Popups noch immer da :( |
||
---|---|---|
#0
| ||
25.12.2005, 14:43
Member
Beiträge: 12 |
||
|
||
25.12.2005, 16:12
Ehrenmitglied
Beiträge: 29434 |
#2
azul...blau
arbeite option 1 und 2 ab http://virus-protect.org/l2mfix.html und poste jedesmal den scanreport ----------------------------------------------- + Hoster.zip -> anwenden http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.12.2005, 17:28
Member
Themenstarter Beiträge: 12 |
#3
Soll ich das erste logfile hier einfuegen? das ist unendlich lang :-/
Hier das logfile von schritt 2: L2mfix Beta 121605 Creating Account. Polecenie zostao wykonane pomylnie. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Checking for L2MFix account(0=no 1=yes): 0 zip warning: name not matched: dlls\*.* zip error: Nothing to do! (backup.zip) adding: backregs/notibac.reg (164 bytes security) (deflated 72%) |
|
|
||
25.12.2005, 17:31
Ehrenmitglied
Beiträge: 29434 |
#4
dann waehle nun noch mal option 1 und poste den scanreport (komplett)
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.12.2005, 17:39
Member
Themenstarter Beiträge: 12 |
#5
L2MFIX find log 121605
These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OemStartMenuData] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\jt6407jqe.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{5863CDD5-07B6-926E-6D36-A62D54B39E60}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego" "{176d6597-26d3-11d1-b350-080036a75b03}"="Zarz¥dzanie skanerem ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob¢w" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wy˜wietlania" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usˆugi DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych powˆoki" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt¢w Microsoft Windows Network" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Zarz¥dzanie monitorem ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Zarz¥dzanie drukark¥ ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji plik¢w" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt¢wka" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla udost©pniania zasob¢w" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Poˆ¥czenia sieciowe" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Poˆ¥czenia sieciowe" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powˆoki dla hosta skrypt¢w systemu Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsˆuga techniczna" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powˆoki zwi©kszonej" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powˆoki zwi©kszonej 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przegl¥darki Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania" "{32683183-48a0-441b-a342-7c2a440a9478}"="Pasek multimedi¢w" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupeˆnianie Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz¢w Trident" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeˆniania MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeˆniania MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ˜ledzenia" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizator paska adresu" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeˆniania historii Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeˆniania folderu powˆoki Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeˆniania Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powˆoki" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powˆoki" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla u¾ytkownika" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder¢w" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Mened¾er aplikacji powˆoki" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniaj¥cy miniatury plik¢w" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowuj¥ce obsˆugi miniatur (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powˆoki kreatora publikacji" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usˆugi Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta u¾ytkownik¢w" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik¢w trybu offline" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os¢b..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{8FF43EAA-2BB1-4A53-8E18-D9221E56E593}"="CePMTab Property Sheet" "{9ED66769-A198-41FE-8615-601691C68846}"="TouchPad Property Sheet" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Foldery w sieci