Home » Viren, Trojaner & Malware Forum » wie entfernt man w32.spybot.worm? » Themenansicht

wie entfernt man w32.spybot.worm?

Thema ist geschlossen!
Thema ist geschlossen!
#0
18.02.2005, 07:34
Jessy
...neu hier

Beiträge: 6
#16 Danke Sabine!!! Ich werde es gleich machen.
ISt aber sonst alles ok? und danach? was soll ich beachten?
Vielen Dank nochmals für die Hilfe. -^-^-
Seitenanfang Seitenende
18.02.2005, 09:50
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#17

Zitat

Jessy postete
Danke Sabine!!! Ich werde es gleich machen.
ISt aber sonst alles ok? und danach? was soll ich beachten?
Vielen Dank nochmals für die Hilfe. -^-^-
Ich verstehe die Frage: ist sonst alles o.k. nicht.....nichts ist o.k., der PC ist voellig verseucht und gehort "nicht mehr dir", sondern wird von den Besitzern der Backdoors gesteuert, die sich Einlass im Windows verschafft haben.

wenn du formatiert hast, beachte die Punkte, die du auf meiner HP findest , dann poste das neue log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.02.2005, 16:27
Jessy
...neu hier

Beiträge: 6
#18 Oh!!!..... ich bin dankbar, dass du mir geholfen hast!
Ich formatiere jetzt gleich und werdeden den Hijackthis einfügen.

*wenn du formatiert hast, beachte die Punkte, die du auf meiner HP findest*
auf deien HP finden werde??? HP sind? sorry for the stupid question. -^-^-

Danke noch mals!
Dieser Beitrag wurde am 18.02.2005 um 16:28 Uhr von Jessy editiert.
Seitenanfang Seitenende
19.02.2005, 18:38
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#19 http://virus-protect.org/
hier ist sie noch mal ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
27.02.2005, 23:39
Jessy
...neu hier

Beiträge: 6
#20 hallo Sabine!!!!
Ich hoffe, dass es dir gut geht. Sorry! wegen der spät eintragung.
So, habe neu formatiert. Füge jetzt den Hijackthis log ein:

Logfile of HijackThis v1.99.1
Scan saved at 22:34:07, on 27.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Sony\VAIO Action Setup\VAServ.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS2\UPDATE.EXE
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\tonchkml32.exe
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programme\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\GEMEIN~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


weis nicht ob sich was geändert hat?
Bitte sage mir was ich jetzt weiter tun soll.
Vielen Dank -^-^-
mfg
Jessy
Seitenanfang Seitenende
28.02.2005, 14:07
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#21 Hallo@Jessy

das Log ist sauber ;) muesste es auch sein, wenn du neu installiert hast ;)

Windows Worms Doors Cleaner erlaubt Ihnen die Dienste auf die die Würmer angewiesen sind, zu schließen
http://www.firewallleaktester.com/wwdc.htm




#Alternativbrowser zum IE
Firefox
http://www.mozilla-europe.org/de/
Installation+Konfiguration Firefox
http://www.pcwelt.de/know-how/software/103924/index1.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.02.2005, 14:42
Jessy
...neu hier

Beiträge: 6
#22 Hallo Sabina!!!!

Vielen vielen Dank!!!! -^-^-
Jetzt bin ich entspanned!!!
Danke für deine Hilfe!!
--^_^--
Seitenanfang Seitenende
28.02.2005, 15:57
Auti
...neu hier

Beiträge: 3
#23 Hallo,
Wenn ich einen Online-Virenscan auf symantec.at mache, bekomme ich auch die Meldung das ich mit W32-Spybot worm infisziert bin. Mein Virenscanner-Programm Kaspersky zeigt hingegen nichts an.
Bin ich nun verseucht?
Hijackthis zeigt folgendes an:
Logfile of HijackThis v1.99.1
Scan saved at 15:55:22, on 28.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Preview AdService\PrevAdServ.exe
C:\Program Files\AdTools Service\AdTools.exe
C:\Programme\TerraTec\Cinergy 400 TV\TTTVRC.exe
C:\WINDOWS\Anvshell.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Program Files\Preview AdService\PrevAdKeep.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\AdTools Service\AdToolsKeep.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOKUME~1\Robert\LOKALE~1\Temp\HijackThis.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.powerplayenns.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.24speed.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von LIWEST Kabelmedien GmbH
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [*Microsoft Update] wstcl.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Windows Compliant] jalecz.exe
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [Windows pack service] bling.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Programme\TerraTec\Cinergy 400 TV\TTTVRC.exe
O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [MS Unix Binary] Norton2005Update.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\RunServices: [*Microsoft Update] wstcl.exe
O4 - HKLM\..\RunServices: [Windows Compliant] jalecz.exe
O4 - HKLM\..\RunServices: [Windows pack service] bling.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] Norton2005Update.exe
O4 - HKLM\..\RunServices: [Dynamic Dns Binary] dynitora.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [*Microsoft Update] wstcl.exe
O4 - HKCU\..\Run: [Windows Compliant] jalecz.exe
O4 - HKCU\..\Run: [Dynamic Dns Binary] dynitora.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.24speed.at/
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109186507843
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: kavsvc - Kaspersky Labs - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Seitenanfang Seitenende
28.02.2005, 23:41
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#24 Hallo@Auti

das sind alles Viren und backdoors....formatiere NEU und nimm die virenschleuder aus dem Netz !!!!!!!!!!!!!!

