Browser macht unkontrollierte Popus und Hintergrund ist nicht mehr änderbarThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
26.01.2006, 14:20
...neu hier
Beiträge: 9 |
||
|
||
26.01.2006, 16:31
Ehrenmitglied
Beiträge: 29434 |
#2
Darkwarrior
das ist der Look2Me u.a. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als list.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.--> die list.bat doppelt klicken--> kopiere den Text, der erscheint cd\ dir "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders" >> files.txt dir "C:\Programme\Gemeinsame Dateien" >> files.txt notepad files.txt ------------------------------------------------------------------------------ stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html Information: http://virus-protect.org/artikel/spyware/inet20002.html http://virus-protect.org/artikel/spyware/inet20099.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.01.2006, 18:41
...neu hier
Themenstarter Beiträge: 9 |
#3
Hier die Daten:
list.bat: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D482-698B Verzeichnis von C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders 25.01.2006 20:44 <DIR> . 25.01.2006 20:44 <DIR> .. 25.01.2006 20:44 <DIR> 1031 25.01.2006 20:43 <DIR> 1033 14.02.2001 21:45 1.318.912 MSONSEXT.DLL 13.02.2001 00:23 58.784 MSOSV.DLL 20.03.1999 12:46 127.032 MSOWS407.DLL 05.06.1999 05:09 122.937 MSOWS409.DLL 06.08.2000 09:04 401.462 MSVCP60.DLL 22.01.2001 03:25 69.632 PKMAXCTL.DLL 22.01.2001 03:25 872.448 PKMCDO.DLL 22.01.2001 03:25 159.744 PKMCORE.DLL 07.02.2001 09:59 106.496 PKMFORMS.DLL 12.02.2001 04:01 692.224 PKMRES.DLL 22.01.2001 03:25 28.672 PKMSSTLB.DLL 22.01.2001 03:25 40.960 PKMTEMPL.DLL 22.01.2001 03:25 24.576 PKMTRACE.DLL 22.01.2001 03:25 86.016 PKMWS.DLL 22.01.2001 03:25 237.568 PROMDEMO.DLL 22.01.2001 03:25 184.320 SECMGR.DLL 22.01.2001 03:25 323.584 VAIDDMGR.DLL 22.01.2001 03:25 32.768 VAIMEM.DLL 18 Datei(en) 4.888.135 Bytes 4 Verzeichnis(se), 11.818.221.568 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D482-698B Verzeichnis von C:\Programme\Gemeinsame Dateien 25.01.2006 20:47 <DIR> . 25.01.2006 20:47 <DIR> .. 25.01.2006 20:43 <DIR> Designer 25.01.2006 19:47 <DIR> Dienste 25.01.2006 20:13 <DIR> InstallShield 25.01.2006 20:44 <DIR> Microsoft Shared 25.01.2006 19:47 <DIR> MSSoap 25.01.2006 19:41 <DIR> ODBC 25.01.2006 19:41 <DIR> SpeechEngines 25.01.2006 20:42 <DIR> System 25.01.2006 20:06 <DIR> Wise Installation Wizard 0 Datei(en) 0 Bytes 11 Verzeichnis(se), 11.818.221.568 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D482-698B Verzeichnis von C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders 25.01.2006 20:44 <DIR> . 25.01.2006 20:44 <DIR> .. 25.01.2006 20:44 <DIR> 1031 25.01.2006 20:43 <DIR> 1033 14.02.2001 21:45 1.318.912 MSONSEXT.DLL 13.02.2001 00:23 58.784 MSOSV.DLL 20.03.1999 12:46 127.032 MSOWS407.DLL 05.06.1999 05:09 122.937 MSOWS409.DLL 06.08.2000 09:04 401.462 MSVCP60.DLL 22.01.2001 03:25 69.632 PKMAXCTL.DLL 22.01.2001 03:25 872.448 PKMCDO.DLL 22.01.2001 03:25 159.744 PKMCORE.DLL 07.02.2001 09:59 106.496 PKMFORMS.DLL 12.02.2001 04:01 692.224 PKMRES.DLL 22.01.2001 03:25 28.672 PKMSSTLB.DLL 22.01.2001 03:25 40.960 PKMTEMPL.DLL 22.01.2001 03:25 24.576 PKMTRACE.DLL 22.01.2001 03:25 86.016 PKMWS.DLL 22.01.2001 03:25 237.568 PROMDEMO.DLL 22.01.2001 03:25 184.320 SECMGR.DLL 22.01.2001 03:25 323.584 VAIDDMGR.DLL 22.01.2001 03:25 32.768 VAIMEM.DLL 18 Datei(en) 4.888.135 Bytes 4 Verzeichnis(se), 11.855.077.376 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D482-698B Verzeichnis von C:\Programme\Gemeinsame Dateien 25.01.2006 20:47 <DIR> . 