Web" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{537C0870-9C20-4AB1-B31D-252105539230}"="" "{3546C756-43D6-4603-985E-A8D22DA03E46}"="" "{2408DB41-995C-475F-ADE4-0447EAFA08D8}"="" "{4DB39083-C085-43AD-80EF-DA11E48E0F32}"="" "{D0D13B61-BB1E-404E-BFD1-35F9565408B8}"="" "{4F75F15E-408F-4565-AC75-78FBC17BCCD8}"="" "{58C247D9-B006-4822-9F82-8A71DF126DBE}"="" "{9A2074ED-8A5B-42BD-901C-5B2A3FCC43DB}"="" "{70FDD159-A434-4A8C-91FF-90AF6D0EE343}"="" "{695D47D0-D08A-4529-9785-4F137A595199}"="" "{FA66395A-E29C-4E1B-BA96-42A0E55BA558}"="" "{0D1A4A80-03EB-44F1-BC01-257C3063C73C}"="" "{9C9CDB15-8E9F-40FE-8BE5-13F86E7E9E88}"="" "{CE893C8F-56E6-4667-B8EB-DA56EC8EEEE5}"="" "{11674263-0505-4965-BF2C-E0C1779AD795}"="" "{573C73DF-1384-4B24-9B75-F7E4110C2398}"="" "{5AA44583-8F21-40DB-AEB9-A9A5BD73091F}"="" "{E7EF76F1-945F-4F48-B59D-98B0ADF6A690}"="" "{2AF4A946-EEF5-4E42-BCB1-11D5CDE8556D}"="" "{B85CDA73-6172-41E9-839D-1749AD3BE1D3}"="" "{73096CF1-F8FC-4FB0-8AEB-92F03682BB6F}"="" "{FE8C2875-16CA-463B-85E4-EFD43A551F80}"="" "{729AE04D-9655-4F05-9FC1-0BEAF072EF26}"="" "{2F6A206C-4B03-4B65-A952-37A7C896A39B}"="" "{DA9B272F-963E-447B-80E1-DF5FBDEE6B66}"="" "{12704A61-6BB4-4636-B13C-02FB6B680478}"="" "{2C8A1233-7F02-4DBE-ADB7-8AB23EF99B25}"="" "{D8C6AE7F-8CCE-4970-AA72-F1E9BBA4EE0A}"="" "{D6D4E1C8-D503-4ADF-B6E4-D4932D88833E}"="" "{8405B746-4938-4257-8617-F5E4801A9EB7}"="" "{6728A0A5-5795-49C9-AFC5-44BE8EDF7507}"="" "{703ED55F-30B4-45A0-AD5C-7DD3BB5D5C69}"="" "{552A2AE4-241B-4A74-A43D-BE7CD7D1B3D2}"="" "{EBEDA22C-A6F8-49AF-872A-E30943825F6D}"="" "{92B39BE4-50B6-4913-98FD-D136D7853D21}"="" "{F5E3C46C-C6D3-4EE6-BB84-F76EF535199C}"="" "{EB3F98AC-9E00-44A7-832A-E18CBF483F7E}"="" "{9F92ACEB-A591-4D9F-8984-D8525111BAC9}"="" "{71043C5A-55F6-4207-AF4C-1FD16FA8DDD6}"="" "{EC8EE1B7-DFC5-48DF-B16B-4CDDAA14F24B}"="" "{55D9FFB1-C668-489E-9F4E-A92C71AD7181}"="" "{D8B2D97B-8787-4C78-BD61-02FF3EE01D03}"="" "{4B770D43-6EE0-44C3-AB6B-BCB0E0257F8E}"="" "{35C71321-1867-4503-9BAB-DDFD2301FAB8}"="" "{8AFFB42E-42DF-4044-8550-1E5706A9A0F6}"="" "{7476E047-4A7B-4570-A362-1D78D0325ECE}"="" "{0E8613BF-E36C-45D0-87E7-2C108F288319}"="" "{97297573-2F9B-4F9F-AAB7-277549923933}"="" "{7D6D313F-9F2A-401C-9582-6FBAB5D3592D}"="" "{5CD7B9BA-CA61-401B-9CEC-5482AEF6D04C}"="" "{929ADA20-18E2-4592-BF20-128057C40BDC}"="" "{0EF9BCBB-CDB3-465A-B330-B8192488AF10}"="" "{B9D0324A-D818-4533-82F8-17207ADECA99}"="" "{4C5CF721-10BD-4826-8DD5-29D40BB396A7}"="" "{7A86C947-D42C-4F65-A458-6496379B9CD3}"="" "{BB454ADD-6FB4-4C42-B362-1A5FC8F3A875}"="" "{313C434B-DF9D-409D-A3D4-CD20B35C7CBD}"="" "{3EC7DD7F-F635-467B-9D33-0D3921CC6755}"="" "{DE83419B-2AA4-4F7D-B516-7871522F0AA9}"="" "{D1EF0BB3-C7C3-49A2-B229-A0693BA2E087}"="" "{B1044A1A-4AE0-4560-8137-5A1E50A8619C}"="" "{C9F32951-BB28-4601-ABA9-3AC2664F4E53}"="" "{CA2BDD6C-C422-4373-8E63-516C8EDCE7CB}"="" "{B83E67E8-2849-415C-B70F-C066DD7F77D4}"="" "{9F99378C-54D8-4AF6-AFA0-ED5F1CAC083A}"="" "{E0238F22-5090-48C1-8B23-973C221F2826}"="" "{D590713A-C510-43F2-8A71-8EEC3E3E4926}"="" "{51CFB6B3-6185-4FBD-8CBB-3A37C59FC5D8}"="" "{36D4C870-6E5E-44CC-9013-6AEE54D9A7F6}"="" "{7DB0B42D-D940-428D-8C41-05CBAB29B95A}"="" "{E2BA92F9-5D30-4B85-886F-F00A5C460BF6}"="" "{FC33C608-64F1-4B2C-9BA2-89F79DDA992B}"="" "{F19592D2-B0C5-48EF-AE6C-04057480B1E1}"="" "{822F81FD-B6D7-4A25-B06B-2AD05303F326}"="" "{0E77B270-C89C-44D5-A7AB-6A8CB99447A6}"="" "{0A667D48-12C2-4DE1-8A2A-3E2FFD785688}"="" "{9AEF9E8A-D3C6-4AD9-94F9-E4BE23FF2B9D}"="" "{FBDEF236-6777-4DE3-BC90-5B77EAC08916}"="" "{44F29D0A-0989-404B-A57A-11B4A18C156B}"="" "{F418C667-7478-4CA3-A467-CBBDE20CB316}"="" "{E8240E3A-2B78-468B-89C6-58AB85A2DBCC}"="" "{DB59A857-55DC-4401-8989-FC646F5C0E3E}"="" "{11A5C361-EF92-4747-8781-781DCED19470}"="" "{4C975007-119E-4F49-A626-5B05DEDCCE7B}"="" "{07F74F6A-ABBF-43C3-962F-AF99F4649747}"="" "{D03E7422-57AF-4916-A89F-2994E2F7FC88}"="" "{5ED1E385-535E-46C1-9786-69B7626FC160}"="" "{8DC2B07D-167D-425E-9CBD-4177A2B4232A}"="" "{A2ECBD50-2FBD-47DC-B806-1583A1D9AED6}"="" "{472B7C8B-0FC4-47BD-912A-A9E201B8848E}"="" "{5D9973A4-9522-4485-8F9E-5860F98F22B7}"="" "{D7E38239-F334-4E3A-B118-75EA42ADE2F0}"="" "{97891A45-2162-488D-927F-D3D27172B817}"="" "{662D02A4-6EF8-47C2-984B-7B0A833689A2}"="" "{0C6E35EC-A5D9-4AFE-A1D0-EC4180E84B51}"="" "{62BCD537-641A-4434-996A-6ABC76F49EAD}"="" "{E247E2ED-6D03-4C30-8FA4-ED00796E944A}"="" "{B476D5D4-801B-4983-BCA8-EEEBAD553AAE}"="" "{68B6F1B0-9DF3-469F-9826-7A7C32D12A48}"="" "{C2772120-C01F-45D7-801B-E7E09B120B6A}"="" "{A5C55E3B-F16C-4290-9189-9882C347EE2D}"="" "{248F46E3-4A93-4911-B0B4-6B501CFF446F}"="" "{B664EDE1-9381-4DA7-B6CF-FC5349A2F3F9}"="" "{C1E14D17-9819-4F2B-A843-E268A09BA90F}"="" "{E3775B19-B587-4D68-9FF4-D26E73FC7BA8}"="" "{A5ACA207-9847-4967-9FB3-CE874A85312F}"="" "{292F48FD-5289-44BF-BA48-73A668AFF401}"="" "{F8B8CF9E-0A04-47B8-8858-CD0CB3B64BC8}"="" "{73E7FDE7-6CB4-4D40-BD6D-67F003E1CBBB}"="" "{E63DBA6E-A517-40B0-B97D-62FE2C39F605}"="" "{6975D839-0871-4CA3-8DC2-61A2D98F4340}"="" "{7BC4F2DB-0AF8-4A75-8576-3B659726A52D}"="" "{DB29F7EF-611A-4EAF-AD67-5D9AE2CA9B74}"="" "{A630E681-DD30-47E5-AC5B-92B7C3EE85C2}"="" "{711311CC-F707-4A0E-9707-8D5566114773}"="" "{5B88B76C-1CA4-40D3-96D9-D104F9BF6AF0}"="" "{865CBA00-0E50-4999-A3FD-3C083B871B13}"="" "{683CBE95-8F1A-47D7-8B52-9FB3B9ED06D4}"="" "{D200890A-29A4-49D8-80ED-D86A279A7FC0}"="" "{DCA80309-2FA6-45FE-A5CB-24D150AB577F}"="" "{615D15F9-CCD0-47BB-B28E-C041A51FE1E8}"="" "{D4CF8A71-0F71-4491-91AA-80DE8D90DD8B}"="" "{B7B19BBC-7AE0-49A1-8DD1-11F550E021C0}"="" "{7E698376-4C8F-4BC7-84FC-D8CE930C9B23}"="" "{BF46F3CF-C254-49F0-83AF-CB87B5528AE7}"="" "{59C4378C-9146-45F9-B73B-DCB2B66195E0}"="" "{22006697-6EF7-4880-BF4A-530784F88F74}"="" "{B80C8A72-78DA-4C8C-A36C-EA371776411E}"="" "{5C3D992D-02E0-4F8D-B286-A5F5043F4DD7}"="" "{177244D4-38E1-4F7C-A733-2C60A4165C4A}"="" "{9794E7DC-1080-4DCA-B0DF-810551FDB485}"="" "{C72556C9-0F16-468C-AEFD-5285E610B03E}"="" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Strona