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [*Microsoft Update] wstcl.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Windows Compliant] jalecz.exe
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [Windows pack service] bling.exe
O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: [MS Unix Binary] Norton2005Update.exe
O4 - HKLM\..\RunServices: [*Microsoft Update] wstcl.exe
O4 - HKLM\..\RunServices: [Windows Compliant] jalecz.exe
O4 - HKLM\..\RunServices: [Windows pack service] bling.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] Norton2005Update.exe
O4 - HKLM\..\RunServices: [Dynamic Dns Binary] dynitora.exe
O4 - HKCU\..\Run: [*Microsoft Update] wstcl.exe
O4 - HKCU\..\Run: [Windows Compliant] jalecz.exe
O4 - HKCU\..\Run: [Dynamic Dns Binary] dynitora.exe
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.03.2005, 21:35
Pfaffi
...neu hier

Beiträge: 2
#25 Hallo, ich habe gerade gelesen, was bei Auti war und musste feststellen, dass es mir genauso ergeht.
Hier mein Hijackthis zeigt follgendes an.
ich hoffe du kannst auch mir helfen.


Scan saved at 21:26:58, on 01.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\PFAFFI~1.PFA\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Norton Personal Firewall] dust.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [Norton Personal Firewall] dust.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton Personal Firewall] dust.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: desktop(2).ini
O4 - Global Startup: desktop(2).ini
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106689075536
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: kavsvc - Kaspersky Labs - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
Seitenanfang Seitenende
02.03.2005, 01:05
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#26 Hallo@Pfaffi

Deaktivieren Wiederherstellung
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann aktiviere sie wieder)


#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

O4 - HKLM\..\Run: [Norton Personal Firewall] dust.exe
O4 - HKLM\..\RunServices: [Norton Personal Firewall] dust.exe
O4 - HKCU\..\Run: [Norton Personal Firewall] dust.exe

PC neustarten-->
gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/virus/savemode.shtml

Loesch dort:
C:\WINDOWS\system32\dust.exe

Geh auch in die Registry
Start<Ausfuehren<regedit

Bearbeiten--> suchen-->Norton Personal Firewall und dust.exe
und loesche mit rechtsklick, alles, was du findest.

dann starte den PC neu

dann mache Onlinescanns
http://virus-protect.org/
wenn du scrollst--> kommst du zu den onlinescanns (mache alle)

dann berichte
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.03.2005, 18:04
Auti
...neu hier

Beiträge: 3
#27 Die Virenschleuder wurde erfolgreich beseitigt !!!!!!!

Danke für die Hilfe.
Seitenanfang Seitenende
03.03.2005, 22:40
EVO VII
Member

Beiträge: 14
#28 jo hallo bin neu bitte um hilfe hier mein *keine ahnung wie es heisst*

Logfile of HijackThis v1.99.1
Scan saved at 22:36:33, on 03.03.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\doit.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Luzzi\LOKALE~1\Temp\Rar$EX00.953\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ch/0SEDECH/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tagteamgirls.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\etlzxgkx.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: (no name) - {413A8D45-0CA2-BEA6-609E-21A4F9938CE2} - C:\WINDOWS\System32\pwrartfg.dll
O2 - BHO: (no name) - {5A871C7C-6692-6F99-FB7F-4C124FF332F7} - C:\WINDOWS\System32\eguyrxdm.dll
O2 - BHO: (no name) - {7B273193-3558-E4F0-CF2C-6571F05A2F64} - C:\WINDOWS\System32\zudzxmpg.dll
O2 - BHO: (no name) - {926F70D6-84C0-4A9C-2A42-83E4C96540BB} - C:\WINDOWS\System32\uzhtpqld.dll
O2 - BHO: (no name) - {94662941-9078-248E-FF61-FFF49A7F6388} - C:\WINDOWS\System32\wpbubnjq.dll
O2 - BHO: (no name) - {A55D4929-D118-7A1B-65A0-0157B6C5CAB6} - C:\WINDOWS\System32\ncjypzba.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-ch\msntb.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\2.bin\MYBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [doit.exe] doit.exe
O4 - HKLM\..\RunServices: [Microsoft Security Downloads.] msd.exe
O4 - HKLM\..\RunServices: [doit.exe] doit.exe
O4 - HKLM\..\RunOnce: [doit.exe] doit.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [doit.exe] doit.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {00000000-DDBB-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://freeload.cc/secure/ieloader.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/de/filesharingctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.andlotsmore.com/factory/058343sw.exe
O16 - DPF: {4CA6CE4C-2199-4A4F-9542-12E0163D6841} (Dialer Class) - http://66.230.151.114/d/CABDialer.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {866CD2CC-5C58-448E-AEB1-6EE473717B1D} (Eyeball Chat Room Control) - http://de.bluewin.ch/services/chat/video_voice/EyeballSDK.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.serviceurl.de/StarInstall.ocx
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FFFB1D8B-88D6-4C91-BB62-378625E8C73E} ({FFFB1D8B-88D6-4C91-BB62-378625E8C73E}) - http://adult.popup.to/traffic/favorites.cab
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\jtn6075se.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: opsllolehdjv (fgpgvozz6) - Unknown owner - C:\WINDOWS\System32\dodsdxmh6.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

bitte hilf mir sabina wäre seeeeeeeeeeeeeehhhhhhhhhhhhhhhhhr nice von dir
Dieser Beitrag wurde am 03.03.2005 um 23:00 Uhr von EVO VII editiert.
Seitenanfang Seitenende
04.03.2005, 00:38
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#29 Hallo@EVO VII

Deaktivieren Wiederherstellung
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tagteamgirls.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\etlzxgkx.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: (no name) - {413A8D45-0CA2-BEA6-609E-21A4F9938CE2} - C:\WINDOWS\System32\pwrartfg.dll
O2 - BHO: (no name) - {5A871C7C-6692-6F99-FB7F-4C124FF332F7} - C:\WINDOWS\System32\eguyrxdm.dll
O2 - BHO: (no name) - {7B273193-3558-E4F0-CF2C-6571F05A2F64} - C:\WINDOWS\System32\zudzxmpg.dll
O2 - BHO: (no name) - {926F70D6-84C0-4A9C-2A42-83E4C96540BB} - C:\WINDOWS\System32\uzhtpqld.dll
O2 - BHO: (no name) - {94662941-9078-248E-FF61-FFF49A7F6388} - C:\WINDOWS\System32\wpbubnjq.dll
O2 - BHO: (no name) - {A55D4929-D118-7A1B-65A0-0157B6C5CAB6} - C:\WINDOWS\System32\ncjypzba.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-ch\msntb.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\2.bin\MYBAR.DLL
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [doit.exe] doit.exe
O4 - HKLM\..\RunServices: [Microsoft Security Downloads.] msd.exe
O4 - HKLM\..\RunServices: [doit.exe] doit.exe
O4 - HKLM\..\RunOnce: [doit.exe] doit.exe
O4 - HKCU\..\Run: [doit.exe] doit.exe

O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {00000000-DDBB-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://freeload.cc/secure/ieloader.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.andlotsmore.com/factory/058343sw.exe
O16 - DPF: {4CA6CE4C-2199-4A4F-9542-12E0163D6841} (Dialer Class) - http://66.230.151.114/d/CABDialer.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {FFFB1D8B-88D6-4C91-BB62-378625E8C73E} ({FFFB1D8B-88D6-4C91-BB62-378625E8C73E}) - http://adult.popup.to/traffic/favorites.cab
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\jtn6075se.dll
O23 - Service: opslehdjv (fgpgvozz6) - Unknown owner - C:\WINDOWS\System32\dodsdxmh6.exe

PC neustarten

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\System32\dodsdxmh6.exe
C:\WINDOWS\system32\jtn6075se.dll
C:\WINDOWS\system32\guard.tmp
C:\Windows\Downloaded Program Files loader2.ocx
C:\WINDOWS\System32\doit.exe
C:\WINDOWS\System32\msd.exe
C:\Programme\MyWay\myBar\2.bin\MYBAR.DLL
C:\WINDOWS\System32\etlzxgkx.dll
C:\WINDOWS\System32\pwrartfg.dll
C:\WINDOWS\System32\eguyrxdm.dll
C:\WINDOWS\System32\zudzxmpg.dll
C:\WINDOWS\System32\uzhtpqld.dll
C:\WINDOWS\System32\wpbubnjq.dll
C:\WINDOWS\System32\ncjypzba.dll

PC neustarten

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
AdAware-VX2 Cleaner
# Schließen Sie Ad-Aware (falls es gerade läuft)

# Laden Sie den VX2 Cleaner hier runter(•AdAware-VX2)
http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml
# Installieren Sie den VX2 Cleaner
# Starten Sie Ad-Aware
# Wechseln Sie zu Add-Ons
# Klicken Sie auf das VX2 Cleaner Add-on und klicken Sie auf Tool ausführen
# Ist Ihr Computer nicht Infiziert, klicken Sie auf schließen
# Ist Ihr Computer Infiziert, klicken Sie auf System reinigen
# Neustart
# Prüfen Sie Ihren Computer mit Ad-Aware
# Entfernen Sie jegliche gefundenen VX2 Objekte
# Neustart
# Prüfen Sie Ihr System erneut um sicherzustellen, das alle Dateien von Ihrem System entfernt wurden. (poste mir dann das Log vom letzten Scann)

Please download DllCompare from here
http://www.atribune.org/downloads/DllCompare.exe
<klick: Locate.com button.
wenn der Scan beendet ist
<klick:Compare button
<klick: und erstelle das Log--->bitte posten

•L2mfix
Laden Sie L2mfix von hier herunter:
http://bilder.informationsarchiv.net/Nikitas_Tools/
http://www.atribune.org/downloads/l2mfix.exe


* Speichern Sie die Datei auf Ihren Desktop und doppel-klicken Sie click l2mfix.exe.
* Klicken Sie auf Installieren um die Dateien zu extrahieren und folgen Sie den Anweisungen während der Installation.
* Dann öffnen Sie den auf Ihrem Desktop neuerstellten Ordner l2mfix
* Doppel-klicken Sie die Datei l2mfix.bat und tippen sie eine 1[/] und drücken Sie [Enter], um Find log laufen zu lassen. Dies wird Ihren Computer scannen. Es kann sein, das es so aussieht als ob nichts passiert, aber nach 1 oder 2 Minuten wird sich Notepad mit einem Log öffnen.
* Kopieren Sie den Inhalt durch Strg+A und fügen Sie den Inhalt in Ihren Thread durch Strg+V.
WICHTIG: Nutzen Sie nicht Option 2, oder jegliche andere Dateien aus dem l2mfix Ordner, bis Sie dazu aufgefordert werden!
* Schließen Sie alle offenen Programme , da der nächste Schritt einen Neustart erfordert. Klicken Sie erneut auf l2mfix.bat und tippen Sie 2 ein --> Enter[].
* Drücken Sie eine beliebige Taste um einen Systemneustart einzuleiten.
* Nach dem Neustart, werden Ihre Icons auf dem Desktop kurz erscheinen und kurz verschwinden - dies ist NORMAL.
* L2mfix wird den Systemscan fortsetzen und wenn es fertig ist, wird sich Notepad öffnen und einen Log anzeigen. Kopieren Sie auch diesen hier in den Thread rein (Strg+C & Strg+V). Posten Sie ausserdem einen aktuellen HijackThis Log.

•Hoster-Tool : http://members.aol.com/toadbee/hoster.zip
Press 'Restore Original Hosts' and press 'OK'
Exit Program.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.03.2005, 15:24
EVO VII
Member

Beiträge: 14
#30 hier der Log des DellCompare :

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\cirpol.dll Sun 6 Feb 2005 22:12:14 ..S.R 230'975 225.56 K
C:\WINDOWS\SYSTEM32\e020la~1.dll Sun 30 Jan 2005 17:41:38 ..S.R 229'153 223.78 K
C:\WINDOWS\SYSTEM32\fpjm03~1.dll Sun 30 Jan 2005 21:54:48 ..S.R 229'277 223.90 K
C:\WINDOWS\SYSTEM32\gpjml3~1.dll Sun 30 Jan 2005 18:34:38 ..S.R 229'277 223.90 K
C:\WINDOWS\SYSTEM32\h4l20e~1.dll Sun 6 Feb 2005 11:21:40 ..S.R 230'975 225.56 K
C:\WINDOWS\SYSTEM32\h64m0g~1.dll Mon 31 Jan 2005 12:06:54 ..S.R 229'427 224.05 K
C:\WINDOWS\SYSTEM32\hr0005~1.dll Wed 2 Feb 2005 12:47:00 ..S.R 231'122 225.70 K
C:\WINDOWS\SYSTEM32\hrrq05~1.dll Wed 2 Feb 2005 15:17:34 ..S.R 230'975 225.56 K
C:\WINDOWS\SYSTEM32\jtn607~1.dll Mon 7 Feb 2005 19:41:30 ..S.R 230'975 225.56 K
C:\WINDOWS\SYSTEM32\k080la~1.dll Mon 7 Feb 2005 12:02:42 ..S.R 232'055 226.61 K
C:\WINDOWS\SYSTEM32\ktj6l7~1.dll Mon 31 Jan 2005 23:19:12 ..S.R 229'016 223.65 K
C:\WINDOWS\SYSTEM32\l88m0i~1.dll Sat 5 Feb 2005 15:19:44 ..S.R 230'975 225.56 K
C:\WINDOWS\SYSTEM32\lv0u09~1.dll Sun 6 Feb 2005 21:56:54 ..S.R 230'975 225.56 K
C:\WINDOWS\SYSTEM32\ncwrsnl.dll Sat 29 Jan 2005 17:58:44 ..S.R 229'736 224.35 K
C:\WINDOWS\SYSTEM32\p2p60c~1.dll Mon 7 Feb 2005 22:50:26 ..S.R 230'975 225.56 K
C:\WINDOWS\SYSTEM32\q8rqli~1.dll Wed 2 Feb 2005 13:52:44 ..S.R 230'975 225.56 K
C:\WINDOWS\SYSTEM32\t2r80c~1.dll Sun 6 Feb 2005 18:21:40 ..S.R 230'975 225.56 K
C:\WINDOWS\SYSTEM32\woapi.dll Sat 29 Jan 2005 16:41:28 ..S.R 230'828 225.42 K
C:\WINDOWS\SYSTEM32\wodmtp.dll Sun 30 Jan 2005 11:02:48 ..S.R 229'153 223.78 K
________________________________________________