25.01.2006 20:47 <DIR> .. 25.01.2006 20:43 <DIR> Designer 25.01.2006 19:47 <DIR> Dienste 25.01.2006 20:13 <DIR> InstallShield 25.01.2006 20:44 <DIR> Microsoft Shared 25.01.2006 19:47 <DIR> MSSoap 25.01.2006 19:41 <DIR> ODBC 25.01.2006 19:41 <DIR> SpeechEngines 25.01.2006 20:42 <DIR> System 25.01.2006 20:06 <DIR> Wise Installation Wizard 0 Datei(en) 0 Bytes 11 Verzeichnis(se), 11.855.073.280 Bytes frei system32.txt: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D482-698B Verzeichnis von C:\WINDOWS\system32 26.01.2006 18:36 39.291 nvapps.xml 26.01.2006 18:36 235.422 guard.tmp 26.01.2006 18:28 236.804 n28olcl31fq.dll 26.01.2006 14:02 235.422 n08o0al3edq.dll 26.01.2006 13:50 234.060 iyetcplc.dll 25.01.2006 21:53 311.740 perfh009.dat 25.01.2006 21:53 48.354 perfc007.dat 25.01.2006 21:53 316.924 perfh007.dat 25.01.2006 21:53 40.128 perfc009.dat 25.01.2006 21:53 723.744 PerfStringBackup.INI 25.01.2006 21:51 235.898 l8l60i3se8.dll 25.01.2006 21:51 114.968 FNTCACHE.DAT 25.01.2006 20:38 234.325 j4n2le5o1h.dll 25.01.2006 20:37 154 info.txt 25.01.2006 20:37 25.304 msnscps.dll 25.01.2006 19:53 2.206 wpa.dbl 25.01.2006 19:52 386 $winnt$.inf 25.01.2006 19:49 2.951 CONFIG.NT 25.01.2006 19:49 16.832 amcompat.tlb 25.01.2006 19:49 23.392 nscompat.tlb 25.01.2006 19:48 488 WindowsLogon.manifest 25.01.2006 19:48 488 logonui.exe.manifest 25.01.2006 19:48 749 nwc.cpl.manifest 25.01.2006 19:48 749 cdplayer.exe.manifest 25.01.2006 19:48 749 wuaucpl.cpl.manifest 25.01.2006 19:48 749 sapi.cpl.manifest 25.01.2006 19:48 749 ncpa.cpl.manifest 25.01.2006 19:46 21.740 emptyregdb.dat 25.01.2006 19:45 0 h323log.txt 04.01.2006 19:46 2.836.320 MRT.exe 29.12.2005 03:54 280.064 gdi32.dll 01.12.2005 04:31 1.492.480 shdocvw.dll Temp: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D482-698B Verzeichnis von C:\DOKUME~1\Standard\LOKALE~1\Temp 26.01.2006 18:36 49.152 ~DF700A.tmp 26.01.2006 18:36 32.768 ~DF1A1A.tmp 26.01.2006 18:36 16.384 ~DF29F0.tmp 26.01.2006 18:29 49.152 ~DFF03A.tmp 26.01.2006 18:28 32.768 ~DFA93E.tmp 26.01.2006 18:28 16.384 ~DFAD13.tmp 6 Datei(en) 196.608 Bytes 0 Verzeichnis(se), 11.855.085.568 Bytes frei Windows: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D482-698B Verzeichnis von C:\WINDOWS 26.01.2006 18:37 573 win.ini 26.01.2006 18:37 278 system.ini 26.01.2006 18:28 358.183 WindowsUpdate.log 26.01.2006 18:28 0 0.log 26.01.2006 18:28 2.048 bootstat.dat 26.01.2006 14:58 2.184 SchedLgU.Txt 26.01.2006 14:58 216 wiadebug.log 26.01.2006 14:13 50 wiaservc.log 26.01.2006 14:01 110.222 ntbtlog.txt 26.01.2006 13:51 26 Lic.xxx 25.01.2006 22:42 0 nsreg.dat 25.01.2006 22:42 107.132 UninstallFirefox.exe 25.01.2006 22:42 2.258 mozver.dat 25.01.2006 21:59 4.268 KB887797.log 25.01.2006 21:49 290.580 iis6.log 25.01.2006 21:49 89.854 comsetup.log 25.01.2006 21:49 52.718 ntdtcsetup.log 25.01.2006 21:49 13.197 ocmsn.log 25.01.2006 21:49 12.448 tabletoc.log 25.01.2006 21:49 1.374 imsins.log 25.01.2006 21:49 111.743 tsoc.log 25.01.2006 21:49 35.867 KB912919.log 25.01.2006 21:49 16.787 MedCtrOC.log 25.01.2006 21:49 41.778 netfxocm.log 25.01.2006 21:49 119.708 ocgen.log 25.01.2006 21:49 11.779 msgsocm.log 25.01.2006 21:49 234.118 FaxSetup.log 25.01.2006 21:49 78.432 msmqinst.log 25.01.2006 21:49 16.880 updspapi.log 25.01.2006 21:49 1.374 imsins.BAK 25.01.2006 21:07 9.519 KB898461.log 25.01.2006 21:07 9.602 KB893803v2.log 25.01.2006 20:52 1.229 wmsetup.log 25.01.2006 20:45 400 ODBC.INI 25.01.2006 20:38 0 winsysupd31.dat 25.01.2006 20:38 43 drsmartload2.dat 25.01.2006 20:37 780 hosts 25.01.2006 20:37 37.592 country.exe 25.01.2006 20:36 0 uniq 25.01.2006 19:57 3.797 Ascd_tmp.ini 25.01.2006 19:53 829 OEWABLog.txt 25.01.2006 19:53 833.678 setuplog.txt 25.01.2006 19:52 8.192 REGLOCS.OLD 25.01.2006 19:52 177.454 setupact.log 25.01.2006 19:49 0 control.ini 25.01.2006 19:49 316.640 WMSysPr9.prx 25.01.2006 19:49 4.161 ODBCINST.INI 25.01.2006 19:48 749 WindowsShell.Manifest 25.01.2006 19:47 1.023 sessmgr.setup.log 25.01.2006 19:46 37 vbaddin.ini 25.01.2006 19:46 36 vb.ini 25.01.2006 19:46 133 DtcInstall.log 25.01.2006 19:45 200 cmsetacl.log 25.01.2006 19:43 0 Sti_Trace.log 25.01.2006 19:41 1.348 regopt.log 25.01.2006 19:41 0 setuperr.log sys.txt: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D482-698B Verzeichnis von C:\ 26.01.2006 18:40 0 sys.txt 26.01.2006 18:39 6.518 system.txt 26.01.2006 18:39 540 systemtemp.txt 26.01.2006 18:37 95.594 system32.txt 26.01.2006 18:37 211 boot.ini 26.01.2006 18:31 2.080 files.txt 26.01.2006 18:28 704.643.072 pagefile.sys 26.01.2006 13:55 0 23990098.$$$ 26.01.2006 13:55 4 AVPCallback.log 25.01.2006 22:33 242 messanger.ini 25.01.2006 19:49 0 AUTOEXEC.BAT 25.01.2006 19:49 0 MSDOS.SYS 25.01.2006 19:49 0 CONFIG.SYS 25.01.2006 19:49 0 IO.SYS |
|
|
||
27.01.2006, 00:39
Ehrenmitglied
Beiträge: 29434 |
#4
Darkwarrior
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank F3 - REG:win.ini: run=C:\WINDOWS\inet20010\services.exe O20 - Winlogon Notify: htproc - htproc32.dll (file missing) O20 - Winlogon Notify: policies - C:\WINDOWS\system32\t28u0cl9efq.dll O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing) --------------------------------------------------------------------- KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: C:\WINDOWS\inet20010\services.exe C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\n28olcl31fq.dll C:\WINDOWS\system32\n08o0al3edq.dll C:\WINDOWS\system32\iyetcplc.dll C:\WINDOWS\system32\l8l60i3se8.dll C:\WINDOWS\system32\j4n2le5o1h.dll C:\WINDOWS\system32\t28u0cl9efq.dll C:\WINDOWS\system32\info.txt C:\WINDOWS\system32\msnscps.dll C:\WINDOWS\winsysupd31.dat C:\WINDOWS\drsmartload2.dat C:\WINDOWS\hosts C:\WINDOWS\country.exe C:\WINDOWS\uniq C:\23990098.$$$ PC neustarten Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. loesche: C:\WINDOWS\inet20099 Download win32delfkil.exe: http://users.telenet.be/marcvn/tools/win32delfkil.exe Save it on your desktop. Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil Close all windows, open the win32delfkil folder and double click on fix.bat. --> windelf.txt hier posten wende CleanUp noch einmal an http://virus-protect.org/cleanup.html spysweeper (trial) --> scanne und kopiere hier den scanreport http://virus-protect.org/spysweeper.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.01.2006, 11:49
...neu hier
Themenstarter Beiträge: 9 |
#5
windelf.txt:
************************ * WIN32DELFKIL LOGFILE * ************************ by Marckie BEFORE RUNNING WIN32DELFKIL *************************** File(s) found in Windows directory ---------------------------------- File(s) found in system32 folder -------------------------------- SharedTaskScheduler key ----------------------- SteelWerX Registry Console Tool 1.0 Written by Bobbi Flekman © 2005 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon Notify key ---------- Spy Sweeper: ******** 11:28: | Start of Session, Freitag, 27. Januar 2006 | 11:28: Spy Sweeper started 11:28: Sweep initiated using definitions version 606 11:29: Starting Memory Sweep 11:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:31: Memory Sweep Complete, Elapsed Time: 00:01:58 11:31: Starting Registry Sweep 11:31: Found Adware: coolwebsearch (cws) 11:31: HKU\S-1-5-21-1801674531-1957994488-682003330-1003\software\microsoft\internet explorer\keywords\ (17 subtraces) (ID = 109820) 11:31: HKU\S-1-5-21-1801674531-1957994488-682003330-1003\software\microsoft\internet explorer\sites\ (16 subtraces) (ID = 109822) 11:31: Found Trojan Horse: komforochka smtp relay 11:31: HKU\S-1-5-21-1801674531-1957994488-682003330-1003\software\microsoft\internet explorer\keywords\ (17 subtraces) (ID = 1035782) 11:31: Registry Sweep Complete, Elapsed Time:00:00:09 11:31: Starting Cookie Sweep 11:31: Cookie Sweep Complete, Elapsed Time: 00:00:00 11:31: Starting File Sweep 11:31: aa219dc4-702a-4318-86b4-77e09a (ID = 220754) 11:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:31: Found Adware: look2me 11:31: guard.tmp (ID = 159) 11:31: iyetcplc.dll (ID = 159) 11:31: kqduk.dll (ID = 159) 11:31: k0080adued080.dll (ID = 159) 11:31: guard.tmp (ID = 159) 11:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:33: ir22l5fo1.dll (ID = 159) 11:33: l8l60i3se8.dll (ID = 159) 11:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:34: j4n2le5o1h.dll (ID = 159) 11:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:36: Warning: Failed to open file "c:\dokumente und einstellungen\all users\anwendungsdaten\kaspersky anti-virus personal pro\5.0\sfdb.dat:kavichs". Zugriff verweigert 11:36: Warning: Failed to open file "c:\dokumente und einstellungen\all users\anwendungsdaten\kaspersky anti-virus personal pro\5.0\policy\policy.dat:kavichs". Zugriff verweigert 11:36: Warning: Failed to open file "c:\dokumente und einstellungen\standard\anwendungsdaten\mozilla\firefox\profiles\090kiod8.default\cookies.txt:kavichs". Zugriff verweigert 11:37: File Sweep Complete, Elapsed Time: 00:06:02 11:37: Full Sweep has completed. Elapsed time 00:08:19 11:37: Traces Found: 62 11:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:48: Removal process initiated 11:48: Quarantining All Traces: komforochka smtp relay 11:48: Quarantining All Traces: look2me 11:48: look2me is in use. It will be removed on reboot. 11:48: kqduk.dll is in use. It will be removed on reboot. 11:48: k0080adued080.dll is in use. It will be removed on reboot. 11:48: ir22l5fo1.dll is in use. It will be removed on reboot. 11:48: Quarantining All Traces: coolwebsearch (cws) 11:48: Removal process completed. Elapsed time 00:00:32 ******** 11:28: | Start of Session, Freitag, 27. Januar 2006 | 11:28: Spy Sweeper started 11:28: Your spyware definitions have been updated. 11:28: | End of Session, Freitag, 27. Januar 2006 | |
|
|
||
27.01.2006, 15:12
Ehrenmitglied
Beiträge: 29434 |
#6
scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.01.2006, 13:35
...neu hier
Themenstarter Beiträge: 9 |
#7
Incident Status Location
Adware:adware/cws.yexe Not disinfected C:\messanger.ini Spyware:Cookie/2o7.net Not disinfected C:\Dokumente und Einstellungen\Standard\Cookies\standard@2o7[1].txt Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.adtech.de/] Spyware:Cookie/YieldManager Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/WinFixer Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.winfixer.com/] Spyware:Cookie/Zedo Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.zedo.com/] Spyware:Cookie/Reliablestats Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[stats1.reliablestats.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/onestat.com Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/Rn11 Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.rn11.com/] Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[] Spyware:Cookie/2o7.net Not disinfected C:\Dokumente und Einstellungen\Standard\Cookies\standard@2o7[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1801674531-1957994488-682003330-1003\Dc14\Process.exe |
|
|
||
28.01.2006, 15:25
Ehrenmitglied
Beiträge: 29434 |
#8
loesche:
C:\messanger.ini cws.yexe L2mfix--> kopiere hier das Log von Option 1 http://virus-protect.org/l2mfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.01.2006, 21:58
...neu hier
Themenstarter Beiträge: 9 |
#9
L2MFIX find log 010406
These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Group Policy] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\ir22l5fo1.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{63996F04-BBAB-6D07-768D-ABAF9DB01B28}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschaftenseite fr vorherige Versionen" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorherige Versionen" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{7F4AE98E-2F18-4B9C-A29F-701E7ABF3519}"="" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{7E2D5B5D-8252-4392-A4B4-DF81E6943BDF}"="" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{122D3A91-C9BD-4CE7-B772-0B03E76C522D}"="" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{7F4AE98E-2F18-4B9C-A29F-701E7ABF3519}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{7F4AE98E-2F18-4B9C-A29F-701E7ABF3519}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{7F4AE98E-2F18-4B9C-A29F-701E7ABF3519}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{7F4AE98E-2F18-4B9C-A29F-701E7ABF3519}\InprocServer32] @="C:\\WINDOWS\\system32\\sesbkup.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{7E2D5B5D-8252-4392-A4B4-DF81E6943BDF}] @="" [HKEY_CLASSES_ROOT\CLSID\{7E2D5B5D-8252-4392-A4B4-DF81E6943BDF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{7E2D5B5D-8252-4392-A4B4-DF81E6943BDF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{7E2D5B5D-8252-4392-A4B4-DF81E6943BDF}\InprocServer32] @="C:\\WINDOWS\\system32\\kqduk.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{122D3A91-C9BD-4CE7-B772-0B03E76C522D}] @="" [HKEY_CLASSES_ROOT\CLSID\{122D3A91-C9BD-4CE7-B772-0B03E76C522D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{122D3A91-C9BD-4CE7-B772-0B03E76C522D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{122D3A91-C9BD-4CE7-B772-0B03E76C522D}\InprocServer32] @="C:\\WINDOWS\\system32\\iyetcplc.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ browseui.dll Thu 24 Nov 2005 0:58:28 A.... 1.022.464 998,50 K danim.dll Sat 5 Nov 2005 4:16:24 A.... 1.056.256 1,00 M gdi32.dll Thu 29 Dec 2005 3:54:38 A.... 280.064 273,50 K mshtml.dll Thu 24 Nov 2005 0:58:28 A.... 3.013.632 2,87 M shdocvw.dll Thu 1 Dec 2005 4:31:06 A.... 1.492.480 1,42 M urlmon.dll Sat 5 Nov 2005 4:16:28 A.... 606.208 592,00 K 6 items found: 6 files, 0 directories. Total of file sizes: 7.471.104 bytes 7,13 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D482-698B Verzeichnis von C:\WINDOWS\System32 28.01.2006 13:40 <DIR> dllcache 25.01.2006 19:52 <DIR> Microsoft 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 11.607.703.552 Bytes frei |
|
|
||
01.02.2006, 00:25
Ehrenmitglied
Beiträge: 29434 |
#10
Darkwarrior
nun arbeite Option 2 ab und poste nach neustart und scan den Scanreport + Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.02.2006, 13:56
...neu hier
Themenstarter Beiträge: 9 |
#11
L2mfix 010406
Creating Account. Der Befehl wurde erfolgreich ausgefhrt. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 640 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 728 'winlogon.exe' Killing PID 728 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 584 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1040 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administratoren ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Group Policy] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\ir22l5fo1.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{7F4AE98E-2F18-4B9C-A29F-701E7ABF3519}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{7F4AE98E-2F18-4B9C-A29F-701E7ABF3519}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{7F4AE98E-2F18-4B9C-A29F-701E7ABF3519}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{7F4AE98E-2F18-4B9C-A29F-701E7ABF3519}\InprocServer32] @="C:\\WINDOWS\\system32\\sesbkup.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{7E2D5B5D-8252-4392-A4B4-DF81E6943BDF}] @="" [HKEY_CLASSES_ROOT\CLSID\{7E2D5B5D-8252-4392-A4B4-DF81E6943BDF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{7E2D5B5D-8252-4392-A4B4-DF81E6943BDF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{7E2D5B5D-8252-4392-A4B4-DF81E6943BDF}\InprocServer32] @="C:\\WINDOWS\\system32\\kqduk.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{122D3A91-C9BD-4CE7-B772-0B03E76C522D}] @="" [HKEY_CLASSES_ROOT\CLSID\{122D3A91-C9BD-4CE7-B772-0B03E76C522D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{122D3A91-C9BD-4CE7-B772-0B03E76C522D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{122D3A91-C9BD-4CE7-B772-0B03E76C522D}\InprocServer32] @="C:\\WINDOWS\\system32\\iyetcplc.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{7F4AE98E-2F18-4B9C-A29F-701E7ABF3519}"=- "{7E2D5B5D-8252-4392-A4B4-DF81E6943BDF}"=- "{122D3A91-C9BD-4CE7-B772-0B03E76C522D}"=- [-HKEY_CLASSES_ROOT\CLSID\{7F4AE98E-2F18-4B9C-A29F-701E7ABF3519}] [-HKEY_CLASSES_ROOT\CLSID\{7E2D5B5D-8252-4392-A4B4-DF81E6943BDF}] [-HKEY_CLASSES_ROOT\CLSID\{122D3A91-C9BD-4CE7-B772-0B03E76C522D}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: zip warning: name not matched: dlls\*.* zip error: Nothing to do! (backup.zip) adding: backregs/122D3A91-C9BD-4CE7-B772-0B03E76C522D.reg (212 bytes security) (deflated 70%) adding: backregs/7E2D5B5D-8252-4392-A4B4-DF81E6943BDF.reg (212 bytes security) (deflated 70%) adding: backregs/7F4AE98E-2F18-4B9C-A29F-701E7ABF3519.reg (212 bytes security) (deflated 69%) adding: backregs/notibac.reg (188 bytes security) (deflated 87%) adding: backregs/shell.reg (188 bytes security) (deflated 73%) |
|
|
||
01.02.2006, 14:53
Ehrenmitglied
Beiträge: 29434 |
#12
Darkwarrior
scanne mit Spysweeper (trial) und poste den scanreport http://virus-protect.org/spysweeper.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.02.2006, 13:05
...neu hier
Themenstarter Beiträge: 9 |
#13
********
12:55: | Start of Session, Samstag, 4. Februar 2006 | 12:55: Spy Sweeper started 12:55: Sweep initiated using definitions version 611 12:55: Starting Memory Sweep 12:58: Memory Sweep Complete, Elapsed Time: 00:02:20 12:58: Starting Registry Sweep 12:58: Found Adware: dollarrevenue 12:58: HKLM\software\microsoft\drsmartload2\ (1 subtraces) (ID = 1134137) 12:58: Registry Sweep Complete, Elapsed Time:00:00:13 12:58: Starting Cookie Sweep 12:58: Found Spy Cookie: 2o7.net cookie 12:58: standard@2o7[1].txt (ID = 1957) 12:58: Found Spy Cookie: yieldmanager cookie 12:58: standard@ad.yieldmanager[1].txt (ID = 3751) 12:58: Found Spy Cookie: atwola cookie 12:58: standard@atwola[1].txt (ID = 2255) 12:58: Found Spy Cookie: belnk cookie 12:58: standard@belnk[1].txt (ID = 2292) 12:58: standard@dist.belnk[2].txt (ID = 2293) 12:58: Found Spy Cookie: realmedia cookie 12:58: standard@realmedia[2].txt (ID = 3235) 12:58: Found Spy Cookie: zedo cookie 12:58: standard@zedo[1].txt (ID = 3762) 12:58: Cookie Sweep Complete, Elapsed Time: 00:00:02 12:58: Starting File Sweep 13:02: Warning: Failed to open file "c:\dokumente und einstellungen\all users\anwendungsdaten\kaspersky anti-virus personal pro\5.0\reports\rptmngbak.i0000:kavichs". Zugriff verweigert 13:02: Warning: Failed to open file "c:\dokumente und einstellungen\all users\anwendungsdaten\kaspersky anti-virus personal pro\5.0\reports\rptmngbak.i0001:kavichs". Zugriff verweigert 13:02: Warning: Failed to open file "c:\dokumente und einstellungen\all users\anwendungsdaten\kaspersky anti-virus personal pro\5.0\reports\rptmngbak.i0100:kavichs". Zugriff verweigert 13:02: Warning: Failed to open file "c:\dokumente und einstellungen\all users\anwendungsdaten\kaspersky anti-virus personal pro\5.0\reports\rptmngbak.i0101:kavichs". Zugriff verweigert 13:02: Warning: Failed to open file "c:\dokumente und einstellungen\all users\anwendungsdaten\kaspersky anti-virus personal pro\5.0\reports\rptmngbak.i0200:kavichs". Zugriff verweigert 13:02: Warning: Failed to open file "c:\dokumente und einstellungen\all users\anwendungsdaten\kaspersky anti-virus personal pro\5.0\reports\rptmngbak.i0201:kavichs". Zugriff verweigert 13:02: Warning: Failed to open file "c:\dokumente und einstellungen\all users\anwendungsdaten\kaspersky anti-virus personal pro\5.0\reports\rptmngbak.reph:kavichs". Zugriff verweigert 13:02: Warning: Failed to open file "c:\dokumente und einstellungen\all users\anwendungsdaten\kaspersky anti-virus personal pro\5.0\reports\rptmngbak.repi:kavichs". Zugriff verweigert 13:02: Warning: Failed to open file "c:\dokumente und einstellungen\all users\anwendungsdaten\kaspersky anti-virus personal pro\5.0\reports\rptmngbak.rept:kavichs". Zugriff verweigert 13:02: Warning: Failed to open file "c:\dokumente und einstellungen\all users\anwendungsdaten\kaspersky anti-virus personal pro\5.0\sfdb.dat:kavichs". Zugriff verweigert 13:02: Warning: Failed to open file "c:\dokumente und einstellungen\standard\lokale einstellungen\anwendungsdaten\mozilla\firefox\profiles\090kiod8.default\cache\bf318600d01:kavichs". Zugriff verweigert 13:02: Warning: Failed to open file "c:\dokumente und einstellungen\standard\lokale einstellungen\temp\acr22.tmp:kavichs". Zugriff verweigert 13:03: File Sweep Complete, Elapsed Time: 00:04:56 13:03: Full Sweep has completed. Elapsed time 00:07:35 13:03: Traces Found: 9 13:05: Removal process initiated 13:05: Quarantining All Traces: dollarrevenue 13:05: Quarantining All Traces: 2o7.net cookie 13:05: Quarantining All Traces: atwola cookie 13:05: Quarantining All Traces: belnk cookie 13:05: Quarantining All Traces: realmedia cookie 13:05: Quarantining All Traces: yieldmanager cookie 13:05: Quarantining All Traces: zedo cookie 13:05: Removal process completed. Elapsed time 00:00:03 ******** 12:54: | Start of Session, Samstag, 4. Februar 2006 | 12:54: Spy Sweeper started 12:55: Your spyware definitions have been updated. 12:55: | End of Session, Samstag, 4. Februar 2006 | |
|
|
||
04.02.2006, 15:22
Ehrenmitglied
Beiträge: 29434 |
#14
Darkwarrior
* Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. http://virus-protect.org/systemwiederherstellung.html (nach der Reinigung wiederaktivieren) * suche: C:\!KillBox und loesche alle dort befindlichen Dateien manuell * scanne mit panda und kopiere den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.02.2006, 17:10
...neu hier
Themenstarter Beiträge: 9 |
#15
Incident Status Location
Spyware:Cookie/2o7.net Not disinfected C:\Dokumente und Einstellungen\Standard\Cookies\standard@2o7[2].txt Spyware:Cookie/Zedo Not disinfected C:\Dokumente und Einstellungen\Standard\Cookies\standard@zedo[1].txt Spyware:Cookie/fe.lea.lycos Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[fe.lea.lycos.de/] Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[as1.falkag.de/] Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.adtech.de/] Spyware:Cookie/Doubleclick Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Tradedoubler Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Bfast Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.bfast.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.atdmt.com/] Spyware:Cookie/YieldManager Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/WinFixer Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.winfixer.com/] Spyware:Cookie/Zedo Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.zedo.com/] Spyware:Cookie/Reliablestats Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[stats1.reliablestats.com/] Spyware:Cookie/onestat.com Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/Rn11 Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[.rn11.com/] Spyware:Cookie/fe.lea.lycos Not disinfected C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\cookies.txt[] Spyware:Cookie/2o7.net Not disinfected C:\Dokumente und Einstellungen\Standard\Cookies\standard@2o7[2].txt Spyware:Cookie/Zedo Not disinfected C:\Dokumente und Einstellungen\Standard\Cookies\standard@zedo[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Standard\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\090kiod8.default\Cache\C16DFCFBd01[Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Downloads\l2mfix.exe[Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\l2mfix\l2mfix\Process.exe |
|
|
||
ich habe das Problem das ich mir direkt nach dem Formatieren Viren und/oder Trojaner und Spamm Software eingefangen haben...
Nun hab ich gedacht das bekommt man einfach wieder weg und habe mal Antivir, Kaspersky, Spybot, Counterspy und AdAware durchlaufen lassen. Die Spammsoftware ist verschwunden nur macht mir das mit den Popups zu schaffen und ich kann meinen Windows Hintergrund nicht mehr verändern .. also habe ich gegoogelt und bin auf dieses Board gestoßen. Da habe ich auch gleich ein paar Beiträge gefunden zu diesem Thema aber irgendwie bin ich da auch nicht schlauer drauß geworden -.- ...
naja nun wollte ich mal Fragen ob mir hier irgendjemand helfen kann ...
hab mal dieses Log wie es im Beitrag steht hijackthis erstellt
Logfile of HijackThis v1.99.1
Scan saved at 14:05:31, on 26.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOKUME~1\Standard\LOKALE~1\Temp\Rar$EX00.375\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
F3 - REG:win.ini: run=C:\WINDOWS\inet20010\services.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\t28u0cl9efq.dll
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
zudem habe ich einige Screenshots meiner Probleme angehängt in einer .zip Datei
danke schon mal für eure Hilfe
Darkwarrior