wˆa˜ciwo˜ci Poprzednie wersje" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Poprzednie wersje" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{08B53F12-BA65-4FDD-ABDD-91C96AF84ECD}"="" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanaˆu" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr¢t kanaˆu" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsˆugi kanaˆu" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{0DC0EE5A-CB3C-490E-A5F1-4F3FA2C3CB9F}"="" "{FA87B703-169A-4F6B-97C1-BB79C24EEC27}"="" "{732B76EA-DF5C-4EAD-BB35-617FDE4CDF88}"="" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{5E3B7435-1EB6-4C1F-B6F3-DB5E991A9840}"="" "{24D5FC13-1DCF-45CE-A54E-CC98CAA6AF39}"="" "{72A6D3CD-8D5D-496E-857A-8920DA4F1836}"="" "{6F72F3E7-ED6A-4145-A332-B93E9405835E}"="" "{16399E30-5583-4B95-81E3-DF558F33CAB6}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{537C0870-9C20-4AB1-B31D-252105539230}] @="" [HKEY_CLASSES_ROOT\CLSID\{537C0870-9C20-4AB1-B31D-252105539230}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{537C0870-9C20-4AB1-B31D-252105539230}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{537C0870-9C20-4AB1-B31D-252105539230}\InprocServer32] @="C:\\WINDOWS\\system32\\cNpesnpn.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{3546C756-43D6-4603-985E-A8D22DA03E46}] @="" [HKEY_CLASSES_ROOT\CLSID\{3546C756-43D6-4603-985E-A8D22DA03E46}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{3546C756-43D6-4603-985E-A8D22DA03E46}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{3546C756-43D6-4603-985E-A8D22DA03E46}\InprocServer32] @="C:\\WINDOWS\\system32\\soprv.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2408DB41-995C-475F-ADE4-0447EAFA08D8}] @="" [HKEY_CLASSES_ROOT\CLSID\{2408DB41-995C-475F-ADE4-0447EAFA08D8}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2408DB41-995C-475F-ADE4-0447EAFA08D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2408DB41-995C-475F-ADE4-0447EAFA08D8}\InprocServer32] @="C:\\WINDOWS\\system32\\khdsl1.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4DB39083-C085-43AD-80EF-DA11E48E0F32}] @="" [HKEY_CLASSES_ROOT\CLSID\{4DB39083-C085-43AD-80EF-DA11E48E0F32}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4DB39083-C085-43AD-80EF-DA11E48E0F32}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4DB39083-C085-43AD-80EF-DA11E48E0F32}\InprocServer32] @="C:\\WINDOWS\\system32\\sadoclc.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{D0D13B61-BB1E-404E-BFD1-35F9565408B8}] @="" [HKEY_CLASSES_ROOT\CLSID\{D0D13B61-BB1E-404E-BFD1-35F9565408B8}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{D0D13B61-BB1E-404E-BFD1-35F9565408B8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{D0D13B61-BB1E-404E-BFD1-35F9565408B8}\InprocServer32] @="C:\\WINDOWS\\system32\\iEsnap.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4F75F15E-408F-4565-AC75-78FBC17BCCD8}] @="" [HKEY_CLASSES_ROOT\CLSID\{4F75F15E-408F-4565-AC75-78FBC17BCCD8}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4F75F15E-408F-4565-AC75-78FBC17BCCD8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4F75F15E-408F-4565-AC75-78FBC17BCCD8}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" |
|
|
||
25.12.2005, 18:17
Ehrenmitglied
Beiträge: 29434 |
#6
du hast option 2 nicht korrekt abgearbeit, die malware ist noch drauf und das gepostete log entspricht auch nicht demjenigen, was ich normalerweise zu sehen bekomme.
Zitat Schließen Sie alle offenen Programme , da der nächste Schritt einen Neustart erfordert. Klicken Sie erneut auf l2mfix.bat und tippen Sie 2 ein --- [Enter]. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.12.2005, 19:19
Member
Themenstarter Beiträge: 12 |
#7
Waehrend dem ausfuehren kommt die fehlermeldung "datei nicht gefunden" oder so aehnlich. ich habs nochmal ausgefuehrt und hier ist das logfile:
L2mfix Beta 121605 Creating Account. Polecenie zostao wykonane pomylnie. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Checking for L2MFix account(0=no 1=yes): 0 zip warning: name not matched: dlls\*.* zip error: Nothing to do! (backup.zip) updating: backregs/notibac.reg (164 bytes security) (deflated 87%) WAS MACHE ICH FALSCH??? edit: was ist eigentlich mit diesem hoster.zip? muss ich das auch ausfueheren? Dieser Beitrag wurde am 25.12.2005 um 19:22 Uhr von azul editiert.
|
|
|
||
25.12.2005, 19:29
Ehrenmitglied
Beiträge: 29434 |
#8
Zitat Nach dem Neustart, unmittelbar nach der Anmeldung ist jetzt eine DOS box gekommen, gleich danach eine Fehlermeldung. Fehlermeldung wurde von mir mit ok bestätigt und dann kam nach ein paar Minuten ein neues Log:ist es das log was erscheint, nach dem du obriges ausgefuehrt hast???? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.12.2005, 19:39
Member
Themenstarter Beiträge: 12 |
#9
nein, die fehlermeldung kommt vor dem reboot, also nachdem ich option 2 auswaehle, und bevor ich eine taste zum reboooten druecke.
ich muss mich auch normal einloggen nach dem neustart, wenn ich mch richtig erinnere ist da etwas von automatischem einloggen gestanden. es kommt nach dem reboot eigentlich keine meldung, kein fenster, garnichts. HIILFFEEEE!!! ich schmeiss dieses mistding gleich aus dem fenster!!! ich kann nicht mal n windiws update machen, weil er sagt irgendwas mit dem key passt nicht. wenn ich eine XP cd haette, haette ich wahrscheinlich schon laengst format c: gemacht. Ich hab aber nur eine besch****** Produvt recovery CD die beim Laptop dabei war, die hilft mir nicht weiter. |
|
|
||
25.12.2005, 20:51
Ehrenmitglied
Beiträge: 29434 |
#10
loeschen wir den Look2Me manuell:
http://virus-protect.org/cleanup.html wende Cleanup genau nach Anweisung ab kopiere die 4 Textdateien /2 Monate http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.12.2005, 22:58
Member
Themenstarter Beiträge: 12 |
#11
Hab ich soweit gemacht:
Katalog: C:\WINDOWS\system32 2005-12-25 22:43 235ÿ601 guard.tmp 2005-12-25 22:41 235ÿ601 shmapi.dll 2005-12-25 22:39 235ÿ224 lv4609hse.dll 2005-12-25 19:33 1ÿ180 wpa.dbl 2005-12-25 19:11 235ÿ224 cdb.dll 2005-12-25 19:11 235ÿ601 jtpo0773e.dll 2005-12-25 19:07 52 direct.txt 2005-12-25 17:16 235ÿ910 q6860glse6q60.dll 2005-12-25 14:11 235ÿ224 jtr4079qe.dll 2005-12-24 11:23 235ÿ224 kjdbe.dll 2005-12-24 11:23 235ÿ651 jt2407fqe.dll 2005-12-24 11:09 235ÿ224 sXdoclc.dll 2005-12-24 11:09 237ÿ195 enpul1791.dll 2005-12-24 10:57 236ÿ950 aza4la1q1d.dll 2005-12-24 01:53 235ÿ224 mvj2l91o1.dll 2005-12-24 00:19 235ÿ224 urdmxfrm.dll 2005-12-24 00:17 234ÿ829 irjol5131.dll 2005-12-24 00:11 234ÿ829 cuosys.dll 2005-12-22 18:14 234ÿ829 sqlgntfy.dll 2005-12-22 18:02 234ÿ829 lhnkinfo.dll 2005-12-22 16:40 234ÿ255 q0860alsedq60.dll 2005-12-22 16:33 234ÿ255 iPlmgdev.dll 2005-12-22 16:20 235ÿ336 fp2m03f1e.dll 2005-12-22 16:20 234ÿ255 svfolder.dll 2005-12-22 16:20 235ÿ776 en2ql1f51.dll 2005-12-22 15:56 234ÿ255 dwvoice.dll 2005-12-22 15:54 237ÿ299 mv6sl9j71.dll 2005-12-22 15:45 237ÿ299 unat.dll 2005-12-22 11:26 237ÿ299 mmsec.dll 2005-12-22 11:23 233ÿ303 gpl0l33m1.dll 2005-12-22 11:23 237ÿ299 dgprpres.dll 2005-12-22 11:21 427 QuickTimeFavorites.qtr 2005-12-22 11:21 0 QuickTime.qtp 2005-12-22 10:56 237ÿ299 fp6803jue.dll 2005-12-21 20:49 237ÿ230 lv0u09d9e.dll 2005-12-21 12:25 237ÿ299 oxbcbcp.dll 2005-12-17 21:14 237ÿ230 iifxress.dll 2005-12-15 19:09 237ÿ230 wecsvc.dll 2005-12-12 20:15 237ÿ230 pXpgraph.dll 2005-12-10 13:29 237ÿ299 iaetppui.dll 2005-12-09 10:19 237ÿ299 dywsock.dll 2005-12-08 16:25 2ÿ721ÿ632 MRT.exe 2005-12-06 10:25 235ÿ866 jtpq0775e.dll 2005-12-06 09:34 237ÿ230 ioetpp.dll 2005-12-05 19:40 235ÿ866 mudex.dll 2005-12-02 20:42 235ÿ866 pcchdprf.dll 2005-12-01 04:34 1ÿ492ÿ480 shdocvw.dll 2005-11-29 20:28 237ÿ230 jN2q0if5e82.dll 2005-11-28 19:06 0 o0pq0a75ed.dll 2005-11-28 19:03 235ÿ866 carsrv.dll 2005-11-28 16:40 235ÿ866 l86o0ij3e8o.dll 2005-11-27 12:37 234ÿ150 k408ledu1h08.dll 2005-11-27 12:37 236ÿ026 r28slcl71fq.dll 2005-11-27 12:06 236ÿ026 hbui.dll 2005-11-24 21:05 235ÿ866 ote32.dll 2005-11-24 01:39 3ÿ013ÿ632 mshtml.dll 2005-11-24 01:39 1ÿ022ÿ464 browseui.dll 2005-11-20 21:31 235ÿ866 h0j4la1q1d.dll 2005-11-19 20:10 235ÿ866 m0820aloedqc0.dll 2005-11-18 19:14 432ÿ808 perfh015.dat 2005-11-18 19:14 68ÿ466 perfc015.dat 2005-11-18 19:14 386ÿ364 perfh009.dat 2005-11-18 19:14 55ÿ454 perfc009.dat 2005-11-18 19:14 952ÿ446 PerfStringBackup.INI 2005-11-18 19:05 196ÿ160 FNTCACHE.DAT 2005-11-17 19:24 234ÿ651 n22u0cf9ef2.dll 2005-11-17 18:39 234ÿ651 sbclient.dll 2005-11-16 23:11 235ÿ866 dbvxdec_040c.dll 2005-11-16 20:51 236ÿ244 gprql3951.dll 2005-11-16 19:02 234ÿ651 wxvdmoe2.dll 2005-11-16 16:27 234ÿ196 kt66l7js1.dll 2005-11-15 23:00 236ÿ122 dnr8019ue.dll 2005-11-15 21:06 236ÿ122 mbrdim.dll 2005-11-13 