1'227 items found: 1'227 files (19 H/S), 0 directories.
Total of file sizes: 244'605'069 bytes 233.27 M

Administrator Account = True

--------------------End log---------------------


und hier der log von diesem 12mfix

L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Paths]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\guard.tmp"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\jtn6075se.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{2A455BB5-3519-4AFA-88CA-656563E9C9D7}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop-Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{BB7DF450-F119-11CD-8465-00AA00425D90}"="Microsoft Access Custom Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{05D44720-79AC-407A-878E-208286CF2F5F}"=""
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{05D44720-79AC-407A-878E-208286CF2F5F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{05D44720-79AC-407A-878E-208286CF2F5F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{05D44720-79AC-407A-878E-208286CF2F5F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{05D44720-79AC-407A-878E-208286CF2F5F}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Tue 7 Dec 2004 19:16:24 A.... 1'017'856 994.00 K
cdfview.dll Tue 7 Dec 2004 19:16:24 A.... 144'384 141.00 K
cirpol.dll Sun 6 Feb 2005 22:12:14 ..S.R 230'975 225.56 K
cmdlin~1.dll Wed 29 Dec 2004 21:24:50 A.... 43'520 42.50 K
e020la~1.dll Sun 30 Jan 2005 17:41:38 ..S.R 229'153 223.78 K
fpjm03~1.dll Sun 30 Jan 2005 21:54:48 ..S.R 229'277 223.90 K
gpjml3~1.dll Sun 30 Jan 2005 18:34:38 ..S.R 229'277 223.90 K
gwfspi~1.dll Fri 28 Jan 2005 15:37:58 A.... 23'304 22.76 K
h4l20e~1.dll Sun 6 Feb 2005 11:21:40 ..S.R 230'975 225.56 K
h64m0g~1.dll Mon 31 Jan 2005 12:06:54 ..S.R 229'427 224.05 K
hr0005~1.dll Wed 2 Feb 2005 12:47:00 ..S.R 231'122 225.70 K
hrrq05~1.dll Wed 2 Feb 2005 15:17:34 ..S.R 230'975 225.56 K
iepeers.dll Tue 7 Dec 2004 19:16:24 A.... 236'032 230.50 K
jtn607~1.dll Mon 7 Feb 2005 19:41:30 ..S.R 230'975 225.56 K
k080la~1.dll Mon 7 Feb 2005 12:02:42 ..S.R 232'055 226.61 K
ktj6l7~1.dll Mon 31 Jan 2005 23:19:12 ..S.R 229'016 223.65 K
l88m0i~1.dll Sat 5 Feb 2005 15:19:44 ..S.R 230'975 225.56 K
legitc~1.dll Fri 28 Jan 2005 15:38:00 A.... 421'128 411.26 K
lv0u09~1.dll Sun 6 Feb 2005 21:56:54 ..S.R 230'975 225.56 K
mshtml.dll Thu 27 Jan 2005 16:01:42 A.... 2'806'272 2.68 M
msvbvm60.dll Thu 13 Jan 2005 16:20:42 A.... 1'385'744 1.32 M
ncwrsnl.dll Sat 29 Jan 2005 17:58:44 ..S.R 229'736 224.35 K
ole32.dll Fri 14 Jan 2005 6:34:58 A.... 1'259'008 1.20 M
olecli32.dll Fri 14 Jan 2005 6:34:58 A.... 68'608 67.00 K
olecnv32.dll Fri 14 Jan 2005 6:34:58 A.... 35'328 34.50 K
p2p60c~1.dll Mon 7 Feb 2005 22:50:26 ..S.R 230'975 225.56 K
q8rqli~1.dll Wed 2 Feb 2005 13:52:44 ..S.R 230'975 225.56 K
rpcss.dll Fri 14 Jan 2005 6:34:58 A.... 284'672 278.00 K
s32evnt1.dll Mon 20 Dec 2004 18:58:18 A.... 83'664 81.70 K
shdocvw.dll Tue 7 Dec 2004 19:16:24 A.... 1'337'344 1.27 M
shell32.dll Tue 21 Dec 2004 20:59:52 A.... 8'484'864 8.09 M
shlwapi.dll Tue 7 Dec 2004 19:16:24 A.... 402'944 393.50 K
sporder.dll Mon 31 Jan 2005 17:08:22 A.... 8'464 8.27 K
srvsvc.dll Tue 7 Dec 2004 20:34:40 A.... 79'872 78.00 K
symneti.dll Fri 21 Jan 2005 22:31:54 A.... 513'752 501.71 K
symredir.dll Fri 21 Jan 2005 22:31:52 A.... 141'016 137.71 K
symstore.dll Fri 21 Jan 2005 21:30:58 A.... 124'168 121.26 K
t2r80c~1.dll Sun 6 Feb 2005 18:21:40 ..S.R 230'975 225.56 K
t68u0g~1.dll Mon 7 Feb 2005 16:47:44 ..... 230'975 225.56 K
urlmon.dll Tue 7 Dec 2004 19:16:24 A.... 496'640 485.00 K
user32.dll Wed 29 Dec 2004 2:32:22 A.... 576'000 562.50 K
vjwwofim.dll Thu 10 Feb 2005 11:27:40 A.... 73'728 72.00 K
wincor~1.dll Mon 31 Jan 2005 17:08:18 A.... 188'416 184.00 K
wininet.dll Tue 7 Dec 2004 19:16:26 A.... 595'456 581.50 K
winlspak.dll Mon 31 Jan 2005 17:08:24 A.... 196'608 192.00 K
winrul~1.dll Mon 31 Jan 2005 17:08:22 A.... 110'592 108.00 K
winupdak.dll Mon 31 Jan 2005 17:07:42 A.... 155'648 152.00 K
woapi.dll Sat 29 Jan 2005 16:41:28 ..S.R 230'828 225.42 K
wodmtp.dll Sun 30 Jan 2005 11:02:48 ..S.R 229'153 223.78 K

49 items found: 49 files (19 H/S), 0 directories.
Total of file sizes: 25'903'826 bytes 24.70 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 3017-55B5

Verzeichnis von C:\WINDOWS\System32

04.03.2005 15:08 <DIR> dllcache
07.02.2005 22:50 230'975 p2p60c7sef.dll
07.02.2005 19:41 230'975 jtn6075se.dll
07.02.2005 12:02 232'055 k080lalm1dqa.dll
06.02.2005 22:12 230'975 cirpol.dll
06.02.2005 21:56 230'975 lv0u09d9e.dll
06.02.2005 18:21 230'975 t2r80c9uef.dll
06.02.2005 11:21 230'975 h4l20e3oeh.dll
05.02.2005 15:19 230'975 l88m0il1e8q.dll
02.02.2005 15:17 230'975 hrrq0595e.dll
02.02.2005 13:52 230'975 q8rqli9518.dll
02.02.2005 12:46 231'122 hr0005dme.dll
31.01.2005 23:19 229'016 ktj6l71s1.dll
31.01.2005 12:06 229'427 h64m0gh1e64.dll
30.01.2005 21:54 229'277 fpjm0311e.dll
30.01.2005 18:34 229'277 gpjml3111.dll
30.01.2005 17:41 229'153 e020lafm1d2a.dll
30.01.2005 11:02 229'153 wodmtp.dll
29.01.2005 17:58 229'736 ncwrsnl.dll
29.01.2005 16:41 230'828 woapi.dll
13.07.2004 19:33 32 {33A9C3DF-21AB-4D7F-945A-399558FE3DE4}.dat
28.06.2003 09:26 <DIR> Microsoft
20 Datei(en) 4'377'851 Bytes
2 Verzeichnis(se), 23'225'544'704 Bytes frei


das ist das letzte 12mfix ergebnis

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C access for really "Everyone"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Jeder
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER



Setting up for Reboot


Starting Reboot!

C:\Dokumente und Einstellungen\Luzzi\Desktop\l2mfix
System Rebooted!

Running From:
C:\Dokumente und Einstellungen\Luzzi\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1608 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\cirpol.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\e020lafm1d2a.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\fpjm0311e.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\gpjml3111.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\h4l20e3oeh.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\h64m0gh1e64.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\hr0005dme.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\hrrq0595e.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\k080lalm1dqa.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\ktj6l71s1.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\l88m0il1e8q.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\lv0u09d9e.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\ncwrsnl.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\p2p60c7sef.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\q8rqli9518.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\t2r80c9uef.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\t68u0gl9e6q.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\woapi.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\wodmtp.dll
1 Datei(en) kopiert.
deleting: C:\WINDOWS\system32\cirpol.dll
Successfully Deleted: C:\WINDOWS\system32\cirpol.dll
deleting: C:\WINDOWS\system32\e020lafm1d2a.dll
Successfully Deleted: C:\WINDOWS\system32\e020lafm1d2a.dll
deleting: C:\WINDOWS\system32\fpjm0311e.dll
Successfully Deleted: C:\WINDOWS\system32\fpjm0311e.dll
deleting: C:\WINDOWS\system32\gpjml3111.dll
Successfully Deleted: C:\WINDOWS\system32\gpjml3111.dll
deleting: C:\WINDOWS\system32\h4l20e3oeh.dll
Successfully Deleted: C:\WINDOWS\system32\h4l20e3oeh.dll
deleting: C:\WINDOWS\system32\h64m0gh1e64.dll
Successfully Deleted: C:\WINDOWS\system32\h64m0gh1e64.dll
deleting: C:\WINDOWS\system32\hr0005dme.dll
Successfully Deleted: C:\WINDOWS\system32\hr0005dme.dll
deleting: C:\WINDOWS\system32\hrrq0595e.dll
Successfully Deleted: C:\WINDOWS\system32\hrrq0595e.dll
deleting: C:\WINDOWS\system32\k080lalm1dqa.dll
Successfully Deleted: C:\WINDOWS\system32\k080lalm1dqa.dll
deleting: C:\WINDOWS\system32\ktj6l71s1.dll
Successfully Deleted: C:\WINDOWS\system32\ktj6l71s1.dll
deleting: C:\WINDOWS\system32\l88m0il1e8q.dll
Successfully Deleted: C:\WINDOWS\system32\l88m0il1e8q.dll
deleting: C:\WINDOWS\system32\lv0u09d9e.dll
Successfully Deleted: C:\WINDOWS\system32\lv0u09d9e.dll
deleting: C:\WINDOWS\system32\ncwrsnl.dll
Successfully Deleted: C:\WINDOWS\system32\ncwrsnl.dll
deleting: C:\WINDOWS\system32\p2p60c7sef.dll
Successfully Deleted: C:\WINDOWS\system32\p2p60c7sef.dll
deleting: C:\WINDOWS\system32\q8rqli9518.dll
Successfully Deleted: C:\WINDOWS\system32\q8rqli9518.dll
deleting: C:\WINDOWS\system32\t2r80c9uef.dll
Successfully Deleted: C:\WINDOWS\system32\t2r80c9uef.dll
deleting: C:\WINDOWS\system32\t68u0gl9e6q.dll
Successfully Deleted: C:\WINDOWS\system32\t68u0gl9e6q.dll
deleting: C:\WINDOWS\system32\woapi.dll
Successfully Deleted: C:\WINDOWS\system32\woapi.dll
deleting: C:\WINDOWS\system32\wodmtp.dll
Successfully Deleted: C:\WINDOWS\system32\wodmtp.dll

Desktop.ini sucessfully removed

Zipping up files for submission:
adding: cirpol.dll (164 bytes security) (deflated 5%)
adding: e020lafm1d2a.dll (164 bytes security) (deflated 4%)
adding: fpjm0311e.dll (164 bytes security) (deflated 5%)
adding: gpjml3111.dll (164 bytes security) (deflated 5%)
adding: h4l20e3oeh.dll (164 bytes security) (deflated 5%)
adding: h64m0gh1e64.dll (164 bytes security) (deflated 5%)
adding: hr0005dme.dll (164 bytes security) (deflated 5%)
adding: hrrq0595e.dll (164 bytes security) (deflated 5%)
adding: k080lalm1dqa.dll (164 bytes security) (deflated 6%)
adding: ktj6l71s1.dll (164 bytes security) (deflated 4%)
adding: l88m0il1e8q.dll (164 bytes security) (deflated 5%)
adding: lv0u09d9e.dll (164 bytes security) (deflated 5%)
adding: ncwrsnl.dll (164 bytes security) (deflated 5%)
adding: p2p60c7sef.dll (164 bytes security) (deflated 5%)
adding: q8rqli9518.dll (164 bytes security) (deflated 5%)
adding: t2r80c9uef.dll (164 bytes security) (deflated 5%)
adding: t68u0gl9e6q.dll (164 bytes security) (deflated 5%)
adding: woapi.dll (164 bytes security) (deflated 5%)
adding: wodmtp.dll (164 bytes security) (deflated 4%)
adding: clear.reg (164 bytes security) (deflated 22%)
adding: echo.reg (164 bytes security) (deflated 9%)
adding: desktop.ini (164 bytes security) (deflated 14%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 81%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 65%)
adding: test.txt (164 bytes security) (deflated 77%)
adding: test2.txt (164 bytes security) (stored 0%)
adding: test3.txt (164 bytes security) (stored 0%)
adding: test5.txt (164 bytes security) (stored 0%)
adding: xfind.txt (164 bytes security) (deflated 71%)
adding: backregs/05D44720-79AC-407A-878E-208286CF2F5F.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for really "Everyone"


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

deleting local copy: cirpol.dll
deleting local copy: e020lafm1d2a.dll
deleting local copy: fpjm0311e.dll
deleting local copy: gpjml3111.dll
deleting local copy: h4l20e3oeh.dll
deleting local copy: h64m0gh1e64.dll
deleting local copy: hr0005dme.dll
deleting local copy: hrrq0595e.dll
deleting local copy: k080lalm1dqa.dll
deleting local copy: ktj6l71s1.dll
deleting local copy: l88m0il1e8q.dll
deleting local copy: lv0u09d9e.dll
deleting local copy: ncwrsnl.dll
deleting local copy: p2p60c7sef.dll
deleting local copy: q8rqli9518.dll
deleting local copy: t2r80c9uef.dll
deleting local copy: t68u0gl9e6q.dll
deleting local copy: woapi.dll
deleting local copy: wodmtp.dll

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Paths]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\guard.tmp"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\jtn6075se.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cirpol.dll
C:\WINDOWS\system32\e020lafm1d2a.dll
C:\WINDOWS\system32\fpjm0311e.dll
C:\WINDOWS\system32\gpjml3111.dll
C:\WINDOWS\system32\h4l20e3oeh.dll
C:\WINDOWS\system32\h64m0gh1e64.dll
C:\WINDOWS\system32\hr0005dme.dll
C:\WINDOWS\system32\hrrq0595e.dll
C:\WINDOWS\system32\k080lalm1dqa.dll
C:\WINDOWS\system32\ktj6l71s1.dll
C:\WINDOWS\system32\l88m0il1e8q.dll
C:\WINDOWS\system32\lv0u09d9e.dll
C:\WINDOWS\system32\ncwrsnl.dll
C:\WINDOWS\system32\p2p60c7sef.dll
C:\WINDOWS\system32\q8rqli9518.dll
C:\WINDOWS\system32\t2r80c9uef.dll
C:\WINDOWS\system32\t68u0gl9e6q.dll
C:\WINDOWS\system32\woapi.dll
C:\WINDOWS\system32\wodmtp.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{05D44720-79AC-407A-878E-208286CF2F5F}"=-
[-HKEY_CLASSES_ROOT\CLSID\{05D44720-79AC-407A-878E-208286CF2F5F}]
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{2A455BB5-3519-4AFA-88CA-656563E9C9D7}"=-
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{2A455BB5-3519-4AFA-88CA-656563E9C9D7}</IDone>
<IDtwo>VT00</IDtwo>
<VERSION>200</VERSION>
****************************************************************************


und hier der hijackThis

Logfile of HijackThis v1.99.1
Scan saved at 15:59:03, on 04.03.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Luzzi\LOKALE~1\Temp\Rar$EX00.922\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ch/0SEDECH/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tagteamgirls.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\etlzxgkx.dll (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {413A8D45-0CA2-BEA6-609E-21A4F9938CE2} - C:\WINDOWS\System32\pwrartfg.dll (file missing)
O2 - BHO: (no name) - {5A871C7C-6692-6F99-FB7F-4C124FF332F7} - C:\WINDOWS\System32\eguyrxdm.dll (file missing)
O2 - BHO: (no name) - {7B273193-3558-E4F0-CF2C-6571F05A2F64} - C:\WINDOWS\System32\zudzxmpg.dll (file missing)
O2 - BHO: (no name) - {926F70D6-84C0-4A9C-2A42-83E4C96540BB} - C:\WINDOWS\System32\uzhtpqld.dll (file missing)
O2 - BHO: (no name) - {94662941-9078-248E-FF61-FFF49A7F6388} - C:\WINDOWS\System32\wpbubnjq.dll (file missing)
O2 - BHO: (no name) - {A55D4929-D118-7A1B-65A0-0157B6C5CAB6} - C:\WINDOWS\System32\ncjypzba.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-ch\msntb.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [doit.exe] doit.exe
O4 - HKLM\..\RunServices: [Microsoft Security Downloads.] msd.exe
O4 - HKLM\..\RunServices: [doit.exe] doit.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [doit.exe] doit.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {00000000-DDBB-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://freeload.cc/secure/ieloader.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/de/filesharingctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.andlotsmore.com/factory/058343sw.exe
O16 - DPF: {4CA6CE4C-2199-4A4F-9542-12E0163D6841} (Dialer Class) - http://66.230.151.114/d/CABDialer.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {866CD2CC-5C58-448E-AEB1-6EE473717B1D} (Eyeball Chat Room Control) - http://de.bluewin.ch/services/chat/video_voice/EyeballSDK.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.serviceurl.de/StarInstall.ocx
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FFFB1D8B-88D6-4C91-BB62-378625E8C73E} ({FFFB1D8B-88D6-4C91-BB62-378625E8C73E}) - http://adult.popup.to/traffic/favorites.cab
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\jtn6075se.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: opsllolehdjv (fgpgvozz6) - Unknown owner - C:\WINDOWS\System32\dodsdxmh6.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

ich hoffe ich hab alles richtig gemacht...wenn nicht...Pech!!! lol
Dieser Beitrag wurde am 04.03.2005 um 15:59 Uhr von EVO VII editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: