
F:\Programme\Winamp\winampa.exe
F:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
H:\Programme\ICQ4\ICQLite.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Programme\Java\jre1.5.0_05\bin\jusched.exe
F:\WINDOWS\system32\UAService7.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\WINDOWS\system32\ctfmon.exe
I:\programme\valve\steam\steam.exe
D:\Programme\UpANDDown\MemOptimizer.exe
F:\Programme\WinTV\WinTV2K.EXE
F:\Programme\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\taskmgr.exe
H:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://w*w.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] "F:\Programme\Logitech\Mouseware\SYSTEM\EM_EXEC.EXE"
O4 - HKLM\..\Run: [IntelliType] "F:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "F:\Programme\ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StorageGuard] "F:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] F:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] H:\Programme\ICQ4\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "i:\programme\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Programme\UpANDDown\MemOptimizer.exe" autostart
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Programme\ICQ4\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = F:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinTV2000.lnk = F:\Programme\WinTV\WinTV2K.EXE
O8 - Extra context menu item: &Google-Suche - res://F:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://H:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://F:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\My Download Files\FREEDOWNLOAD\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\My Download Files\FREEDOWNLOAD\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\My Download Files\FREEDOWNLOAD\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\My Download Files\FREEDOWNLOAD\dlpage.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://F:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://F:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://F:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQ4\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQ4\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {8EA29612-399F-466D-B3F7-6261672E9018} - F:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {8EA29612-399F-466D-B3F7-6261672E9018} - F:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129732372140
O23 - Service: .nc2w2bedst - - (no file)
O23 - Service: Adobe LM Service - Unknown owner - F:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\UpANDDown\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - F:\WINDOWS\system32\UAService7.exe

Hallo,
also so wie ich das sehe sollte das System jetzt sauber sein, du kannst mal noch zur Sicherheit Ewido drüberlaufen lassen.
Was den O23 Eintrag angeht, so habe ich keine Ahnung wie der weg geht, aber sollte eignetlich keine Gefahr von ausgehen, da die Datei auf den er sich bezieht nicht mehr existiert.


Grüße Wildone

Ich bekomme trotzdem noch diese popups rein, soll ich nochmals neustarten und diese ewido drüberlaufen lassen

Hallo,
Ewido im abgesicherten Modus laufen lassen. Wenn die Popups immernoch kommen solltest du vielleicht noch mal das L2mfix Tool versuchen (die zweite Option)

Grüße Wildone

hab ich alles gemacht, aber es kommen immer noch diese nervigen popups .
Ich hab mal neuen HJT-log-file gemacht:

Logfile of HijackThis v1.99.1
Scan saved at 09:26:44, on 21.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
D:\Programme\UpANDDown\WinStylerThemeSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\WINDOWS\system32\drivers\CDAC11BA.EXE
F:\Programme\ewido\security suite\ewidoctrl.exe
F:\Programme\ewido\security suite\ewidoguard.exe
F:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\UAService7.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\rundll32.exe
F:\Programme\Logitech\Mouseware\SYSTEM\EM_EXEC.EXE
F:\Programme\Microsoft Hardware\Keyboard\type32.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Programme\ahead\InCD\InCD.exe
F:\Programme\QuickTime\qttask.exe
F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
F:\Programme\Winamp\winampa.exe
H:\Programme\ICQ4\ICQLite.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Programme\Java\jre1.5.0_05\bin\jusched.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\WINDOWS\system32\ctfmon.exe
I:\programme\valve\steam\steam.exe
D:\Programme\UpANDDown\MemOptimizer.exe
F:\Programme\Spybot - Search & Destroy\TeaTimer.exe
F:\Programme\WinTV\WinTV2K.EXE
F:\Programme\Internet Explorer\iexplore.exe
H:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] "F:\Programme\Logitech\Mouseware\SYSTEM\EM_EXEC.EXE"
O4 - HKLM\..\Run: [IntelliType] "F:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "F:\Programme\ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StorageGuard] "F:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] F:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] H:\Programme\ICQ4\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "i:\programme\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Programme\UpANDDown\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Programme\ICQ4\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = F:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinTV2000.lnk = F:\Programme\WinTV\WinTV2K.EXE
O8 - Extra context menu item: &Google-Suche - res://F:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://H:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://F:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\My Download Files\FREEDOWNLOAD\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\My Download Files\FREEDOWNLOAD\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\My Download Files\FREEDOWNLOAD\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\My Download Files\FREEDOWNLOAD\dlpage.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://F:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://F:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://F:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQ4\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQ4\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {8EA29612-399F-466D-B3F7-6261672E9018} - F:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {8EA29612-399F-466D-B3F7-6261672E9018} - F:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129732372140
O23 - Service: .nc2w2bedst - - (no file)
O23 - Service: Adobe LM Service - Unknown owner - F:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - F:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\UpANDDown\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - F:\WINDOWS\system32\UAService7.exe

findet ihr noch irgendwas?

ich bins nochmal
kann ich da jetzt noch irgendwas machen?

Hallo,
versuch mal das hier
Wenn das nicht funktioniert mach mal einen screenshot von den Popups und poste ihn.


Grüße Wildone