14:30 234ÿ196 dcnput.dll 2005-11-13 14:10 236ÿ122 somsg.dll 2005-11-13 10:46 236ÿ902 r08s0al7edq.dll 2005-11-13 10:46 234ÿ196 pdrfproc.dll 2005-11-13 10:46 234ÿ918 l22s0cf7ef2.dll 2005-11-13 10:43 236ÿ122 lrcmgr10.dll 2005-11-13 10:40 234ÿ196 jt6007jme.dll 2005-11-13 10:26 234ÿ196 khdes.dll 2005-11-13 09:56 288 $winnt$.inf 2005-11-13 09:51 16ÿ832 amcompat.tlb 2005-11-13 09:51 23ÿ392 nscompat.tlb 2005-11-13 09:49 488 logonui.exe.manifest 2005-11-13 09:49 488 WindowsLogon.manifest 2005-11-13 09:49 749 sapi.cpl.manifest 2005-11-13 09:49 749 nwc.cpl.manifest 2005-11-13 09:49 749 wuaucpl.cpl.manifest 2005-11-13 09:49 749 ncpa.cpl.manifest 2005-11-13 09:49 749 cdplayer.exe.manifest 2005-11-13 09:47 23ÿ988 emptyregdb.dat 2005-11-13 09:46 580 mapisvc.inf 2005-11-13 08:51 237ÿ269 nkdsbcli.dll 2005-11-13 08:22 237ÿ076 iexrip.dll 2005-11-13 07:58 237ÿ269 qaut.dll 2005-11-12 23:31 237ÿ076 fvfilter.dll 2005-11-12 23:01 235ÿ654 pIp.dll 2005-11-12 22:53 235ÿ654 rrched20.dll 2005-11-12 22:26 83 OEMINFO.INI 2005-11-12 22:01 235ÿ651 j82q0if5e82.dll 2005-11-12 19:11 235ÿ651 Sacomp91.dll 2005-11-11 16:01 234ÿ275 wsaudsdk.dll 2005-11-11 13:41 235ÿ651 fisext32.dll 2005-11-10 21:04 235ÿ651 cTtsrvps.dll 2005-11-10 11:35 234ÿ098 ubbmon.dll 2005-11-09 22:38 235ÿ651 bdowseui.dll 2005-11-08 20:55 234ÿ098 mkjava.dll 2005-11-07 19:04 235ÿ651 wzhirda.dll 2005-11-07 17:01 234ÿ098 iyeshare.dll 2005-11-06 22:15 235ÿ651 rZsmontr.dll 2005-11-06 21:18 235ÿ651 sbdpsrv.dll 2005-11-06 21:08 236ÿ722 dnlq0135e.dll 2005-11-06 18:21 235ÿ675 q8psli7718.dll 2005-11-06 11:18 235ÿ675 HIODXPAT.DLL 2005-11-05 22:16 235ÿ651 mkricons.dll 2005-11-05 21:46 235ÿ651 fdntext.dll 2005-11-05 20:27 235ÿ762 mv44l9hq1.dll 2005-11-05 19:48 235ÿ762 szdoclc.dll 2005-11-05 17:02 233ÿ878 agtxprxy.dll 2005-11-05 04:18 605ÿ184 urlmon.dll 2005-11-05 04:18 1ÿ055ÿ744 danim.dll 2005-11-04 11:01 233ÿ878 rzm.dll 2005-11-04 10:52 234ÿ276 k8800ilme8qa0.dll 2005-11-03 23:20 236ÿ727 kt08l7du1.dll 2005-11-03 22:43 236ÿ727 kcdgr.dll 2005-11-03 20:59 236ÿ727 CsEPPolicy.dll 2005-11-03 20:42 766 !!! CANADIAN PHARMACY FOR THE LOWEST PRICES !!!.ico 2005-11-03 20:42 4ÿ534 !!! LEGAL SOFTWARE SALE - SAVE HUNDREDS OF DOLLARS !!!.ico 2005-11-03 20:42 0 popup_bl.dll 2005-11-03 19:17 236ÿ926 r66u0gj9e6o.dll 2005-11-03 19:17 236ÿ372 cnprops.dll 2005-11-02 19:21 236ÿ372 avvpack.dll 2005-11-01 23:46 236ÿ372 mgacm.dll 2005-11-01 17:12 236ÿ529 gpn6l35s1.dll 2005-11-01 15:37 236ÿ529 n64slgh7164.dll 2005-11-01 10:43 233ÿ932 k0pmla711d.dll 2005-10-31 19:24 236ÿ529 r2p8lc7u1f.dll 2005-10-29 22:26 233ÿ932 pqwma.dll 2005-10-26 18:11 236ÿ372 dnj2011oe.dll 2005-10-26 12:59 234ÿ770 iTlmrnt5.dll 2005-10-23 20:55 236ÿ795 ktn2l75o1.dll Katalog: C:\DOCUME~1\BOENKA~1\USTAWI~1\Temp Katalog: C:\WINDOWS 2005-12-25 22:41 4ÿ194 ModemLog_TOSHIBA Software Modem AMR.txt 2005-12-25 22:41 1ÿ849ÿ250 WindowsUpdate.log 2005-12-25 22:41 300 wiadebug.log 2005-12-25 22:41 50 wiaservc.log 2005-12-25 22:41 0 0.log 2005-12-25 22:41 2ÿ048 bootstat.dat 2005-12-25 22:39 32ÿ542 SchedLgU.Txt 2005-12-25 19:28 179ÿ173 setupapi.log 2005-12-25 17:59 49 NeroDigital.ini 2005-12-24 14:59 177 DelDir.BEN 2005-12-24 14:43 501ÿ760ÿ000 MEMORY.DMP 2005-12-22 17:40 192 winamp.ini 2005-12-16 23:22 406ÿ457 iis6.log 2005-12-16 23:22 14ÿ769 tabletoc.log 2005-12-16 23:22 20ÿ711 ocmsn.log 2005-12-16 23:22 1ÿ393 imsins.log 2005-12-16 23:22 180ÿ778 tsoc.log 2005-12-16 23:22 96ÿ765 ntdtcsetup.log 2005-12-16 23:22 167ÿ157 comsetup.log 2005-12-16 23:22 9ÿ516 KB910437.log 2005-12-16 23:22 45ÿ677 netfxocm.log 2005-12-16 23:22 18ÿ931 MedCtrOC.log 2005-12-16 23:22 206ÿ299 ocgen.log 2005-12-16 23:22 19ÿ350 msgsocm.log 2005-12-16 23:22 459ÿ446 FaxSetup.log 2005-12-16 23:22 94ÿ520 msmqinst.log 2005-12-16 23:22 18ÿ010 updspapi.log 2005-12-16 23:22 1ÿ393 imsins.BAK 2005-12-16 23:22 16ÿ731 KB905915.log 2005-12-16 00:01 3ÿ383ÿ831 setupapi.log.1.old 2005-12-10 11:02 161ÿ218 DirectX.log 2005-12-05 20:07 24ÿ296 icont.exe 2005-11-26 16:41 400ÿ506 wmsetup.log 2005-11-26 16:28 9ÿ377 wmsetup10.log 2005-11-18 00:21 29ÿ925 KB899587.log 2005-11-18 00:21 29ÿ029 KB896422.log 2005-11-18 00:20 28ÿ892 KB885835.log 2005-11-18 00:20 27ÿ753 KB885836.log 2005-11-18 00:20 28ÿ571 KB885250.log 2005-11-18 00:19 28ÿ718 KB901017.log 2005-11-18 00:19 29ÿ044 KB899591.log 2005-11-18 00:19 29ÿ350 KB896424.log 2005-11-18 00:18 28ÿ715 KB893756.log 2005-11-18 00:18 26ÿ699 KB896423.log 2005-11-18 00:18 26ÿ247 KB873339.log 2005-11-18 00:17 26ÿ306 KB888113.log 2005-11-18 00:17 26ÿ872 KB887742.log 2005-11-18 00:17 26ÿ263 KB887472.log 2005-11-18 00:17 27ÿ634 KB896358.log 2005-11-18 00:16 26ÿ361 KB891781.log 2005-11-18 00:16 32ÿ835 KB902400.log 2005-11-18 00:15 23ÿ388 KB890046.log 2005-11-18 00:15 21ÿ413 KB896688.log 2005-11-18 00:15 20ÿ073 KB893066.log 2005-11-18 00:14 20ÿ097 KB899589.log 2005-11-18 00:14 20ÿ421 KB905414.log 2005-11-18 00:14 19ÿ713 KB901214.log 2005-11-18 00:13 18ÿ212 KB888302.log 2005-11-18 00:13 20ÿ788 KB900725.log 2005-11-18 00:13 12ÿ639 KB886185.log 2005-11-18 00:13 20ÿ492 KB904706.log 2005-11-18 00:12 20ÿ755 KB905749.log 2005-11-18 00:12 19ÿ535 KB896428.log 2005-11-18 00:12 20ÿ304 KB894391.log 2005-11-18 00:12 20ÿ532 KB890859.log 2005-11-17 02:15 8ÿ998 KB893803v2.log 2005-11-17 02:14 8ÿ552 KB898461.log 2005-11-17 01:08 1ÿ074ÿ416 setupapi.log.0.old 2005-11-13 17:18 5ÿ175 OEWABLog.txt 2005-11-13 16:53 154 adidsl.ini 2005-11-13 14:41 227 system.ini 2005-11-13 14:41 727 win.ini 2005-11-13 14:29 4ÿ864 EventSystem.log 2005-11-13 10:23 4ÿ408 COM+.log 2005-11-13 10:01 641ÿ335 setuplog.txt 2005-11-13 09:57 352ÿ748 setupact.log 2005-11-13 09:51 316ÿ640 WMSysPr9.prx 2005-11-13 09:50 4ÿ473 ODBCINST.INI 2005-11-13 09:49 749 WindowsShell.Manifest 2005-11-13 09:47 5ÿ434 sessmgr.setup.log 2005-11-13 09:46 856 DtcInstall.log 2005-11-13 09:45 373 cmsetacl.log 2005-11-13 09:30 512 setuperr.log 2005-11-13 09:27 8ÿ780 regopt.log 2005-11-13 09:23 336 pnplog.txt 2005-11-13 08:49 312 wincmd.ini 2005-11-13 08:20 1ÿ133ÿ602 setupapi.old 2005-11-12 22:01 12ÿ328 WINNT32.LOG 2005-11-12 21:59 1ÿ490 UPGRADE.TXT 2005-11-12 21:59 384 wsdu.log 2005-11-12 21:40 178 DHCPUPG.LOG 2005-11-12 20:29 421 nsw.log 2005-10-29 23:10 163ÿ088 dbghelp.dll 2005-10-29 23:10 50ÿ176 helper.exe 2005-10-18 06:54 21 Fast800.ini Katalog: C:\ 2005-12-25 22:56 0 sys.txt 2005-12-25 22:55 13ÿ474 system.txt 2005-12-25 22:54 124 systemtemp.txt 2005-12-25 22:51 126ÿ871 system32.txt 2005-12-25 22:40 754ÿ974ÿ720 pagefile.sys 2005-11-13 14:41 211 boot.ini 2005-11-12 22:42 0 AUTOEXEC.BAT 2005-06-15 18:10 4ÿ463ÿ814 PANDA.RPT |
|
|
||
26.12.2005, 00:26
Ehrenmitglied
Beiträge: 29434 |
#12
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als ware.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
Zitat REGEDIT4KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot / Process all in List )--> anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\shmapi.dll C:\WINDOWS\system32\lv4609hse.dll C:\WINDOWS\system32\cdb.dll C:\WINDOWS\system32\jtpo0773e.dll C:\WINDOWS\system32\direct.txt C:\WINDOWS\system32\q6860glse6q60.dll C:\WINDOWS\system32\jtr4079qe.dll C:\WINDOWS\system32\kjdbe.dll C:\WINDOWS\system32\jt2407fqe.dll C:\WINDOWS\system32\sXdoclc.dll C:\WINDOWS\system32\enpul1791.dll C:\WINDOWS\system32\aza4la1q1d.dll C:\WINDOWS\system32\mvj2l91o1.dll C:\WINDOWS\system32\urdmxfrm.dll C:\WINDOWS\system32\irjol5131.dll C:\WINDOWS\system32\cuosys.dll C:\WINDOWS\system32\sqlgntfy.dll C:\WINDOWS\system32\lhnkinfo.dll C:\WINDOWS\system32\q0860alsedq60.dll C:\WINDOWS\system32\iPlmgdev.dll C:\WINDOWS\system32\fp2m03f1e.dll C:\WINDOWS\system32\svfolder.dll C:\WINDOWS\system32\en2ql1f51.dll C:\WINDOWS\system32\dwvoice.dll C:\WINDOWS\system32\mv6sl9j71.dll C:\WINDOWS\system32\unat.dll C:\WINDOWS\system32\mmsec.dll C:\WINDOWS\system32\gpl0l33m1.dll C:\WINDOWS\system32\dgprpres.dll C:\WINDOWS\system32\fp6803jue.dll C:\WINDOWS\system32\lv0u09d9e.dll C:\WINDOWS\system32\oxbcbcp.dll C:\WINDOWS\system32\iifxress.dll C:\WINDOWS\system32\wecsvc.dll C:\WINDOWS\system32\pXpgraph.dll C:\WINDOWS\system32\iaetppui.dll C:\WINDOWS\system32\dywsock.dll C:\WINDOWS\system32\jtpq0775e.dll C:\WINDOWS\system32\ioetpp.dll C:\WINDOWS\system32\mudex.dll C:\WINDOWS\system32\pcchdprf.dll C:\WINDOWS\system32\shdocvw.dll C:\WINDOWS\system32\jN2q0if5e82.dll C:\WINDOWS\system32\o0pq0a75ed.dll C:\WINDOWS\system32\carsrv.dll C:\WINDOWS\system32\l86o0ij3e8o.dll C:\WINDOWS\system32\k408ledu1h08.dll C:\WINDOWS\system32\r28slcl71fq.dll C:\WINDOWS\system32\hbui.dll C:\WINDOWS\system32\ote32.dll C:\WINDOWS\icont.exe C:\WINDOWS\system32\h0j4la1q1d.dll C:\WINDOWS\system32\m0820aloedqc0.dll C:\WINDOWS\system32\n22u0cf9ef2.dll C:\WINDOWS\system32\sbclient.dll C:\WINDOWS\system32\dbvxdec_040c.dll C:\WINDOWS\system32\gprql3951.dll C:\WINDOWS\system32\wxvdmoe2.dll C:\WINDOWS\system32\kt66l7js1.dll C:\WINDOWS\system32\dnr8019ue.dll C:\WINDOWS\system32\mbrdim.dll C:\WINDOWS\system32\dcnput.dll C:\WINDOWS\system32\somsg.dll C:\WINDOWS\system32\r08s0al7edq.dll C:\WINDOWS\system32\pdrfproc.dll C:\WINDOWS\system32\l22s0cf7ef2.dll C:\WINDOWS\system32\lrcmgr10.dll C:\WINDOWS\system32\jt6007jme.dll C:\WINDOWS\system32\khdes.dll C:\WINDOWS\system32\mapisvc.inf C:\WINDOWS\system32\nkdsbcli.dll C:\WINDOWS\system32\iexrip.dll C:\WINDOWS\system32\qaut.dll C:\WINDOWS\system32\fvfilter.dll C:\WINDOWS\system32\pIp.dll C:\WINDOWS\system32\rrched20.dll C:\WINDOWS\system32\j82q0if5e82.dll C:\WINDOWS\system32\Sacomp91.dll C:\WINDOWS\system32\wsaudsdk.dll C:\WINDOWS\system32\fisext32.dll C:\WINDOWS\system32\cTtsrvps.dll C:\WINDOWS\system32\ubbmon.dll C:\WINDOWS\system32\bdowseui.dll C:\WINDOWS\system32\mkjava.dll C:\WINDOWS\system32\wzhirda.dll C:\WINDOWS\system32\iyeshare.dll C:\WINDOWS\system32\rZsmontr.dll C:\WINDOWS\system32\sbdpsrv.dll C:\WINDOWS\system32\dnlq0135e.dll C:\WINDOWS\system32\q8psli7718.dll C:\WINDOWS\system32\HIODXPAT.DLL C:\WINDOWS\system32\mkricons.dll C:\WINDOWS\system32\fdntext.dll C:\WINDOWS\system32\mv44l9hq1.dll C:\WINDOWS\system32\szdoclc.dll C:\WINDOWS\system32\agtxprxy.dll C:\WINDOWS\system32\rzm.dll C:\WINDOWS\system32\k8800ilme8qa0.dll C:\WINDOWS\system32\kt08l7du1.dll C:\WINDOWS\system32\kcdgr.dll C:\WINDOWS\system32\CsEPPolicy.dll C:\WINDOWS\system32\!!! CANADIAN PHARMACY FOR THE LOWEST PRICES !!!.ico C:\WINDOWS\system32\!!! LEGAL SOFTWARE SALE - SAVE HUNDREDS OF DOLLARS !!!.ico C:\WINDOWS\system32\popup_bl.dll C:\WINDOWS\system32\r66u0gj9e6o.dll C:\WINDOWS\system32\cnprops.dll C:\WINDOWS\system32\avvpack.dll C:\WINDOWS\system32\mgacm.dll C:\WINDOWS\system32\gpn6l35s1.dll C:\WINDOWS\system32\n64slgh7164.dll C:\WINDOWS\system32\k0pmla711d.dll C:\WINDOWS\system32\r2p8lc7u1f.dll C:\WINDOWS\system32\pqwma.dll C:\WINDOWS\system32\dnj2011oe.dll C:\WINDOWS\system32\iTlmrnt5.dll C:\WINDOWS\system32\ktn2l75o1.dll Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "ware.reg" auf dem Desktop doppelklicken und bestaetigen, dass sie der Registry beigefuegt wird. Hoster.zip -> anwenden http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. scanne mit der Trialversion Spysweeper http://virus-protect.org/spysweeper.html scanne mit ewido und poste den scanreport http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.12.2005, 03:34
Member
Themenstarter Beiträge: 12 |
#13
ich gebs auf fuer heut.
spysweeper findet noch immer tonnen an muell. Danke auf jedenfall fuer die bemuehungen bis jetzt |
|
|
||
26.12.2005, 10:24
Moderator
Beiträge: 7805 |
#14
Versuche es mal mit diesem Cleaner:
http://www.simplytech.it/L2MRemover/index_de.htm Ich habe ihn zwar nicht mit der neusten L2M Version getestet, aber es sollte funktionieren, wenn er ihn finden kann. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
26.12.2005, 13:45
Member
Themenstarter Beiträge: 12 |
#15
hi, danke fuer den tipp, hab das tool ausprobiert. Beim scannen hat er L2M gefunden, bevor er aber abgeschlossen hat hab ich einen bluescreen bekommen, also reboot. danach nochmal ausgefuehrt, und mittendrin hat er mich aufgefordert nue zu starten, also nochmal reboot, und dann hat er nichts mehr gefunden, beim scan.
jetzt scanne ich gerade mit ewido anti malware und hab schon mittlerweile ueber 100 infizierte objekte. :-( haette ich nur eine xp cd da,dann haette ich schon laengst format c: gemacht EDIT: Hier das logfile von ewdio: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 14:06:34, 2005-12-26 + Report-Checksum: 68FC043C + Scan result: C:\!KillBox\agtxprxy.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\avvpack.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\aza4la1q1d.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\bdowseui.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\carsrv.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\cdb.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\cnprops.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\CsEPPolicy.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\cTtsrvps.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\cuosys.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\dbvxdec_040c.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\dcnput.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\dgprpres.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\dnj2011oe.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\dnlq0135e.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\dnr8019ue.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\dwvoice.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\dywsock.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\en2ql1f51.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\enpul1791.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\fdntext.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\fisext32.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\fp2m03f1e.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\fp6803jue.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\fvfilter.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\gpl0l33m1.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\gpn6l35s1.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\gprql3951.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\guard.tmp -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\h0j4la1q1d.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\hbui.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\HIODXPAT.DLL -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\iaetppui.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\icont.exe -> Spyware.AdURL : Cleaned without backup C:\!KillBox\iexrip.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\iifxress.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\ioetpp.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\iPlmgdev.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\irjol5131.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\iTlmrnt5.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\iyeshare.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\j82q0if5e82.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\jN2q0if5e82.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\jt2407fqe.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\jt6007jme.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\jtpq0775e.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\jtr4079qe.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\k0pmla711d.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\k408ledu1h08.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\k8800ilme8qa0.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\kcdgr.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\khdes.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\kjdbe.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\kt08l7du1.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\kt66l7js1.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\ktn2l75o1.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\l22s0cf7ef2.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\l86o0ij3e8o.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\lhnkinfo.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\lrcmgr10.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\lv0u09d9e.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\m0820aloedqc0.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\mbrdim.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\mgacm.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\mkjava.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\mkricons.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\mmsec.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\mudex.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\mv44l9hq1.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\mv6sl9j71.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\mvj2l91o1.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\n22u0cf9ef2.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\n64slgh7164.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\nkdsbcli.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\ote32.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\oxbcbcp.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\pcchdprf.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\pdrfproc.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\pIp.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\pqwma.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\pXpgraph.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\q0860alsedq60.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\q6860glse6q60.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\q8psli7718.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\qaut.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\r08s0al7edq.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\r28slcl71fq.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\r2p8lc7u1f.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\r66u0gj9e6o.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\rrched20.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\rzm.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\rZsmontr.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\Sacomp91.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\sbclient.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\sbdpsrv.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\shmapi.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\somsg.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\sqlgntfy.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\svfolder.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\sXdoclc.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\szdoclc.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\ubbmon.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\unat.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\urdmxfrm.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\wecsvc.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\wsaudsdk.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\wxvdmoe2.dll -> Spyware.Look2Me : Cleaned without backup C:\!KillBox\wzhirda.dll -> Spyware.Look2Me : Cleaned without backup C:\Documents and Settings\BO¯ENKA\Ustawienia lokalne\Temp\Cookies\bo¿enka@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned without backup C:\Documents and Settings\BO¯ENKA\Ustawienia lokalne\Temp\Cookies\bo¿enka@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup C:\Documents and Settings\BO¯ENKA\Ustawienia lokalne\Temp\Cookies\bo¿enka@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned without backup C:\Documents and Settings\BO¯ENKA\Ustawienia lokalne\Temp\Cookies\bo¿enka@sel.as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned without backup C:\Documents and Settings\BO¯ENKA\Ustawienia lokalne\Temp\Cookies\bo¿enka@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned without backup C:\Documents and Settings\Ola\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8567G9IN\upd207[1].exe -> Spyware.Look2Me : Cleaned without backup C:\Program Files\Common Files\ntuslaad\llaoslof\sfrnelsr.exe -> Adware.Gator : Cleaned without backup C:\Program Files\Common Files\ntuslaad\nmfoureblm\fqrlemmpf.exe -> Adware.Gator : Cleaned without backup C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Cleaned without backup C:\WINDOWS\system32\fpdrclnr.dll -> Spyware.Look2Me : Cleaned without backup C:\WINDOWS\system32\gp8ul3l91.dll -> Spyware.Look2Me : Cleaned without backup C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned without backup C:\WINDOWS\system32\mpftedit.dll -> Spyware.Look2Me : Cleaned without backup C:\WINDOWS\system32\q0rq0a95ed.dll -> Spyware.Look2Me : Cleaned without backup C:\WINDOWS\system32\xssp1res.dll -> Spyware.Look2Me : Cleaned without backup C:\WINDOWS\Temp\Cookies\bo¿enka@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup C:\WINDOWS\Temp\Cookies\bo¿enka@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned without backup ::Report End Dieser Beitrag wurde am 26.12.2005 um 14:11 Uhr von azul editiert.
|
|
|
||
Danach hab ich hijack ausgefuehrt und ausgewertet, und einiges geloescht.
Es kommen aber trotzdem noch alle paar minuten popups, meistesns mit der endung yyy102.html
Bitte um hilfe wie ich das system endgueltig sauber machen kann (ohne zu formatieren)
hier das logfile:
Logfile of HijackThis v1.99.1
Scan saved at 14:33:07, on 2005-12-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\BO¯ENKA\Pulpit\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = £¹cza
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BC24D30-EE1D-4933-9C95-C31A02F920DF}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\jt6407jqe.dll
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe