Popups noch immer da :(

#0
25.12.2005, 14:43
Member

Beiträge: 12
#1 Habe schon saemtliche Trojaner geloescht (KAV) und AdAware hat auch ca 300 infizierte files gefunden und geloescht.
Danach hab ich hijack ausgefuehrt und ausgewertet, und einiges geloescht.
Es kommen aber trotzdem noch alle paar minuten popups, meistesns mit der endung yyy102.html
Bitte um hilfe wie ich das system endgueltig sauber machen kann (ohne zu formatieren)
hier das logfile:

Logfile of HijackThis v1.99.1
Scan saved at 14:33:07, on 2005-12-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\BO¯ENKA\Pulpit\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = £¹cza
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BC24D30-EE1D-4933-9C95-C31A02F920DF}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\jt6407jqe.dll
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Seitenanfang Seitenende
25.12.2005, 16:12
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 azul...blau ;)

arbeite option 1 und 2 ab
http://virus-protect.org/l2mfix.html

und poste jedesmal den scanreport

-----------------------------------------------
+
Hoster.zip -> anwenden
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.12.2005, 17:28
Member

Themenstarter

Beiträge: 12
#3 Soll ich das erste logfile hier einfuegen? das ist unendlich lang :-/

Hier das logfile von schritt 2:

L2mfix Beta 121605
Creating Account.
Polecenie zostaˆo wykonane pomy˜lnie.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 72%)
Seitenanfang Seitenende
25.12.2005, 17:31
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 dann waehle nun noch mal option 1 und poste den scanreport (komplett)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.12.2005, 17:39
Member

Themenstarter

Beiträge: 12
#5 L2MFIX find log 121605
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OemStartMenuData]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\jt6407jqe.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{5863CDD5-07B6-926E-6D36-A62D54B39E60}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Zarz¥dzanie skanerem ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob¢w"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usˆugi DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt¢w Microsoft Windows Network"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Zarz¥dzanie monitorem ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Zarz¥dzanie drukark¥ ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik¢w"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt¢wka"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob¢w"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Poˆ¥czenia sieciowe"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Poˆ¥czenia sieciowe"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt¢w systemu Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwi©kszonej"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwi©kszonej 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przegl¥darki Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi¢w"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupeˆnianie Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz¢w Trident"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ˜ledzenia"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla u¾ytkownika"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder¢w"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Mened¾er aplikacji powˆoki"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniaj¥cy miniatury plik¢w"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowuj¥ce obsˆugi miniatur (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta u¾ytkownik¢w"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik¢w trybu offline"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os¢b..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{8FF43EAA-2BB1-4A53-8E18-D9221E56E593}"="CePMTab Property Sheet"
"{9ED66769-A198-41FE-8615-601691C68846}"="TouchPad Property Sheet"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Foldery w sieci Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{537C0870-9C20-4AB1-B31D-252105539230}"=""
"{3546C756-43D6-4603-985E-A8D22DA03E46}"=""
"{2408DB41-995C-475F-ADE4-0447EAFA08D8}"=""
"{4DB39083-C085-43AD-80EF-DA11E48E0F32}"=""
"{D0D13B61-BB1E-404E-BFD1-35F9565408B8}"=""
"{4F75F15E-408F-4565-AC75-78FBC17BCCD8}"=""
"{58C247D9-B006-4822-9F82-8A71DF126DBE}"=""
"{9A2074ED-8A5B-42BD-901C-5B2A3FCC43DB}"=""
"{70FDD159-A434-4A8C-91FF-90AF6D0EE343}"=""
"{695D47D0-D08A-4529-9785-4F137A595199}"=""
"{FA66395A-E29C-4E1B-BA96-42A0E55BA558}"=""
"{0D1A4A80-03EB-44F1-BC01-257C3063C73C}"=""
"{9C9CDB15-8E9F-40FE-8BE5-13F86E7E9E88}"=""
"{CE893C8F-56E6-4667-B8EB-DA56EC8EEEE5}"=""
"{11674263-0505-4965-BF2C-E0C1779AD795}"=""
"{573C73DF-1384-4B24-9B75-F7E4110C2398}"=""
"{5AA44583-8F21-40DB-AEB9-A9A5BD73091F}"=""
"{E7EF76F1-945F-4F48-B59D-98B0ADF6A690}"=""
"{2AF4A946-EEF5-4E42-BCB1-11D5CDE8556D}"=""
"{B85CDA73-6172-41E9-839D-1749AD3BE1D3}"=""
"{73096CF1-F8FC-4FB0-8AEB-92F03682BB6F}"=""
"{FE8C2875-16CA-463B-85E4-EFD43A551F80}"=""
"{729AE04D-9655-4F05-9FC1-0BEAF072EF26}"=""
"{2F6A206C-4B03-4B65-A952-37A7C896A39B}"=""
"{DA9B272F-963E-447B-80E1-DF5FBDEE6B66}"=""
"{12704A61-6BB4-4636-B13C-02FB6B680478}"=""
"{2C8A1233-7F02-4DBE-ADB7-8AB23EF99B25}"=""
"{D8C6AE7F-8CCE-4970-AA72-F1E9BBA4EE0A}"=""
"{D6D4E1C8-D503-4ADF-B6E4-D4932D88833E}"=""
"{8405B746-4938-4257-8617-F5E4801A9EB7}"=""
"{6728A0A5-5795-49C9-AFC5-44BE8EDF7507}"=""
"{703ED55F-30B4-45A0-AD5C-7DD3BB5D5C69}"=""
"{552A2AE4-241B-4A74-A43D-BE7CD7D1B3D2}"=""
"{EBEDA22C-A6F8-49AF-872A-E30943825F6D}"=""
"{92B39BE4-50B6-4913-98FD-D136D7853D21}"=""
"{F5E3C46C-C6D3-4EE6-BB84-F76EF535199C}"=""
"{EB3F98AC-9E00-44A7-832A-E18CBF483F7E}"=""
"{9F92ACEB-A591-4D9F-8984-D8525111BAC9}"=""
"{71043C5A-55F6-4207-AF4C-1FD16FA8DDD6}"=""
"{EC8EE1B7-DFC5-48DF-B16B-4CDDAA14F24B}"=""
"{55D9FFB1-C668-489E-9F4E-A92C71AD7181}"=""
"{D8B2D97B-8787-4C78-BD61-02FF3EE01D03}"=""
"{4B770D43-6EE0-44C3-AB6B-BCB0E0257F8E}"=""
"{35C71321-1867-4503-9BAB-DDFD2301FAB8}"=""
"{8AFFB42E-42DF-4044-8550-1E5706A9A0F6}"=""
"{7476E047-4A7B-4570-A362-1D78D0325ECE}"=""
"{0E8613BF-E36C-45D0-87E7-2C108F288319}"=""
"{97297573-2F9B-4F9F-AAB7-277549923933}"=""
"{7D6D313F-9F2A-401C-9582-6FBAB5D3592D}"=""
"{5CD7B9BA-CA61-401B-9CEC-5482AEF6D04C}"=""
"{929ADA20-18E2-4592-BF20-128057C40BDC}"=""
"{0EF9BCBB-CDB3-465A-B330-B8192488AF10}"=""
"{B9D0324A-D818-4533-82F8-17207ADECA99}"=""
"{4C5CF721-10BD-4826-8DD5-29D40BB396A7}"=""
"{7A86C947-D42C-4F65-A458-6496379B9CD3}"=""
"{BB454ADD-6FB4-4C42-B362-1A5FC8F3A875}"=""
"{313C434B-DF9D-409D-A3D4-CD20B35C7CBD}"=""
"{3EC7DD7F-F635-467B-9D33-0D3921CC6755}"=""
"{DE83419B-2AA4-4F7D-B516-7871522F0AA9}"=""
"{D1EF0BB3-C7C3-49A2-B229-A0693BA2E087}"=""
"{B1044A1A-4AE0-4560-8137-5A1E50A8619C}"=""
"{C9F32951-BB28-4601-ABA9-3AC2664F4E53}"=""
"{CA2BDD6C-C422-4373-8E63-516C8EDCE7CB}"=""
"{B83E67E8-2849-415C-B70F-C066DD7F77D4}"=""
"{9F99378C-54D8-4AF6-AFA0-ED5F1CAC083A}"=""
"{E0238F22-5090-48C1-8B23-973C221F2826}"=""
"{D590713A-C510-43F2-8A71-8EEC3E3E4926}"=""
"{51CFB6B3-6185-4FBD-8CBB-3A37C59FC5D8}"=""
"{36D4C870-6E5E-44CC-9013-6AEE54D9A7F6}"=""
"{7DB0B42D-D940-428D-8C41-05CBAB29B95A}"=""
"{E2BA92F9-5D30-4B85-886F-F00A5C460BF6}"=""
"{FC33C608-64F1-4B2C-9BA2-89F79DDA992B}"=""
"{F19592D2-B0C5-48EF-AE6C-04057480B1E1}"=""
"{822F81FD-B6D7-4A25-B06B-2AD05303F326}"=""
"{0E77B270-C89C-44D5-A7AB-6A8CB99447A6}"=""
"{0A667D48-12C2-4DE1-8A2A-3E2FFD785688}"=""
"{9AEF9E8A-D3C6-4AD9-94F9-E4BE23FF2B9D}"=""
"{FBDEF236-6777-4DE3-BC90-5B77EAC08916}"=""
"{44F29D0A-0989-404B-A57A-11B4A18C156B}"=""
"{F418C667-7478-4CA3-A467-CBBDE20CB316}"=""
"{E8240E3A-2B78-468B-89C6-58AB85A2DBCC}"=""
"{DB59A857-55DC-4401-8989-FC646F5C0E3E}"=""
"{11A5C361-EF92-4747-8781-781DCED19470}"=""
"{4C975007-119E-4F49-A626-5B05DEDCCE7B}"=""
"{07F74F6A-ABBF-43C3-962F-AF99F4649747}"=""
"{D03E7422-57AF-4916-A89F-2994E2F7FC88}"=""
"{5ED1E385-535E-46C1-9786-69B7626FC160}"=""
"{8DC2B07D-167D-425E-9CBD-4177A2B4232A}"=""
"{A2ECBD50-2FBD-47DC-B806-1583A1D9AED6}"=""
"{472B7C8B-0FC4-47BD-912A-A9E201B8848E}"=""
"{5D9973A4-9522-4485-8F9E-5860F98F22B7}"=""
"{D7E38239-F334-4E3A-B118-75EA42ADE2F0}"=""
"{97891A45-2162-488D-927F-D3D27172B817}"=""
"{662D02A4-6EF8-47C2-984B-7B0A833689A2}"=""
"{0C6E35EC-A5D9-4AFE-A1D0-EC4180E84B51}"=""
"{62BCD537-641A-4434-996A-6ABC76F49EAD}"=""
"{E247E2ED-6D03-4C30-8FA4-ED00796E944A}"=""
"{B476D5D4-801B-4983-BCA8-EEEBAD553AAE}"=""
"{68B6F1B0-9DF3-469F-9826-7A7C32D12A48}"=""
"{C2772120-C01F-45D7-801B-E7E09B120B6A}"=""
"{A5C55E3B-F16C-4290-9189-9882C347EE2D}"=""
"{248F46E3-4A93-4911-B0B4-6B501CFF446F}"=""
"{B664EDE1-9381-4DA7-B6CF-FC5349A2F3F9}"=""
"{C1E14D17-9819-4F2B-A843-E268A09BA90F}"=""
"{E3775B19-B587-4D68-9FF4-D26E73FC7BA8}"=""
"{A5ACA207-9847-4967-9FB3-CE874A85312F}"=""
"{292F48FD-5289-44BF-BA48-73A668AFF401}"=""
"{F8B8CF9E-0A04-47B8-8858-CD0CB3B64BC8}"=""
"{73E7FDE7-6CB4-4D40-BD6D-67F003E1CBBB}"=""
"{E63DBA6E-A517-40B0-B97D-62FE2C39F605}"=""
"{6975D839-0871-4CA3-8DC2-61A2D98F4340}"=""
"{7BC4F2DB-0AF8-4A75-8576-3B659726A52D}"=""
"{DB29F7EF-611A-4EAF-AD67-5D9AE2CA9B74}"=""
"{A630E681-DD30-47E5-AC5B-92B7C3EE85C2}"=""
"{711311CC-F707-4A0E-9707-8D5566114773}"=""
"{5B88B76C-1CA4-40D3-96D9-D104F9BF6AF0}"=""
"{865CBA00-0E50-4999-A3FD-3C083B871B13}"=""
"{683CBE95-8F1A-47D7-8B52-9FB3B9ED06D4}"=""
"{D200890A-29A4-49D8-80ED-D86A279A7FC0}"=""
"{DCA80309-2FA6-45FE-A5CB-24D150AB577F}"=""
"{615D15F9-CCD0-47BB-B28E-C041A51FE1E8}"=""
"{D4CF8A71-0F71-4491-91AA-80DE8D90DD8B}"=""
"{B7B19BBC-7AE0-49A1-8DD1-11F550E021C0}"=""
"{7E698376-4C8F-4BC7-84FC-D8CE930C9B23}"=""
"{BF46F3CF-C254-49F0-83AF-CB87B5528AE7}"=""
"{59C4378C-9146-45F9-B73B-DCB2B66195E0}"=""
"{22006697-6EF7-4880-BF4A-530784F88F74}"=""
"{B80C8A72-78DA-4C8C-A36C-EA371776411E}"=""
"{5C3D992D-02E0-4F8D-B286-A5F5043F4DD7}"=""
"{177244D4-38E1-4F7C-A733-2C60A4165C4A}"=""
"{9794E7DC-1080-4DCA-B0DF-810551FDB485}"=""
"{C72556C9-0F16-468C-AEFD-5285E610B03E}"=""
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Strona wˆa˜ciwo˜ci Poprzednie wersje"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Poprzednie wersje"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{08B53F12-BA65-4FDD-ABDD-91C96AF84ECD}"=""
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr¢t kanaˆu"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{0DC0EE5A-CB3C-490E-A5F1-4F3FA2C3CB9F}"=""
"{FA87B703-169A-4F6B-97C1-BB79C24EEC27}"=""
"{732B76EA-DF5C-4EAD-BB35-617FDE4CDF88}"=""
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{5E3B7435-1EB6-4C1F-B6F3-DB5E991A9840}"=""
"{24D5FC13-1DCF-45CE-A54E-CC98CAA6AF39}"=""
"{72A6D3CD-8D5D-496E-857A-8920DA4F1836}"=""
"{6F72F3E7-ED6A-4145-A332-B93E9405835E}"=""
"{16399E30-5583-4B95-81E3-DF558F33CAB6}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{537C0870-9C20-4AB1-B31D-252105539230}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{537C0870-9C20-4AB1-B31D-252105539230}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{537C0870-9C20-4AB1-B31D-252105539230}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{537C0870-9C20-4AB1-B31D-252105539230}\InprocServer32]
@="C:\\WINDOWS\\system32\\cNpesnpn.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3546C756-43D6-4603-985E-A8D22DA03E46}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3546C756-43D6-4603-985E-A8D22DA03E46}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3546C756-43D6-4603-985E-A8D22DA03E46}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3546C756-43D6-4603-985E-A8D22DA03E46}\InprocServer32]
@="C:\\WINDOWS\\system32\\soprv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2408DB41-995C-475F-ADE4-0447EAFA08D8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2408DB41-995C-475F-ADE4-0447EAFA08D8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2408DB41-995C-475F-ADE4-0447EAFA08D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2408DB41-995C-475F-ADE4-0447EAFA08D8}\InprocServer32]
@="C:\\WINDOWS\\system32\\khdsl1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4DB39083-C085-43AD-80EF-DA11E48E0F32}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DB39083-C085-43AD-80EF-DA11E48E0F32}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DB39083-C085-43AD-80EF-DA11E48E0F32}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DB39083-C085-43AD-80EF-DA11E48E0F32}\InprocServer32]
@="C:\\WINDOWS\\system32\\sadoclc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D0D13B61-BB1E-404E-BFD1-35F9565408B8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0D13B61-BB1E-404E-BFD1-35F9565408B8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0D13B61-BB1E-404E-BFD1-35F9565408B8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0D13B61-BB1E-404E-BFD1-35F9565408B8}\InprocServer32]
@="C:\\WINDOWS\\system32\\iEsnap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4F75F15E-408F-4565-AC75-78FBC17BCCD8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F75F15E-408F-4565-AC75-78FBC17BCCD8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F75F15E-408F-4565-AC75-78FBC17BCCD8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F75F15E-408F-4565-AC75-78FBC17BCCD8}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Seitenanfang Seitenende
25.12.2005, 18:17
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 du hast option 2 nicht korrekt abgearbeit, die malware ist noch drauf und das gepostete log entspricht auch nicht demjenigen, was ich normalerweise zu sehen bekomme.

Zitat

Schließen Sie alle offenen Programme , da der nächste Schritt einen Neustart erfordert. Klicken Sie erneut auf l2mfix.bat und tippen Sie 2 ein --- [Enter].

# Drücken Sie eine beliebige Taste, um einen Systemneustart einzuleiten.

# Nach dem Neustart, werden Ihre Icons auf dem Desktop kurz erscheinen und kurz verschwinden - dies ist NORMAL.

Nach dem Neustart, unmittelbar nach der Anmeldung ist jetzt eine DOS box gekommen, gleich danach eine Fehlermeldung. Fehlermeldung wurde von mir mit ok bestätigt und dann kam nach ein paar Minuten ein neues Log:

# L2mfix wird den Systemscan fortsetzen und wenn es fertig ist, wird sich Notepad öffnen und einen Log anzeigen.

wenn kein Log erscheinen sollte: doppelclick -> second.bat

Kopieren Sie auch diesen hier in den Thread/ins Forum (Strg+C & Strg+V) oder wieder mit der rechten Maustaste

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.12.2005, 19:19
Member

Themenstarter

Beiträge: 12
#7 Waehrend dem ausfuehren kommt die fehlermeldung "datei nicht gefunden" oder so aehnlich. ich habs nochmal ausgefuehrt und hier ist das logfile:


L2mfix Beta 121605
Creating Account.
Polecenie zostaˆo wykonane pomy˜lnie.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
updating: backregs/notibac.reg (164 bytes security) (deflated 87%)


WAS MACHE ICH FALSCH???

edit: was ist eigentlich mit diesem hoster.zip? muss ich das auch ausfueheren?
Dieser Beitrag wurde am 25.12.2005 um 19:22 Uhr von azul editiert.
Seitenanfang Seitenende
25.12.2005, 19:29
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8

Zitat

Nach dem Neustart, unmittelbar nach der Anmeldung ist jetzt eine DOS box gekommen, gleich danach eine Fehlermeldung. Fehlermeldung wurde von mir mit ok bestätigt und dann kam nach ein paar Minuten ein neues Log:
ist es das log was erscheint, nach dem du obriges ausgefuehrt hast????
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.12.2005, 19:39
Member

Themenstarter

Beiträge: 12
#9 nein, die fehlermeldung kommt vor dem reboot, also nachdem ich option 2 auswaehle, und bevor ich eine taste zum reboooten druecke.
ich muss mich auch normal einloggen nach dem neustart, wenn ich mch richtig erinnere ist da etwas von automatischem einloggen gestanden.
es kommt nach dem reboot eigentlich keine meldung, kein fenster, garnichts.

HIILFFEEEE!!! ich schmeiss dieses mistding gleich aus dem fenster!!!

ich kann nicht mal n windiws update machen, weil er sagt irgendwas mit dem key passt nicht.
wenn ich eine XP cd haette, haette ich wahrscheinlich schon laengst format c: gemacht.
Ich hab aber nur eine besch****** Produvt recovery CD die beim Laptop dabei war, die hilft mir nicht weiter.
Seitenanfang Seitenende
25.12.2005, 20:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 loeschen wir den Look2Me manuell:

http://virus-protect.org/cleanup.html
wende Cleanup genau nach Anweisung ab

kopiere die 4 Textdateien /2 Monate
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.12.2005, 22:58
Member

Themenstarter

Beiträge: 12
#11 Hab ich soweit gemacht:

Katalog: C:\WINDOWS\system32

2005-12-25 22:43 235ÿ601 guard.tmp
2005-12-25 22:41 235ÿ601 shmapi.dll
2005-12-25 22:39 235ÿ224 lv4609hse.dll
2005-12-25 19:33 1ÿ180 wpa.dbl
2005-12-25 19:11 235ÿ224 cdb.dll
2005-12-25 19:11 235ÿ601 jtpo0773e.dll
2005-12-25 19:07 52 direct.txt
2005-12-25 17:16 235ÿ910 q6860glse6q60.dll
2005-12-25 14:11 235ÿ224 jtr4079qe.dll
2005-12-24 11:23 235ÿ224 kjdbe.dll
2005-12-24 11:23 235ÿ651 jt2407fqe.dll
2005-12-24 11:09 235ÿ224 sXdoclc.dll
2005-12-24 11:09 237ÿ195 enpul1791.dll
2005-12-24 10:57 236ÿ950 aza4la1q1d.dll
2005-12-24 01:53 235ÿ224 mvj2l91o1.dll
2005-12-24 00:19 235ÿ224 urdmxfrm.dll
2005-12-24 00:17 234ÿ829 irjol5131.dll
2005-12-24 00:11 234ÿ829 cuosys.dll
2005-12-22 18:14 234ÿ829 sqlgntfy.dll
2005-12-22 18:02 234ÿ829 lhnkinfo.dll
2005-12-22 16:40 234ÿ255 q0860alsedq60.dll
2005-12-22 16:33 234ÿ255 iPlmgdev.dll
2005-12-22 16:20 235ÿ336 fp2m03f1e.dll
2005-12-22 16:20 234ÿ255 svfolder.dll
2005-12-22 16:20 235ÿ776 en2ql1f51.dll
2005-12-22 15:56 234ÿ255 dwvoice.dll
2005-12-22 15:54 237ÿ299 mv6sl9j71.dll
2005-12-22 15:45 237ÿ299 unat.dll
2005-12-22 11:26 237ÿ299 mmsec.dll
2005-12-22 11:23 233ÿ303 gpl0l33m1.dll
2005-12-22 11:23 237ÿ299 dgprpres.dll
2005-12-22 11:21 427 QuickTimeFavorites.qtr
2005-12-22 11:21 0 QuickTime.qtp
2005-12-22 10:56 237ÿ299 fp6803jue.dll
2005-12-21 20:49 237ÿ230 lv0u09d9e.dll
2005-12-21 12:25 237ÿ299 oxbcbcp.dll
2005-12-17 21:14 237ÿ230 iifxress.dll
2005-12-15 19:09 237ÿ230 wecsvc.dll
2005-12-12 20:15 237ÿ230 pXpgraph.dll
2005-12-10 13:29 237ÿ299 iaetppui.dll
2005-12-09 10:19 237ÿ299 dywsock.dll
2005-12-08 16:25 2ÿ721ÿ632 MRT.exe
2005-12-06 10:25 235ÿ866 jtpq0775e.dll
2005-12-06 09:34 237ÿ230 ioetpp.dll
2005-12-05 19:40 235ÿ866 mudex.dll
2005-12-02 20:42 235ÿ866 pcchdprf.dll
2005-12-01 04:34 1ÿ492ÿ480 shdocvw.dll
2005-11-29 20:28 237ÿ230 jN2q0if5e82.dll
2005-11-28 19:06 0 o0pq0a75ed.dll
2005-11-28 19:03 235ÿ866 carsrv.dll
2005-11-28 16:40 235ÿ866 l86o0ij3e8o.dll
2005-11-27 12:37 234ÿ150 k408ledu1h08.dll
2005-11-27 12:37 236ÿ026 r28slcl71fq.dll
2005-11-27 12:06 236ÿ026 hbui.dll
2005-11-24 21:05 235ÿ866 ote32.dll
2005-11-24 01:39 3ÿ013ÿ632 mshtml.dll
2005-11-24 01:39 1ÿ022ÿ464 browseui.dll
2005-11-20 21:31 235ÿ866 h0j4la1q1d.dll
2005-11-19 20:10 235ÿ866 m0820aloedqc0.dll
2005-11-18 19:14 432ÿ808 perfh015.dat
2005-11-18 19:14 68ÿ466 perfc015.dat
2005-11-18 19:14 386ÿ364 perfh009.dat
2005-11-18 19:14 55ÿ454 perfc009.dat
2005-11-18 19:14 952ÿ446 PerfStringBackup.INI
2005-11-18 19:05 196ÿ160 FNTCACHE.DAT
2005-11-17 19:24 234ÿ651 n22u0cf9ef2.dll
2005-11-17 18:39 234ÿ651 sbclient.dll
2005-11-16 23:11 235ÿ866 dbvxdec_040c.dll
2005-11-16 20:51 236ÿ244 gprql3951.dll
2005-11-16 19:02 234ÿ651 wxvdmoe2.dll
2005-11-16 16:27 234ÿ196 kt66l7js1.dll
2005-11-15 23:00 236ÿ122 dnr8019ue.dll
2005-11-15 21:06 236ÿ122 mbrdim.dll
2005-11-13 14:30 234ÿ196 dcnput.dll
2005-11-13 14:10 236ÿ122 somsg.dll
2005-11-13 10:46 236ÿ902 r08s0al7edq.dll
2005-11-13 10:46 234ÿ196 pdrfproc.dll
2005-11-13 10:46 234ÿ918 l22s0cf7ef2.dll
2005-11-13 10:43 236ÿ122 lrcmgr10.dll
2005-11-13 10:40 234ÿ196 jt6007jme.dll
2005-11-13 10:26 234ÿ196 khdes.dll
2005-11-13 09:56 288 $winnt$.inf
2005-11-13 09:51 16ÿ832 amcompat.tlb
2005-11-13 09:51 23ÿ392 nscompat.tlb
2005-11-13 09:49 488 logonui.exe.manifest
2005-11-13 09:49 488 WindowsLogon.manifest
2005-11-13 09:49 749 sapi.cpl.manifest
2005-11-13 09:49 749 nwc.cpl.manifest
2005-11-13 09:49 749 wuaucpl.cpl.manifest
2005-11-13 09:49 749 ncpa.cpl.manifest
2005-11-13 09:49 749 cdplayer.exe.manifest
2005-11-13 09:47 23ÿ988 emptyregdb.dat
2005-11-13 09:46 580 mapisvc.inf
2005-11-13 08:51 237ÿ269 nkdsbcli.dll
2005-11-13 08:22 237ÿ076 iexrip.dll
2005-11-13 07:58 237ÿ269 qaut.dll
2005-11-12 23:31 237ÿ076 fvfilter.dll
2005-11-12 23:01 235ÿ654 pIp.dll
2005-11-12 22:53 235ÿ654 rrched20.dll
2005-11-12 22:26 83 OEMINFO.INI
2005-11-12 22:01 235ÿ651 j82q0if5e82.dll
2005-11-12 19:11 235ÿ651 Sacomp91.dll
2005-11-11 16:01 234ÿ275 wsaudsdk.dll
2005-11-11 13:41 235ÿ651 fisext32.dll
2005-11-10 21:04 235ÿ651 cTtsrvps.dll
2005-11-10 11:35 234ÿ098 ubbmon.dll
2005-11-09 22:38 235ÿ651 bdowseui.dll
2005-11-08 20:55 234ÿ098 mkjava.dll
2005-11-07 19:04 235ÿ651 wzhirda.dll
2005-11-07 17:01 234ÿ098 iyeshare.dll
2005-11-06 22:15 235ÿ651 rZsmontr.dll
2005-11-06 21:18 235ÿ651 sbdpsrv.dll
2005-11-06 21:08 236ÿ722 dnlq0135e.dll
2005-11-06 18:21 235ÿ675 q8psli7718.dll
2005-11-06 11:18 235ÿ675 HIODXPAT.DLL
2005-11-05 22:16 235ÿ651 mkricons.dll
2005-11-05 21:46 235ÿ651 fdntext.dll
2005-11-05 20:27 235ÿ762 mv44l9hq1.dll
2005-11-05 19:48 235ÿ762 szdoclc.dll
2005-11-05 17:02 233ÿ878 agtxprxy.dll
2005-11-05 04:18 605ÿ184 urlmon.dll
2005-11-05 04:18 1ÿ055ÿ744 danim.dll

2005-11-04 11:01 233ÿ878 rzm.dll
2005-11-04 10:52 234ÿ276 k8800ilme8qa0.dll
2005-11-03 23:20 236ÿ727 kt08l7du1.dll
2005-11-03 22:43 236ÿ727 kcdgr.dll
2005-11-03 20:59 236ÿ727 CsEPPolicy.dll
2005-11-03 20:42 766 !!! CANADIAN PHARMACY FOR THE LOWEST PRICES !!!.ico
2005-11-03 20:42 4ÿ534 !!! LEGAL SOFTWARE SALE - SAVE HUNDREDS OF DOLLARS !!!.ico
2005-11-03 20:42 0 popup_bl.dll
2005-11-03 19:17 236ÿ926 r66u0gj9e6o.dll
2005-11-03 19:17 236ÿ372 cnprops.dll
2005-11-02 19:21 236ÿ372 avvpack.dll
2005-11-01 23:46 236ÿ372 mgacm.dll
2005-11-01 17:12 236ÿ529 gpn6l35s1.dll
2005-11-01 15:37 236ÿ529 n64slgh7164.dll
2005-11-01 10:43 233ÿ932 k0pmla711d.dll
2005-10-31 19:24 236ÿ529 r2p8lc7u1f.dll
2005-10-29 22:26 233ÿ932 pqwma.dll
2005-10-26 18:11 236ÿ372 dnj2011oe.dll
2005-10-26 12:59 234ÿ770 iTlmrnt5.dll
2005-10-23 20:55 236ÿ795 ktn2l75o1.dll



Katalog: C:\DOCUME~1\BOENKA~1\USTAWI~1\Temp



Katalog: C:\WINDOWS

2005-12-25 22:41 4ÿ194 ModemLog_TOSHIBA Software Modem AMR.txt
2005-12-25 22:41 1ÿ849ÿ250 WindowsUpdate.log
2005-12-25 22:41 300 wiadebug.log
2005-12-25 22:41 50 wiaservc.log
2005-12-25 22:41 0 0.log
2005-12-25 22:41 2ÿ048 bootstat.dat
2005-12-25 22:39 32ÿ542 SchedLgU.Txt
2005-12-25 19:28 179ÿ173 setupapi.log
2005-12-25 17:59 49 NeroDigital.ini
2005-12-24 14:59 177 DelDir.BEN
2005-12-24 14:43 501ÿ760ÿ000 MEMORY.DMP
2005-12-22 17:40 192 winamp.ini
2005-12-16 23:22 406ÿ457 iis6.log
2005-12-16 23:22 14ÿ769 tabletoc.log
2005-12-16 23:22 20ÿ711 ocmsn.log
2005-12-16 23:22 1ÿ393 imsins.log
2005-12-16 23:22 180ÿ778 tsoc.log
2005-12-16 23:22 96ÿ765 ntdtcsetup.log
2005-12-16 23:22 167ÿ157 comsetup.log
2005-12-16 23:22 9ÿ516 KB910437.log
2005-12-16 23:22 45ÿ677 netfxocm.log
2005-12-16 23:22 18ÿ931 MedCtrOC.log
2005-12-16 23:22 206ÿ299 ocgen.log
2005-12-16 23:22 19ÿ350 msgsocm.log
2005-12-16 23:22 459ÿ446 FaxSetup.log
2005-12-16 23:22 94ÿ520 msmqinst.log
2005-12-16 23:22 18ÿ010 updspapi.log
2005-12-16 23:22 1ÿ393 imsins.BAK
2005-12-16 23:22 16ÿ731 KB905915.log
2005-12-16 00:01 3ÿ383ÿ831 setupapi.log.1.old
2005-12-10 11:02 161ÿ218 DirectX.log
2005-12-05 20:07 24ÿ296 icont.exe
2005-11-26 16:41 400ÿ506 wmsetup.log
2005-11-26 16:28 9ÿ377 wmsetup10.log
2005-11-18 00:21 29ÿ925 KB899587.log
2005-11-18 00:21 29ÿ029 KB896422.log
2005-11-18 00:20 28ÿ892 KB885835.log
2005-11-18 00:20 27ÿ753 KB885836.log
2005-11-18 00:20 28ÿ571 KB885250.log
2005-11-18 00:19 28ÿ718 KB901017.log
2005-11-18 00:19 29ÿ044 KB899591.log
2005-11-18 00:19 29ÿ350 KB896424.log
2005-11-18 00:18 28ÿ715 KB893756.log
2005-11-18 00:18 26ÿ699 KB896423.log
2005-11-18 00:18 26ÿ247 KB873339.log
2005-11-18 00:17 26ÿ306 KB888113.log
2005-11-18 00:17 26ÿ872 KB887742.log
2005-11-18 00:17 26ÿ263 KB887472.log
2005-11-18 00:17 27ÿ634 KB896358.log
2005-11-18 00:16 26ÿ361 KB891781.log
2005-11-18 00:16 32ÿ835 KB902400.log
2005-11-18 00:15 23ÿ388 KB890046.log
2005-11-18 00:15 21ÿ413 KB896688.log
2005-11-18 00:15 20ÿ073 KB893066.log
2005-11-18 00:14 20ÿ097 KB899589.log
2005-11-18 00:14 20ÿ421 KB905414.log
2005-11-18 00:14 19ÿ713 KB901214.log
2005-11-18 00:13 18ÿ212 KB888302.log
2005-11-18 00:13 20ÿ788 KB900725.log
2005-11-18 00:13 12ÿ639 KB886185.log
2005-11-18 00:13 20ÿ492 KB904706.log
2005-11-18 00:12 20ÿ755 KB905749.log
2005-11-18 00:12 19ÿ535 KB896428.log
2005-11-18 00:12 20ÿ304 KB894391.log
2005-11-18 00:12 20ÿ532 KB890859.log
2005-11-17 02:15 8ÿ998 KB893803v2.log
2005-11-17 02:14 8ÿ552 KB898461.log
2005-11-17 01:08 1ÿ074ÿ416 setupapi.log.0.old
2005-11-13 17:18 5ÿ175 OEWABLog.txt
2005-11-13 16:53 154 adidsl.ini
2005-11-13 14:41 227 system.ini
2005-11-13 14:41 727 win.ini
2005-11-13 14:29 4ÿ864 EventSystem.log
2005-11-13 10:23 4ÿ408 COM+.log
2005-11-13 10:01 641ÿ335 setuplog.txt
2005-11-13 09:57 352ÿ748 setupact.log
2005-11-13 09:51 316ÿ640 WMSysPr9.prx
2005-11-13 09:50 4ÿ473 ODBCINST.INI
2005-11-13 09:49 749 WindowsShell.Manifest
2005-11-13 09:47 5ÿ434 sessmgr.setup.log
2005-11-13 09:46 856 DtcInstall.log
2005-11-13 09:45 373 cmsetacl.log
2005-11-13 09:30 512 setuperr.log
2005-11-13 09:27 8ÿ780 regopt.log
2005-11-13 09:23 336 pnplog.txt
2005-11-13 08:49 312 wincmd.ini
2005-11-13 08:20 1ÿ133ÿ602 setupapi.old
2005-11-12 22:01 12ÿ328 WINNT32.LOG
2005-11-12 21:59 1ÿ490 UPGRADE.TXT
2005-11-12 21:59 384 wsdu.log
2005-11-12 21:40 178 DHCPUPG.LOG
2005-11-12 20:29 421 nsw.log
2005-10-29 23:10 163ÿ088 dbghelp.dll
2005-10-29 23:10 50ÿ176 helper.exe
2005-10-18 06:54 21 Fast800.ini




Katalog: C:\

2005-12-25 22:56 0 sys.txt
2005-12-25 22:55 13ÿ474 system.txt
2005-12-25 22:54 124 systemtemp.txt
2005-12-25 22:51 126ÿ871 system32.txt
2005-12-25 22:40 754ÿ974ÿ720 pagefile.sys
2005-11-13 14:41 211 boot.ini
2005-11-12 22:42 0 AUTOEXEC.BAT
2005-06-15 18:10 4ÿ463ÿ814 PANDA.RPT
Seitenanfang Seitenende
26.12.2005, 00:26
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als ware.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.


Zitat

REGEDIT4

[-HKEY_CURRENT_USER\Software\Look2Me]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Guardian]

[-HKEY_CLASSES_ROOT\CLSID\{4F75F15E-408F-4565-AC75-78FBC17BCCD8}]

[-HKEY_CLASSES_ROOT\CLSID\{4DB39083-C085-43AD-80EF-DA11E48E0F32}]

[-HKEY_CLASSES_ROOT\CLSID\{2408DB41-995C-475F-ADE4-0447EAFA08D8}]

[-HKEY_CLASSES_ROOT\CLSID\{537C0870-9C20-4AB1-B31D-252105539230}]

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot / Process all in List )--> anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\shmapi.dll
C:\WINDOWS\system32\lv4609hse.dll
C:\WINDOWS\system32\cdb.dll
C:\WINDOWS\system32\jtpo0773e.dll
C:\WINDOWS\system32\direct.txt
C:\WINDOWS\system32\q6860glse6q60.dll
C:\WINDOWS\system32\jtr4079qe.dll
C:\WINDOWS\system32\kjdbe.dll
C:\WINDOWS\system32\jt2407fqe.dll
C:\WINDOWS\system32\sXdoclc.dll
C:\WINDOWS\system32\enpul1791.dll
C:\WINDOWS\system32\aza4la1q1d.dll
C:\WINDOWS\system32\mvj2l91o1.dll
C:\WINDOWS\system32\urdmxfrm.dll
C:\WINDOWS\system32\irjol5131.dll
C:\WINDOWS\system32\cuosys.dll
C:\WINDOWS\system32\sqlgntfy.dll
C:\WINDOWS\system32\lhnkinfo.dll
C:\WINDOWS\system32\q0860alsedq60.dll
C:\WINDOWS\system32\iPlmgdev.dll
C:\WINDOWS\system32\fp2m03f1e.dll
C:\WINDOWS\system32\svfolder.dll
C:\WINDOWS\system32\en2ql1f51.dll
C:\WINDOWS\system32\dwvoice.dll
C:\WINDOWS\system32\mv6sl9j71.dll
C:\WINDOWS\system32\unat.dll
C:\WINDOWS\system32\mmsec.dll
C:\WINDOWS\system32\gpl0l33m1.dll
C:\WINDOWS\system32\dgprpres.dll
C:\WINDOWS\system32\fp6803jue.dll
C:\WINDOWS\system32\lv0u09d9e.dll
C:\WINDOWS\system32\oxbcbcp.dll
C:\WINDOWS\system32\iifxress.dll
C:\WINDOWS\system32\wecsvc.dll
C:\WINDOWS\system32\pXpgraph.dll
C:\WINDOWS\system32\iaetppui.dll
C:\WINDOWS\system32\dywsock.dll
C:\WINDOWS\system32\jtpq0775e.dll
C:\WINDOWS\system32\ioetpp.dll
C:\WINDOWS\system32\mudex.dll
C:\WINDOWS\system32\pcchdprf.dll
C:\WINDOWS\system32\shdocvw.dll
C:\WINDOWS\system32\jN2q0if5e82.dll
C:\WINDOWS\system32\o0pq0a75ed.dll
C:\WINDOWS\system32\carsrv.dll
C:\WINDOWS\system32\l86o0ij3e8o.dll
C:\WINDOWS\system32\k408ledu1h08.dll
C:\WINDOWS\system32\r28slcl71fq.dll
C:\WINDOWS\system32\hbui.dll
C:\WINDOWS\system32\ote32.dll

C:\WINDOWS\icont.exe

C:\WINDOWS\system32\h0j4la1q1d.dll
C:\WINDOWS\system32\m0820aloedqc0.dll
C:\WINDOWS\system32\n22u0cf9ef2.dll
C:\WINDOWS\system32\sbclient.dll
C:\WINDOWS\system32\dbvxdec_040c.dll
C:\WINDOWS\system32\gprql3951.dll
C:\WINDOWS\system32\wxvdmoe2.dll
C:\WINDOWS\system32\kt66l7js1.dll
C:\WINDOWS\system32\dnr8019ue.dll
C:\WINDOWS\system32\mbrdim.dll
C:\WINDOWS\system32\dcnput.dll
C:\WINDOWS\system32\somsg.dll
C:\WINDOWS\system32\r08s0al7edq.dll
C:\WINDOWS\system32\pdrfproc.dll
C:\WINDOWS\system32\l22s0cf7ef2.dll
C:\WINDOWS\system32\lrcmgr10.dll
C:\WINDOWS\system32\jt6007jme.dll
C:\WINDOWS\system32\khdes.dll
C:\WINDOWS\system32\mapisvc.inf
C:\WINDOWS\system32\nkdsbcli.dll
C:\WINDOWS\system32\iexrip.dll
C:\WINDOWS\system32\qaut.dll
C:\WINDOWS\system32\fvfilter.dll
C:\WINDOWS\system32\pIp.dll
C:\WINDOWS\system32\rrched20.dll
C:\WINDOWS\system32\j82q0if5e82.dll
C:\WINDOWS\system32\Sacomp91.dll
C:\WINDOWS\system32\wsaudsdk.dll
C:\WINDOWS\system32\fisext32.dll
C:\WINDOWS\system32\cTtsrvps.dll
C:\WINDOWS\system32\ubbmon.dll
C:\WINDOWS\system32\bdowseui.dll
C:\WINDOWS\system32\mkjava.dll
C:\WINDOWS\system32\wzhirda.dll
C:\WINDOWS\system32\iyeshare.dll
C:\WINDOWS\system32\rZsmontr.dll
C:\WINDOWS\system32\sbdpsrv.dll
C:\WINDOWS\system32\dnlq0135e.dll
C:\WINDOWS\system32\q8psli7718.dll
C:\WINDOWS\system32\HIODXPAT.DLL
C:\WINDOWS\system32\mkricons.dll
C:\WINDOWS\system32\fdntext.dll
C:\WINDOWS\system32\mv44l9hq1.dll
C:\WINDOWS\system32\szdoclc.dll
C:\WINDOWS\system32\agtxprxy.dll

C:\WINDOWS\system32\rzm.dll
C:\WINDOWS\system32\k8800ilme8qa0.dll
C:\WINDOWS\system32\kt08l7du1.dll
C:\WINDOWS\system32\kcdgr.dll
C:\WINDOWS\system32\CsEPPolicy.dll

C:\WINDOWS\system32\!!! CANADIAN PHARMACY FOR THE LOWEST PRICES !!!.ico

C:\WINDOWS\system32\!!! LEGAL SOFTWARE SALE - SAVE HUNDREDS OF DOLLARS !!!.ico

C:\WINDOWS\system32\popup_bl.dll
C:\WINDOWS\system32\r66u0gj9e6o.dll
C:\WINDOWS\system32\cnprops.dll
C:\WINDOWS\system32\avvpack.dll
C:\WINDOWS\system32\mgacm.dll
C:\WINDOWS\system32\gpn6l35s1.dll
C:\WINDOWS\system32\n64slgh7164.dll
C:\WINDOWS\system32\k0pmla711d.dll
C:\WINDOWS\system32\r2p8lc7u1f.dll
C:\WINDOWS\system32\pqwma.dll
C:\WINDOWS\system32\dnj2011oe.dll
C:\WINDOWS\system32\iTlmrnt5.dll
C:\WINDOWS\system32\ktn2l75o1.dll

Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "ware.reg" auf dem Desktop doppelklicken und bestaetigen, dass sie der Registry beigefuegt wird.

Hoster.zip -> anwenden
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

scanne mit der Trialversion Spysweeper
http://virus-protect.org/spysweeper.html

scanne mit ewido und poste den scanreport
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
26.12.2005, 03:34
Member

Themenstarter

Beiträge: 12
#13 ich gebs auf fuer heut. ;)
spysweeper findet noch immer tonnen an muell.

Danke auf jedenfall fuer die bemuehungen bis jetzt
Seitenanfang Seitenende
26.12.2005, 10:24
Moderator

Beiträge: 7805
#14 Versuche es mal mit diesem Cleaner:
http://www.simplytech.it/L2MRemover/index_de.htm

Ich habe ihn zwar nicht mit der neusten L2M Version getestet, aber es sollte funktionieren, wenn er ihn finden kann.
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
26.12.2005, 13:45
Member

Themenstarter

Beiträge: 12
#15 hi, danke fuer den tipp, hab das tool ausprobiert. Beim scannen hat er L2M gefunden, bevor er aber abgeschlossen hat hab ich einen bluescreen bekommen, also reboot. danach nochmal ausgefuehrt, und mittendrin hat er mich aufgefordert nue zu starten, also nochmal reboot, und dann hat er nichts mehr gefunden, beim scan.
jetzt scanne ich gerade mit ewido anti malware und hab schon mittlerweile ueber 100 infizierte objekte. :-(
haette ich nur eine xp cd da,dann haette ich schon laengst format c: gemacht


EDIT:
Hier das logfile von ewdio:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 14:06:34, 2005-12-26
+ Report-Checksum: 68FC043C

+ Scan result:

C:\!KillBox\agtxprxy.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\avvpack.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\aza4la1q1d.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\bdowseui.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\carsrv.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\cdb.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\cnprops.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\CsEPPolicy.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\cTtsrvps.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\cuosys.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\dbvxdec_040c.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\dcnput.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\dgprpres.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\dnj2011oe.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\dnlq0135e.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\dnr8019ue.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\dwvoice.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\dywsock.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\en2ql1f51.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\enpul1791.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\fdntext.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\fisext32.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\fp2m03f1e.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\fp6803jue.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\fvfilter.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\gpl0l33m1.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\gpn6l35s1.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\gprql3951.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\guard.tmp -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\h0j4la1q1d.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\hbui.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\HIODXPAT.DLL -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\iaetppui.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\icont.exe -> Spyware.AdURL : Cleaned without backup
C:\!KillBox\iexrip.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\iifxress.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\ioetpp.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\iPlmgdev.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\irjol5131.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\iTlmrnt5.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\iyeshare.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\j82q0if5e82.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\jN2q0if5e82.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\jt2407fqe.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\jt6007jme.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\jtpq0775e.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\jtr4079qe.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\k0pmla711d.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\k408ledu1h08.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\k8800ilme8qa0.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\kcdgr.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\khdes.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\kjdbe.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\kt08l7du1.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\kt66l7js1.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\ktn2l75o1.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\l22s0cf7ef2.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\l86o0ij3e8o.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\lhnkinfo.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\lrcmgr10.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\lv0u09d9e.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\m0820aloedqc0.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\mbrdim.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\mgacm.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\mkjava.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\mkricons.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\mmsec.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\mudex.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\mv44l9hq1.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\mv6sl9j71.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\mvj2l91o1.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\n22u0cf9ef2.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\n64slgh7164.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\nkdsbcli.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\ote32.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\oxbcbcp.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\pcchdprf.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\pdrfproc.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\pIp.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\pqwma.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\pXpgraph.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\q0860alsedq60.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\q6860glse6q60.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\q8psli7718.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\qaut.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\r08s0al7edq.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\r28slcl71fq.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\r2p8lc7u1f.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\r66u0gj9e6o.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\rrched20.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\rzm.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\rZsmontr.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\Sacomp91.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\sbclient.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\sbdpsrv.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\shmapi.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\somsg.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\sqlgntfy.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\svfolder.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\sXdoclc.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\szdoclc.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\ubbmon.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\unat.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\urdmxfrm.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\wecsvc.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\wsaudsdk.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\wxvdmoe2.dll -> Spyware.Look2Me : Cleaned without backup
C:\!KillBox\wzhirda.dll -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\BO¯ENKA\Ustawienia lokalne\Temp\Cookies\bo¿enka@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\BO¯ENKA\Ustawienia lokalne\Temp\Cookies\bo¿enka@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\BO¯ENKA\Ustawienia lokalne\Temp\Cookies\bo¿enka@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned without backup
C:\Documents and Settings\BO¯ENKA\Ustawienia lokalne\Temp\Cookies\bo¿enka@sel.as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned without backup
C:\Documents and Settings\BO¯ENKA\Ustawienia lokalne\Temp\Cookies\bo¿enka@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned without backup
C:\Documents and Settings\Ola\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8567G9IN\upd207[1].exe -> Spyware.Look2Me : Cleaned without backup
C:\Program Files\Common Files\ntuslaad\llaoslof\sfrnelsr.exe -> Adware.Gator : Cleaned without backup
C:\Program Files\Common Files\ntuslaad\nmfoureblm\fqrlemmpf.exe -> Adware.Gator : Cleaned without backup
C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Cleaned without backup
C:\WINDOWS\system32\fpdrclnr.dll -> Spyware.Look2Me : Cleaned without backup
C:\WINDOWS\system32\gp8ul3l91.dll -> Spyware.Look2Me : Cleaned without backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned without backup
C:\WINDOWS\system32\mpftedit.dll -> Spyware.Look2Me : Cleaned without backup
C:\WINDOWS\system32\q0rq0a95ed.dll -> Spyware.Look2Me : Cleaned without backup
C:\WINDOWS\system32\xssp1res.dll -> Spyware.Look2Me : Cleaned without backup
C:\WINDOWS\Temp\Cookies\bo¿enka@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\WINDOWS\Temp\Cookies\bo¿enka@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned without backup


::Report End
Dieser Beitrag wurde am 26.12.2005 um 14:11 Uhr von azul editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: