Home » Spyware & Browser Hijacker Support Forum » Browserfenster öffnet immer(+hijacker log) » Themenansicht

Browserfenster öffnet immer(+hijacker log)
#0
09.12.2005, 12:54
gsg9gag
...neu hier

Beiträge: 2
#1 Hallo erstmal,

ich habe nun schon seit längerem das problem, dass sich immer wärend die Internetverbindung aktiviert ist und der Rechner läuft, sich ein Browserfenster mit Werbung öffnet (Internet Explorer). Das kann in der Stunde bis zu 40 oder mehr Fenster führen. Ich habe auch schon alles probiert, aber nichts hat geklappt und nun hoffe ich, hier weitere Hilfe zu finden.

Die Log habe ich auch schon online ausgewertet, aber da wurde mir nichts schlimmes angezeigt. Also bitte helft mir weiter...

die Log

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 12:51:14, on 09.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Nero\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programme\eMule\emule.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\RonIn\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\ktrml7911.dll
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Seitenanfang Seitenende
09.12.2005, 14:01
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo gsg9gag

l2mfix
arbeite Option 2 und nach dem booten Option 4 ab und kopiere hier das Log vom Scan
http://virus-protect.org/l2mfix.html
+
Hoster.zip -> anwenden
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

dann sehen wir weiter ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.12.2005, 12:32
gsg9gag
...neu hier

Themenstarter

Beiträge: 2
#3 so, nun meine Log von l2mfix

Zitat

L2mfix Beta 120905
Creating Account.
Der Befehl wurde erfolgreich ausgefhrt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 516 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 600 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 2000 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1204 'rundll32.exe'
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
Granting SeDebugPrivilege to Administrateurs ... failed (GetAccountSid(Administrateurs)=1332
Granting SeDebugPrivilege to Administrat÷rer ... failed (GetAccountSid(Administrat÷rer)=1332
Granting SeDebugPrivilege to Administradores ... failed (GetAccountSid(Administradores)=1332
Granting SeDebugPrivilege to Amministratore ... failed (GetAccountSid(Amministratore)=1332
Granting SeDebugPrivilege to Administratoren ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\afmeter.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\aimparse.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\apvapi32.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\asstream.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\astiveds.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\cdrpol.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\cdrpol.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\damstor.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\damstor.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\dfband.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\dfband.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\dhprov.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\dhprov.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\djkquota.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\djkquota.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\dnl4013qe.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\dYtime.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\dYtime.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\en8ml1l11.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\fnj0211mg.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\fnj0211mg.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\ijm32.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\iump.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\iump.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\kgdfc.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\khdgae.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\krdfc.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\kudtuq.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\MKIMTF.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\MKIMTF.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\MTPRPDE.DLL
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\mugina.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\mugina.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\mzconf.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\mzconf.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\qcv.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\qcv.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\snell32.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\tvappcmp.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\utlmon.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\utlmon.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\uuiplat.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\uuiplat.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\wdhde.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\wdhde.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\WTDMPS.dll
1 Datei(en) kopiert.
Backing Up: C:\WINDOWS\system32\WTDMPS.dll
1 Datei(en) kopiert.
deleting: C:\WINDOWS\system32\afmeter.dll
Successfully Deleted: C:\WINDOWS\system32\afmeter.dll
deleting: C:\WINDOWS\system32\aimparse.dll
Successfully Deleted: C:\WINDOWS\system32\aimparse.dll
deleting: C:\WINDOWS\system32\apvapi32.dll
Successfully Deleted: C:\WINDOWS\system32\apvapi32.dll
deleting: C:\WINDOWS\system32\asstream.dll
Successfully Deleted: C:\WINDOWS\system32\asstream.dll
deleting: C:\WINDOWS\system32\astiveds.dll
Successfully Deleted: C:\WINDOWS\system32\astiveds.dll
deleting: C:\WINDOWS\system32\cdrpol.dll
Successfully Deleted: C:\WINDOWS\system32\cdrpol.dll
deleting: C:\WINDOWS\system32\cdrpol.dll
Successfully Deleted: C:\WINDOWS\system32\cdrpol.dll
deleting: C:\WINDOWS\system32\damstor.dll
Successfully Deleted: C:\WINDOWS\system32\damstor.dll
deleting: C:\WINDOWS\system32\damstor.dll
Successfully Deleted: C:\WINDOWS\system32\damstor.dll
deleting: C:\WINDOWS\system32\dfband.dll
Successfully Deleted: C:\WINDOWS\system32\dfband.dll
deleting: C:\WINDOWS\system32\dfband.dll
Successfully Deleted: C:\WINDOWS\system32\dfband.dll
deleting: C:\WINDOWS\system32\dhprov.dll
Successfully Deleted: C:\WINDOWS\system32\dhprov.dll
deleting: C:\WINDOWS\system32\dhprov.dll
Successfully Deleted: C:\WINDOWS\system32\dhprov.dll
deleting: C:\WINDOWS\system32\djkquota.dll
Successfully Deleted: C:\WINDOWS\system32\djkquota.dll
deleting: C:\WINDOWS\system32\djkquota.dll
Successfully Deleted: C:\WINDOWS\system32\djkquota.dll
deleting: C:\WINDOWS\system32\dnl4013qe.dll
Successfully Deleted: C:\WINDOWS\system32\dnl4013qe.dll
deleting: C:\WINDOWS\system32\dYtime.dll
Successfully Deleted: C:\WINDOWS\system32\dYtime.dll
deleting: C:\WINDOWS\system32\dYtime.dll
Successfully Deleted: C:\WINDOWS\system32\dYtime.dll
deleting: C:\WINDOWS\system32\en8ml1l11.dll
Successfully Deleted: C:\WINDOWS\system32\en8ml1l11.dll
deleting: C:\WINDOWS\system32\fnj0211mg.dll
Successfully Deleted: C:\WINDOWS\system32\fnj0211mg.dll
deleting: C:\WINDOWS\system32\fnj0211mg.dll
Successfully Deleted: C:\WINDOWS\system32\fnj0211mg.dll
deleting: C:\WINDOWS\system32\ijm32.dll
Successfully Deleted: C:\WINDOWS\system32\ijm32.dll
deleting: C:\WINDOWS\system32\iump.dll
Successfully Deleted: C:\WINDOWS\system32\iump.dll
deleting: C:\WINDOWS\system32\iump.dll
Successfully Deleted: C:\WINDOWS\system32\iump.dll
deleting: C:\WINDOWS\system32\kgdfc.dll
Successfully Deleted: C:\WINDOWS\system32\kgdfc.dll
deleting: C:\WINDOWS\system32\khdgae.dll
Successfully Deleted: C:\WINDOWS\system32\khdgae.dll
deleting: C:\WINDOWS\system32\krdfc.dll
Successfully Deleted: C:\WINDOWS\system32\krdfc.dll
deleting: C:\WINDOWS\system32\kudtuq.dll
Successfully Deleted: C:\WINDOWS\system32\kudtuq.dll
deleting: C:\WINDOWS\system32\MKIMTF.dll
Successfully Deleted: C:\WINDOWS\system32\MKIMTF.dll
deleting: C:\WINDOWS\system32\MKIMTF.dll
Successfully Deleted: C:\WINDOWS\system32\MKIMTF.dll
deleting: C:\WINDOWS\system32\MTPRPDE.DLL
Successfully Deleted: C:\WINDOWS\system32\MTPRPDE.DLL
deleting: C:\WINDOWS\system32\mugina.dll
Successfully Deleted: C:\WINDOWS\system32\mugina.dll
deleting: C:\WINDOWS\system32\mugina.dll
Successfully Deleted: C:\WINDOWS\system32\mugina.dll
deleting: C:\WINDOWS\system32\mzconf.dll
Successfully Deleted: C:\WINDOWS\system32\mzconf.dll
deleting: C:\WINDOWS\system32\mzconf.dll
Successfully Deleted: C:\WINDOWS\system32\mzconf.dll
deleting: C:\WINDOWS\system32\qcv.dll
Successfully Deleted: C:\WINDOWS\system32\qcv.dll
deleting: C:\WINDOWS\system32\qcv.dll
Successfully Deleted: C:\WINDOWS\system32\qcv.dll
deleting: C:\WINDOWS\system32\snell32.dll
Successfully Deleted: C:\WINDOWS\system32\snell32.dll
deleting: C:\WINDOWS\system32\tvappcmp.dll
Successfully Deleted: C:\WINDOWS\system32\tvappcmp.dll
deleting: C:\WINDOWS\system32\utlmon.dll
Successfully Deleted: C:\WINDOWS\system32\utlmon.dll
deleting: C:\WINDOWS\system32\utlmon.dll
Successfully Deleted: C:\WINDOWS\system32\utlmon.dll
deleting: C:\WINDOWS\system32\uuiplat.dll
Successfully Deleted: C:\WINDOWS\system32\uuiplat.dll
deleting: C:\WINDOWS\system32\uuiplat.dll
Successfully Deleted: C:\WINDOWS\system32\uuiplat.dll
deleting: C:\WINDOWS\system32\wdhde.dll
Successfully Deleted: C:\WINDOWS\system32\wdhde.dll
deleting: C:\WINDOWS\system32\wdhde.dll
Successfully Deleted: C:\WINDOWS\system32\wdhde.dll
deleting: C:\WINDOWS\system32\WTDMPS.dll
Successfully Deleted: C:\WINDOWS\system32\WTDMPS.dll
deleting: C:\WINDOWS\system32\WTDMPS.dll
Successfully Deleted: C:\WINDOWS\system32\WTDMPS.dll


Zipping up files for submission:
zip warning: name not matched: guard.tmp

zip error: Nothing to do! (backup.zip)
adding: Dokumente und Einstellungen/RonIn/Desktop/l2mfix/backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: Dokumente und Einstellungen/RonIn/Desktop/l2mfix/backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Sedebugprivilege:

Restoring Windows Update Certificates.:

deleting local copy: afmeter.dll
deleting local copy: aimparse.dll
deleting local copy: apvapi32.dll
deleting local copy: asstream.dll
deleting local copy: astiveds.dll
deleting local copy: cdrpol.dll
deleting local copy: cdrpol.dll
deleting local copy: damstor.dll
deleting local copy: damstor.dll
deleting local copy: dfband.dll
deleting local copy: dfband.dll
deleting local copy: dhprov.dll
deleting local copy: dhprov.dll
deleting local copy: djkquota.dll
deleting local copy: djkquota.dll
deleting local copy: dnl4013qe.dll
deleting local copy: dYtime.dll
deleting local copy: dYtime.dll
deleting local copy: en8ml1l11.dll
deleting local copy: fnj0211mg.dll
deleting local copy: fnj0211mg.dll
deleting local copy: ijm32.dll
deleting local copy: iump.dll
deleting local copy: iump.dll
deleting local copy: kgdfc.dll
deleting local copy: khdgae.dll
deleting local copy: krdfc.dll
deleting local copy: kudtuq.dll
deleting local copy: MKIMTF.dll
deleting local copy: MKIMTF.dll
deleting local copy: MTPRPDE.DLL
deleting local copy: mugina.dll
deleting local copy: mugina.dll
deleting local copy: mzconf.dll
deleting local copy: mzconf.dll
deleting local copy: qcv.dll
deleting local copy: qcv.dll
deleting local copy: snell32.dll
deleting local copy: tvappcmp.dll
deleting local copy: utlmon.dll
deleting local copy: utlmon.dll
deleting local copy: uuiplat.dll
deleting local copy: uuiplat.dll
deleting local copy: wdhde.dll
deleting local copy: wdhde.dll
deleting local copy: WTDMPS.dll
deleting local copy: WTDMPS.dll

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\dnl4013qe.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\afmeter.dll
C:\WINDOWS\system32\aimparse.dll
C:\WINDOWS\system32\apvapi32.dll
C:\WINDOWS\system32\asstream.dll
C:\WINDOWS\system32\astiveds.dll
C:\WINDOWS\system32\cdrpol.dll
C:\WINDOWS\system32\cdrpol.dll
C:\WINDOWS\system32\damstor.dll
C:\WINDOWS\system32\damstor.dll
C:\WINDOWS\system32\dfband.dll
C:\WINDOWS\system32\dfband.dll
C:\WINDOWS\system32\dhprov.dll
C:\WINDOWS\system32\dhprov.dll
C:\WINDOWS\system32\djkquota.dll
C:\WINDOWS\system32\djkquota.dll
C:\WINDOWS\system32\dnl4013qe.dll
C:\WINDOWS\system32\dYtime.dll
C:\WINDOWS\system32\dYtime.dll
C:\WINDOWS\system32\en8ml1l11.dll
C:\WINDOWS\system32\fnj0211mg.dll
C:\WINDOWS\system32\fnj0211mg.dll
C:\WINDOWS\system32\ijm32.dll
C:\WINDOWS\system32\iump.dll
C:\WINDOWS\system32\iump.dll
C:\WINDOWS\system32\kgdfc.dll
C:\WINDOWS\system32\khdgae.dll
C:\WINDOWS\system32\krdfc.dll
C:\WINDOWS\system32\kudtuq.dll
C:\WINDOWS\system32\MKIMTF.dll
C:\WINDOWS\system32\MKIMTF.dll
C:\WINDOWS\system32\MTPRPDE.DLL
C:\WINDOWS\system32\mugina.dll
C:\WINDOWS\system32\mugina.dll
C:\WINDOWS\system32\mzconf.dll
C:\WINDOWS\system32\mzconf.dll
C:\WINDOWS\system32\qcv.dll
C:\WINDOWS\system32\qcv.dll
C:\WINDOWS\system32\snell32.dll
C:\WINDOWS\system32\tvappcmp.dll
C:\WINDOWS\system32\utlmon.dll
C:\WINDOWS\system32\utlmon.dll
C:\WINDOWS\system32\uuiplat.dll
C:\WINDOWS\system32\uuiplat.dll
C:\WINDOWS\system32\wdhde.dll
C:\WINDOWS\system32\wdhde.dll
C:\WINDOWS\system32\WTDMPS.dll
C:\WINDOWS\system32\WTDMPS.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DD234734-435F-45B6-BD31-8D2EA10C9B23}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DD234734-435F-45B6-BD31-8D2EA10C9B23}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DD234734-435F-45B6-BD31-8D2EA10C9B23}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DD234734-435F-45B6-BD31-8D2EA10C9B23}\InprocServer32]
@="C:\\WINDOWS\\system32\\snell32.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{DD234734-435F-45B6-BD31-8D2EA10C9B23}"=-
[-HKEY_CLASSES_ROOT\CLSID\{DD234734-435F-45B6-BD31-8D2EA10C9B23}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
C:\WINDOWS\System32\DD234734-435F-45B6-BD31-8D2EA10C9B23.reg
Checking for L2MFix account(0=no 1=yes):
0
adding: dlls/afmeter.dll (164 bytes security) (deflated 5%)
adding: dlls/aimparse.dll (164 bytes security) (deflated 4%)
adding: dlls/apvapi32.dll (164 bytes security) (deflated 4%)
adding: dlls/asstream.dll (164 bytes security) (deflated 4%)
adding: dlls/astiveds.dll (164 bytes security) (deflated 5%)
adding: dlls/cdrpol.dll (164 bytes security) (deflated 48%)
adding: dlls/damstor.dll (164 bytes security) (deflated 48%)
adding: dlls/dfband.dll (164 bytes security) (deflated 48%)
adding: dlls/dhprov.dll (164 bytes security) (deflated 48%)
adding: dlls/djkquota.dll (164 bytes security) (deflated 48%)
adding: dlls/dnl4013qe.dll (164 bytes security) (deflated 6%)
adding: dlls/dYtime.dll (164 bytes security) (deflated 48%)
adding: dlls/en8ml1l11.dll (164 bytes security) (deflated 4%)
adding: dlls/fnj0211mg.dll (164 bytes security) (deflated 48%)
adding: dlls/ijm32.dll (164 bytes security) (deflated 4%)
adding: dlls/iump.dll (164 bytes security) (deflated 48%)
adding: dlls/kgdfc.dll (164 bytes security) (deflated 6%)
adding: dlls/khdgae.dll (164 bytes security) (deflated 5%)
adding: dlls/krdfc.dll (164 bytes security) (deflated 4%)
adding: dlls/kudtuq.dll (164 bytes security) (deflated 5%)
adding: dlls/MKIMTF.dll (164 bytes security) (deflated 48%)
adding: dlls/MTPRPDE.DLL (164 bytes security) (deflated 6%)
adding: dlls/mugina.dll (164 bytes security) (deflated 48%)
adding: dlls/mzconf.dll (164 bytes security) (deflated 48%)
adding: dlls/qcv.dll (164 bytes security) (deflated 48%)
adding: dlls/snell32.dll (164 bytes security) (deflated 6%)
adding: dlls/tvappcmp.dll (164 bytes security) (deflated 4%)
adding: dlls/utlmon.dll (164 bytes security) (deflated 48%)
adding: dlls/uuiplat.dll (164 bytes security) (deflated 48%)
adding: dlls/wdhde.dll (164 bytes security) (deflated 48%)
adding: dlls/WTDMPS.dll (164 bytes security) (deflated 48%)
Seitenanfang Seitenende
10.12.2005, 19:34
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Hallo@ gsg9gag

wende CleanUp an
http://virus-protect.org/cleanup.html

kopiere hier die 4 Textdateien
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1