Wie kriege ich den Winfixer weg? |
||
---|---|---|
#0
| ||
30.01.2006, 16:22
...neu hier
Beiträge: 10 |
#1
Ich habe Probleme mit dem Winfixer. Ich hoffe, ihr könnt mir helfen. Herzlichen Dank im Voraus Rolf
|
|
|
||
30.01.2006, 19:48
Ehrenmitglied
Beiträge: 29434 |
#2
Hi karolf
Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.02.2006, 14:55
...neu hier
Themenstarter Beiträge: 10 |
#3
Hallöchen, hier die gewünschten Infos aus der Log-Datei. Ich hoffe ich habe alles was benötigt wird kopiert und eingefügt.
Logfile of HijackThis v1.99.1 Scan saved at 14:50:26, on 01.02.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Dokumente und Einstellungen\Rolf\Desktop\hijackthis\HijackThis.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\System32\yayyy.dll O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\pmnlm.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ccleaner] "C:\Programme\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [Zonelap] C:\\Programme\\Zone Labs\\ZoneAlarm\\zonealarm.exe O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\l4r00e9meh.dll O20 - Winlogon Notify: pmnlm - C:\WINDOWS\SYSTEM32\pmnlm.dll O20 - Winlogon Notify: yayyy - C:\WINDOWS\System32\yayyy.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Windows Disk Check (dskcheck) - Unknown owner - C:\WINDOWS\system32\dskcheck.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
||
01.02.2006, 17:09
Ehrenmitglied
Beiträge: 29434 |
#4
karolf
nun...ein verseuchter PC ohne Windowsupdates...normalerweise verschwende ich auf so etwas keine Zeit.......... ..................................................................................................... stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html Download Registry Search by Bobbi Flekman http://www.bleepingcomputer.com/files/regsearch.php und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) Windows Disk Check in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.02.2006, 16:29
...neu hier
Themenstarter Beiträge: 10 |
#5
Zuerst einmal möchte ich dir dennoch für deine Mühen danken. Ich habe von PC absolut Null Ahnung. Der wurde mir eingerichtet und das war es dann auch gewesen. Daher weiss ich auchnicht warum sich bei mir immer wieder von alleine Internetseiten öffnen. Hab nur von Bekannten gehört das ich einen Trojaner habe und der nennt sich WinFixer.
Hier nun zu den gewünschten Daten. datFind.bat hat folgendes ausgeworfen : 02.02.2006 16:06 406.175 yyyay.ini 02.02.2006 15:51 233.978 guard.tmp 02.02.2006 15:39 35.859 vsconfig.xml 02.02.2006 15:37 233.978 cnosys.dll 02.02.2006 15:37 234.192 f4j20e1oeh.dll 02.02.2006 15:37 2.184 wpa.dbl 01.02.2006 14:48 236.125 mowsock.dll 01.02.2006 14:48 233.978 en64l1jq1.dll 01.02.2006 14:39 4.212 zllictbl.dat 01.02.2006 14:38 236.125 clmmdlg.dll 01.02.2006 14:38 234.174 p2n8lc5u1f.dll 31.01.2006 19:15 405.687 yyyay.bak2 30.01.2006 17:51 235.825 ijfgnt5.dll 29.01.2006 21:28 237.077 l22slcf71f2.dll 29.01.2006 21:14 237.077 jnsd400.dll 29.01.2006 21:02 237.077 mmobjs.dll 29.01.2006 20:53 237.077 bgowsewm.dll 29.01.2006 20:53 234.058 en26l1fs1.dll 29.01.2006 16:10 237.077 insecsnp.dll 29.01.2006 14:24 311.604 perfh009.dat 29.01.2006 14:24 39.992 perfc009.dat 29.01.2006 14:24 316.594 perfh007.dat 29.01.2006 14:24 48.156 perfc007.dat 29.01.2006 14:24 721.390 PerfStringBackup.INI 29.01.2006 13:58 97 mcrh.tmp 29.01.2006 13:37 0 atmtd.dll.tmp 29.01.2006 13:36 234.691 mwhcp.dll 29.01.2006 13:03 235.756 bjowser.dll 29.01.2006 12:36 233.425 skfolder.dll 29.01.2006 10:41 234.721 EPFBCHAEE.DLL 29.01.2006 10:06 237.314 mdvcp50.dll 28.01.2006 19:41 233.996 zhpfldr.dll 28.01.2006 18:25 237.314 stbiop.dll 28.01.2006 17:38 236.768 dDdxof.dll 28.01.2006 17:28 237.314 mhvcp50.dll 27.01.2006 18:36 235.552 cbwmdm.dll 27.01.2006 18:18 154 AdService.bat 27.01.2006 18:18 16.896 AdService.dll 27.01.2006 18:18 234.272 dlrpsetu.dll 27.01.2006 18:17 35.853 jkkif.dll 27.01.2006 18:15 237.314 rIsppp.dll 27.01.2006 17:47 234.272 dsskperf.dll 27.01.2006 17:46 16.896 winhfp32.dll 27.01.2006 17:46 35.853 ljjjk.dll 27.01.2006 17:41 234.506 ihaksie.dll 27.01.2006 17:38 237.314 sqorage.dll 27.01.2006 17:36 234.506 muc42loc.dll 27.01.2006 16:09 35.853 khhed.dll 27.01.2006 16:07 235.758 dergres.dll 26.01.2006 15:41 234.272 mrw3prt.dll 26.01.2006 15:28 35.853 rqrsr.dll 26.01.2006 15:25 234.272 cwl3d32.dll 25.01.2006 19:26 235.928 hr6q05j5e.dll 25.01.2006 19:20 35.853 vtust.dll 25.01.2006 19:16 235.928 saorage.dll 25.01.2006 19:07 35.853 oppqo.dll 25.01.2006 19:07 1.037 info.txt 25.01.2006 19:00 234.272 dzgest.dll 25.01.2006 15:23 35.853 awtts.dll 24.01.2006 18:47 35.853 mllif.dll 18.01.2006 13:05 57.344 avsda.dll 14.01.2006 17:32 35.853 khfdc.dll 12.01.2006 17:51 35.853 pmnlm.dll 09.01.2006 16:18 215.420 yyyay.bak1 09.01.2006 16:17 565.300 yayyy.dll 08.01.2006 17:07 35.853 ursqp.dll 08.01.2006 17:05 94.272 FNTCACHE.DAT 08.01.2006 14:44 3.069 jupdate-1.5.0_02-b09.log 08.01.2006 14:41 35.853 efcba.dll 08.01.2006 14:33 0 REN5.tmp 08.01.2006 14:33 0 REN6.tmp 04.01.2006 18:03 7.006 jupdate-1.5.0_06-b05.log 19.12.2005 17:51 3.157 jupdate-1.4.2_03-b02.log 19.12.2005 17:05 0 eraseme_60420.exe 19.12.2005 17:05 72 i 19.12.2005 17:05 63 download.dat 19.12.2005 17:03 150.016 ExtraUpdate.exe 19.12.2005 17:02 0 TFTP2456 18.12.2005 16:36 25.065 wmpscheme.xml 18.12.2005 16:27 261 $winnt$.inf 18.12.2005 16:24 2.951 CONFIG.NT 18.12.2005 16:24 16.832 amcompat.tlb 18.12.2005 16:24 23.392 nscompat.tlb 18.12.2005 16:23 488 WindowsLogon.manifest 18.12.2005 16:23 488 logonui.exe.manifest 18.12.2005 16:23 749 wuaucpl.cpl.manifest 18.12.2005 16:23 749 cdplayer.exe.manifest 18.12.2005 16:23 749 nwc.cpl.manifest 18.12.2005 16:23 749 ncpa.cpl.manifest 18.12.2005 16:23 749 sapi.cpl.manifest 18.12.2005 16:21 21.740 emptyregdb.dat 18.12.2005 16:19 0 h323log.txt 15.11.2005 00:51 71.440 zlcommdb.dll 15.11.2005 00:51 79.624 zlcomm.dll 15.11.2005 00:51 100.104 vsxml.dll 15.11.2005 00:51 382.728 vsutil.dll 15.11.2005 00:51 71.440 vsregexp.dll 15.11.2005 00:50 227.088 vspubapi.dll 15.11.2005 00:50 104.208 vsmonapi.dll 15.11.2005 00:50 141.064 vsinit.dll 15.11.2005 00:50 372.816 vsdatant.sys 15.11.2005 00:50 83.720 vsdata.dll und Registry Search warf folgendes aus : REGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 02.02.2006 16:18:12 for strings: ; 'windows disk check' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DSKCHECK\0000] "DeviceDesc"="Windows Disk Check" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dskcheck] "DisplayName"="Windows Disk Check" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DSKCHECK\0000] "DeviceDesc"="Windows Disk Check" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dskcheck] "DisplayName"="Windows Disk Check" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DSKCHECK\0000] "DeviceDesc"="Windows Disk Check" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dskcheck] "DisplayName"="Windows Disk Check" ; End Of The Log... Danke dir nochmals für deine Hilfe und Bemühungen. MfG karolf |
|
|
||
03.02.2006, 00:36
Ehrenmitglied
Beiträge: 29434 |
#6
leider hast du nicht die 4 Textdateien gepostet...sondern nur die erste...
Zitat C:\WINDOWS\System32\guard.tmpposte noch die anderen drei bitte Verzeichnis von C:\WINDOWS\system32 Verzeichnis von C:\DOKUME~1\Username\LOKALE~1\Temp Verzeichnis von C:\WINDOWS Verzeichnis von C:\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
03.02.2006, 13:20
...neu hier
Themenstarter Beiträge: 10 |
#7
Entschuldige bitte, hatte einen Fehler bei der Anwendung gemacht.Hier nun noch mal die 4 Dateien :
Verzeichnis von C:\WINDOWS\system32: 03.02.2006 13:14 406.583 yyyay.ini 03.02.2006 13:01 35.859 vsconfig.xml 03.02.2006 12:58 233.978 mtc42loc.dll 03.02.2006 12:58 234.538 n06q0aj5edo.dll 02.02.2006 15:51 233.978 e4200efmeh2a0.dll 02.02.2006 15:37 234.192 f4j20e1oeh.dll 02.02.2006 15:37 2.184 wpa.dbl 01.02.2006 14:48 236.125 mowsock.dll 01.02.2006 14:39 4.212 zllictbl.dat 01.02.2006 14:38 236.125 clmmdlg.dll 01.02.2006 14:38 234.174 p2n8lc5u1f.dll 31.01.2006 19:15 405.687 yyyay.bak2 30.01.2006 17:51 235.825 ijfgnt5.dll 29.01.2006 21:28 237.077 l22slcf71f2.dll 29.01.2006 21:14 237.077 jnsd400.dll 29.01.2006 21:02 237.077 mmobjs.dll 29.01.2006 20:53 237.077 bgowsewm.dll 29.01.2006 20:53 234.058 en26l1fs1.dll 29.01.2006 16:10 237.077 insecsnp.dll 29.01.2006 14:24 311.604 perfh009.dat 29.01.2006 14:24 39.992 perfc009.dat 29.01.2006 14:24 316.594 perfh007.dat 29.01.2006 14:24 48.156 perfc007.dat 29.01.2006 14:24 721.390 PerfStringBackup.INI 29.01.2006 13:58 97 mcrh.tmp 29.01.2006 13:37 0 atmtd.dll.tmp 29.01.2006 13:36 234.691 mwhcp.dll 29.01.2006 13:03 235.756 bjowser.dll 29.01.2006 12:36 233.425 skfolder.dll 29.01.2006 10:41 234.721 EPFBCHAEE.DLL 29.01.2006 10:06 237.314 mdvcp50.dll 28.01.2006 19:41 233.996 zhpfldr.dll 28.01.2006 18:25 237.314 stbiop.dll 28.01.2006 17:38 236.768 dDdxof.dll 28.01.2006 17:28 237.314 mhvcp50.dll 27.01.2006 18:36 235.552 cbwmdm.dll 27.01.2006 18:18 154 AdService.bat 27.01.2006 18:18 16.896 AdService.dll 27.01.2006 18:18 234.272 dlrpsetu.dll 27.01.2006 18:17 35.853 jkkif.dll 27.01.2006 18:15 237.314 rIsppp.dll 27.01.2006 17:47 234.272 dsskperf.dll 27.01.2006 17:46 16.896 winhfp32.dll 27.01.2006 17:46 35.853 ljjjk.dll 27.01.2006 17:41 234.506 ihaksie.dll 27.01.2006 17:38 237.314 sqorage.dll 27.01.2006 17:36 234.506 muc42loc.dll 27.01.2006 16:09 35.853 khhed.dll 27.01.2006 16:07 235.758 dergres.dll 26.01.2006 15:41 234.272 mrw3prt.dll 26.01.2006 15:28 35.853 rqrsr.dll 26.01.2006 15:25 234.272 cwl3d32.dll 25.01.2006 19:26 235.928 hr6q05j5e.dll 25.01.2006 19:20 35.853 vtust.dll 25.01.2006 19:16 235.928 saorage.dll 25.01.2006 19:07 35.853 oppqo.dll 25.01.2006 19:07 1.037 info.txt 25.01.2006 19:00 234.272 dzgest.dll 25.01.2006 15:23 35.853 awtts.dll 24.01.2006 18:47 35.853 mllif.dll 18.01.2006 13:05 57.344 avsda.dll 14.01.2006 17:32 35.853 khfdc.dll 12.01.2006 17:51 35.853 pmnlm.dll 09.01.2006 16:18 215.420 yyyay.bak1 09.01.2006 16:17 565.300 yayyy.dll 08.01.2006 17:07 35.853 ursqp.dll 08.01.2006 17:05 94.272 FNTCACHE.DAT 08.01.2006 14:44 3.069 jupdate-1.5.0_02-b09.log 08.01.2006 14:41 35.853 efcba.dll 08.01.2006 14:33 0 REN5.tmp 08.01.2006 14:33 0 REN6.tmp 04.01.2006 18:03 7.006 jupdate-1.5.0_06-b05.log 19.12.2005 17:51 3.157 jupdate-1.4.2_03-b02.log 19.12.2005 17:05 0 eraseme_60420.exe 19.12.2005 17:05 72 i 19.12.2005 17:05 63 download.dat 19.12.2005 17:03 150.016 ExtraUpdate.exe 19.12.2005 17:02 0 TFTP2456 18.12.2005 16:36 25.065 wmpscheme.xml 18.12.2005 16:27 261 $winnt$.inf 18.12.2005 16:24 2.951 CONFIG.NT 18.12.2005 16:24 16.832 amcompat.tlb 18.12.2005 16:24 23.392 nscompat.tlb 18.12.2005 16:23 488 WindowsLogon.manifest 18.12.2005 16:23 488 logonui.exe.manifest 18.12.2005 16:23 749 wuaucpl.cpl.manifest 18.12.2005 16:23 749 cdplayer.exe.manifest 18.12.2005 16:23 749 nwc.cpl.manifest 18.12.2005 16:23 749 ncpa.cpl.manifest 18.12.2005 16:23 749 sapi.cpl.manifest 18.12.2005 16:21 21.740 emptyregdb.dat 18.12.2005 16:19 0 h323log.txt 15.11.2005 00:51 71.440 zlcommdb.dll 15.11.2005 00:51 79.624 zlcomm.dll 15.11.2005 00:51 100.104 vsxml.dll 15.11.2005 00:51 382.728 vsutil.dll 15.11.2005 00:51 71.440 vsregexp.dll 15.11.2005 00:50 227.088 vspubapi.dll 15.11.2005 00:50 104.208 vsmonapi.dll 15.11.2005 00:50 141.064 vsinit.dll 15.11.2005 00:50 372.816 vsdatant.sys 15.11.2005 00:50 83.720 vsdata.dll Die nächste Anzeige sah so aus : Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: FC23-2040 Verzeichnis von C:\DOKUME~1\Rolf\LOKALE~1\Temp mehr kam nicht. Verzeichnis von C:\WINDOWS 03.02.2006 13:00 157 wiadebug.log 03.02.2006 12:59 50 wiaservc.log 03.02.2006 12:58 2.048 bootstat.dat 30.01.2006 16:20 50.912 iconu.exe 30.01.2006 16:14 42.736 icont.exe 29.01.2006 14:20 3.406 mozver.dat 29.01.2006 14:18 107.132 UninstallFirefox.exe 27.01.2006 17:37 2.560 _MSRSTRT.EXE 27.01.2006 16:24 116 NeroDigital.ini 25.01.2006 15:24 780 hosts 25.01.2006 15:23 37.592 country.exe 25.01.2006 15:23 0 uniq 24.01.2006 18:48 43 drsmartload2.dat 15.01.2006 18:33 151 PhotoSnapViewer.INI 08.01.2006 14:15 0 nsreg.dat 19.12.2005 16:32 31 EPSMTL32.TXT 19.12.2005 16:31 25 CDE DX4200EFGIPSD.ini 18.12.2005 18:38 572 win.ini 18.12.2005 16:28 8.192 REGLOCS.OLD 18.12.2005 16:24 0 control.ini 18.12.2005 16:24 299.552 WMSysPrx.prx 18.12.2005 16:24 4.161 ODBCINST.INI 18.12.2005 16:23 749 WindowsShell.Manifest 18.12.2005 16:21 36 vb.ini 18.12.2005 16:21 37 vbaddin.ini 18.12.2005 16:14 0 Sti_Trace.log 18.12.2005 16:12 231 system.ini 18.08.2001 13:00 15.872 TASKMAN.EXE 18.08.2001 13:00 46.592 twain_32.dll 18.08.2001 13:00 49.680 twunk_16.exe 18.08.2001 13:00 25.600 twunk_32.exe 18.08.2001 13:00 141.312 regedit.exe 18.08.2001 13:00 67.072 NOTEPAD.EXE 18.08.2001 13:00 1.405 msdfmap.ini 18.08.2001 13:00 2 desktop.ini 18.08.2001 13:00 18.944 vmmreg32.dll 18.08.2001 13:00 82.944 clock.avi 18.08.2001 13:00 707 _default.pif 18.08.2001 13:00 26.647 hh.exe 18.08.2001 13:00 80 explorer.scf 18.08.2001 13:00 257.568 winhelp.exe 18.08.2001 13:00 271.872 winhlp32.exe 18.08.2001 13:00 48.680 winnt.bmp 18.08.2001 13:00 48.680 winnt256.bmp 18.08.2001 13:00 34.818 wmprfDEU.prx 18.08.2001 13:00 94.800 twain.dll 18.08.2001 13:00 1.004.032 explorer.exe 17.11.1998 12:44 328.704 IsUn0407.exe 48 Datei(en) 3.127.280 Bytes 0 Verzeichnis(se), 17.458.548.736 Bytes frei Verzeichnis von C:\ 03.02.2006 13:19 0 sys.txt 03.02.2006 13:18 2.599 system.txt 03.02.2006 13:15 132 systemtemp.txt 03.02.2006 13:15 95.572 system32.txt 03.02.2006 12:58 402.653.184 pagefile.sys 18.12.2005 16:24 0 AUTOEXEC.BAT 18.12.2005 16:24 0 CONFIG.SYS 18.12.2005 16:24 0 IO.SYS 18.12.2005 16:24 0 MSDOS.SYS 18.12.2005 16:19 194 boot.ini 18.08.2001 13:00 4.952 bootfont.bin 18.08.2001 13:00 45.124 NTDETECT.COM 18.08.2001 13:00 224.032 ntldr 13 Datei(en) 403.025.789 Bytes 0 Verzeichnis(se), 17.458.548.736 Bytes frei Ich hoffe das ich nun alles beisammen habe MfG Karolf |
|
|
||
03.02.2006, 14:57
Ehrenmitglied
Beiträge: 29434 |
#8
wende das an
http://virus-protect.org/artikel/tools/vundofixx.html KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: C:\WINDOWS\iconu.exe C:\WINDOWS\icont.exe C:\WINDOWS\hosts C:\WINDOWS\country.exe C:\WINDOWS\uniq C:\WINDOWS\drsmartload2.dat C:\WINDOWS\System32\guard.tmp C:\WINDOWS\System32\cnosys.dll C:\WINDOWS\System32\f4j20e1oeh.dll C:\WINDOWS\System32\mowsock.dll C:\WINDOWS\System32\en64l1jq1.dll C:\WINDOWS\System32\clmmdlg.dll C:\WINDOWS\System32\p2n8lc5u1f.dll C:\WINDOWS\System32\ijfgnt5.dll C:\WINDOWS\System32\l22slcf71f2.dll C:\WINDOWS\System32\jnsd400.dll C:\WINDOWS\System32\mmobjs.dll C:\WINDOWS\System32\bgowsewm.dll C:\WINDOWS\System32\en26l1fs1.dll C:\WINDOWS\System32\insecsnp.dll C:\WINDOWS\System32\mcrh.tmp C:\WINDOWS\System32\atmtd.dll.tmp C:\WINDOWS\System32\mwhcp.dll C:\WINDOWS\System32\bjowser.dll C:\WINDOWS\System32\skfolder.dll C:\WINDOWS\System32\EPFBCHAEE.DLL C:\WINDOWS\System32\mdvcp50.dll C:\WINDOWS\System32\zhpfldr.dll C:\WINDOWS\System32\stbiop.dll C:\WINDOWS\System32\dDdxof.dll C:\WINDOWS\System32\mhvcp50.dll C:\WINDOWS\System32\cbwmdm.dll C:\WINDOWS\System32\AdService.bat C:\WINDOWS\System32\AdService.dll C:\WINDOWS\System32\dlrpsetu.dll C:\WINDOWS\System32\jkkif.dll C:\WINDOWS\System32\rIsppp.dll C:\WINDOWS\System32\dsskperf.dll C:\WINDOWS\System32\winhfp32.dll C:\WINDOWS\System32\ljjjk.dll C:\WINDOWS\System32\ihaksie.dll C:\WINDOWS\System32\sqorage.dll C:\WINDOWS\System32\muc42loc.dll C:\WINDOWS\System32\khhed.dll C:\WINDOWS\System32\dergres.dll C:\WINDOWS\System32\mrw3prt.dll C:\WINDOWS\System32\rqrsr.dll C:\WINDOWS\System32\cwl3d32.dll C:\WINDOWS\System32\hr6q05j5e.dll C:\WINDOWS\System32\vtust.dll C:\WINDOWS\System32\saorage.dll C:\WINDOWS\System32\oppqo.dll C:\WINDOWS\System32\info.txt C:\WINDOWS\System32\dzgest.dll C:\WINDOWS\System32\awtts.dll C:\WINDOWS\System32\mllif.dll C:\WINDOWS\System32\avsda.dll C:\WINDOWS\System32\khfdc.dll C:\WINDOWS\System32\pmnlm.dll C:\WINDOWS\System32\ursqp.dll C:\WINDOWS\System32\efcba.dll C:\WINDOWS\System32\REN5.tmp C:\WINDOWS\System32\REN6.tmp C:\WINDOWS\System32\eraseme_60420.exe C:\WINDOWS\System32\i C:\WINDOWS\System32\download.dat C:\WINDOWS\System32\ExtraUpdate.exe C:\WINDOWS\System32\TFTP2456 pC neustarten nach dem Neustart suche: C:\!KillBox und loesche alle dort befindlichen Dateien manuell Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. L2mfix--> wende Option 2 an, und nach neustart und scan...poste den scanreport http://virus-protect.org/l2mfix.html Download Registry Search by Bobbi Flekman http://www.bleepingcomputer.com/files/regsearch.php und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) Windows Disk Check in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.02.2006, 13:03
...neu hier
Themenstarter Beiträge: 10 |
#9
hi, folgendes Log hat sich ergeben nach ausführen der Anweisungen :
L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlm] "Asynchronous"=dword:00000001 "DllName"="pmnlm.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\en60l1jm1.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyy] "Asynchronous"=dword:00000001 "DllName"="C:\\WINDOWS\\System32\\yayyy.dll" "Impersonate"=dword:00000000 "Startup"="SysLogon" "Logoff"="SysLogoff" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{29503AF9-6E4D-0972-3248-A94EB43ED8CB}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Eigenschaftenseitenerweiterung des automatischen Updates" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler" "{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler" "{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" "{CBA0AD09-7761-4156-8225-06AF90FDCFFE}"="" "{C87C2245-D1E6-4CB8-96EB-96BB4BC1B352}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CBA0AD09-7761-4156-8225-06AF90FDCFFE}] @="" [HKEY_CLASSES_ROOT\CLSID\{CBA0AD09-7761-4156-8225-06AF90FDCFFE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CBA0AD09-7761-4156-8225-06AF90FDCFFE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CBA0AD09-7761-4156-8225-06AF90FDCFFE}\InprocServer32] @="C:\\WINDOWS\\system32\\ezpsrv.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C87C2245-D1E6-4CB8-96EB-96BB4BC1B352}] @="" [HKEY_CLASSES_ROOT\CLSID\{C87C2245-D1E6-4CB8-96EB-96BB4BC1B352}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C87C2245-D1E6-4CB8-96EB-96BB4BC1B352}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C87C2245-D1E6-4CB8-96EB-96BB4BC1B352}\InprocServer32] @="C:\\WINDOWS\\system32\\kfdhe.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ adserv~1.dll Fri 27 Jan 2006 18:18:36 ..... 16.896 16,50 K avsda.dll Wed 18 Jan 2006 13:05:54 ..... 57.344 56,00 K awtts.dll Wed 25 Jan 2006 15:23:40 ..... 35.853 35,01 K bgowsewm.dll Sun 29 Jan 2006 20:53:40 ..... 237.077 231,52 K bjowser.dll Sun 29 Jan 2006 13:03:04 ..... 235.756 230,23 K cbwmdm.dll Fri 27 Jan 2006 18:36:28 ..... 235.552 230,03 K clmmdlg.dll Wed 1 Feb 2006 14:38:52 ..... 236.125 230,59 K cwl3d32.dll Thu 26 Jan 2006 15:25:58 ..... 234.272 228,78 K d40m0e~1.dll Fri 3 Feb 2006 13:33:54 ..S.R 233.978 228,49 K dddxof.dll Sat 28 Jan 2006 17:38:24 ..... 236.768 231,22 K dergres.dll Fri 27 Jan 2006 16:07:08 ..... 235.758 230,23 K dlrpsetu.dll Fri 27 Jan 2006 18:18:20 ..... 234.272 228,78 K dsskperf.dll Fri 27 Jan 2006 17:47:04 ..... 234.272 228,78 K dzgest.dll Wed 25 Jan 2006 19:00:06 ..... 234.272 228,78 K en26l1~1.dll Sun 29 Jan 2006 20:53:40 ..... 234.058 228,57 K en60l1~1.dll Sat 4 Feb 2006 12:18:20 ..S.R 234.538 229,04 K enjol1~1.dll Sat 4 Feb 2006 12:39:02 ..S.R 234.538 229,04 K epfbch~1.dll Sun 29 Jan 2006 10:41:38 ..... 234.721 229,22 K ezpsrv.dll Sat 4 Feb 2006 12:39:48 ..S.R 234.538 229,04 K f4j20e~1.dll Thu 2 Feb 2006 15:37:38 ..... 234.192 228,70 K hr6q05~1.dll Wed 25 Jan 2006 19:26:52 ..... 235.928 230,40 K ihaksie.dll Fri 27 Jan 2006 17:41:34 ..... 234.506 229,01 K ijfgnt5.dll Mon 30 Jan 2006 17:51:32 ..... 235.825 230,30 K insecsnp.dll Sun 29 Jan 2006 16:10:44 ..... 237.077 231,52 K jkkif.dll Fri 27 Jan 2006 18:17:38 ..... 35.853 35,01 K jnsd400.dll Sun 29 Jan 2006 21:14:28 ..... 237.077 231,52 K kfdhe.dll Sat 4 Feb 2006 12:53:20 ..S.R 234.538 229,04 K khfdc.dll Sat 14 Jan 2006 17:32:48 ..... 35.853 35,01 K khhed.dll Fri 27 Jan 2006 16:09:30 ..... 35.853 35,01 K l22slc~1.dll Sun 29 Jan 2006 21:28:28 ..... 237.077 231,52 K ljjjk.dll Fri 27 Jan 2006 17:46:44 ..... 35.853 35,01 K m2julc~1.dll Sat 4 Feb 2006 12:53:20 ..S.R 236.450 230,91 K mdvcp50.dll Sun 29 Jan 2006 10:06:10 ..... 237.314 231,75 K mhvcp50.dll Sat 28 Jan 2006 17:28:32 ..... 237.314 231,75 K mllif.dll Tue 24 Jan 2006 18:47:38 ..... 35.853 35,01 K mmobjs.dll Sun 29 Jan 2006 21:02:56 ..... 237.077 231,52 K mowsock.dll Wed 1 Feb 2006 14:48:12 ..... 236.125 230,59 K mrw3prt.dll Thu 26 Jan 2006 15:41:20 ..... 234.272 228,78 K mtc42loc.dll Fri 3 Feb 2006 12:58:54 ..S.R 233.978 228,49 K muc42loc.dll Fri 27 Jan 2006 17:36:22 ..... 234.506 229,01 K mwhcp.dll Sun 29 Jan 2006 13:36:40 ..... 234.691 229,19 K oppqo.dll Wed 25 Jan 2006 19:07:56 ..... 35.853 35,01 K p2n8lc~1.dll Wed 1 Feb 2006 14:38:52 ..... 234.174 228,68 K pmnlm.dll Thu 12 Jan 2006 17:51:10 ..... 35.853 35,01 K prcsdk.dll Sat 4 Feb 2006 12:11:20 ..S.R 234.538 229,04 K risppp.dll Fri 27 Jan 2006 18:15:40 ..... 237.314 231,75 K rqrsr.dll Thu 26 Jan 2006 15:28:12 ..... 35.853 35,01 K saorage.dll Wed 25 Jan 2006 19:16:50 ..... 235.928 230,40 K skfolder.dll Sun 29 Jan 2006 12:36:30 ..... 233.425 227,95 K sqorage.dll Fri 27 Jan 2006 17:39:00 ..... 237.314 231,75 K stbiop.dll Sat 28 Jan 2006 18:25:40 ..... 237.314 231,75 K sxcur32.dll Sat 4 Feb 2006 11:59:12 ..S.R 234.538 229,04 K vsdata.dll Tue 15 Nov 2005 0:50:30 A.... 83.720 81,76 K vsinit.dll Tue 15 Nov 2005 0:50:42 A.... 141.064 137,76 K vsmonapi.dll Tue 15 Nov 2005 0:50:52 A.... 104.208 101,77 K vspubapi.dll Tue 15 Nov 2005 0:50:56 A.... 227.088 221,77 K vsregexp.dll Tue 15 Nov 2005 0:51:00 A.... 71.440 69,77 K vsutil.dll Tue 15 Nov 2005 0:51:12 A.... 382.728 373,76 K vsxml.dll Tue 15 Nov 2005 0:51:20 A.... 100.104 97,76 K vtust.dll Wed 25 Jan 2006 19:20:52 ..... 35.853 35,01 K winhfp32.dll Fri 27 Jan 2006 17:46:52 ..... 16.896 16,50 K yayyy.dll Mon 9 Jan 2006 16:17:44 ..... 565.300 552,05 K zhpfldr.dll Sat 28 Jan 2006 19:41:32 ..... 233.996 228,51 K zlcomm.dll Tue 15 Nov 2005 0:51:40 A.... 79.624 77,76 K zlcommdb.dll Tue 15 Nov 2005 0:51:44 A.... 71.440 69,77 K 65 items found: 65 files (9 H/S), 0 directories. Total of file sizes: 12.163.365 bytes 11,60 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ atmtdd~1.tmp Sun 29 Jan 2006 13:37:50 ..... 0 0,00 K mcrh.tmp Sun 29 Jan 2006 13:58:46 ..... 97 0,09 K 2 items found: 2 files, 0 directories. Total of file sizes: 97 bytes 0,09 K ********************************************************************************** Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: FC23-2040 Verzeichnis von C:\WINDOWS\System32 04.02.2006 12:56 407.767 yyyay.ini 04.02.2006 12:53 234.538 kfdhe.dll 04.02.2006 12:53 236.450 m2julc191f.dll 04.02.2006 12:39 234.538 ezpsrv.dll 04.02.2006 12:39 234.538 enjol1131.dll 04.02.2006 12:18 234.538 en60l1jm1.dll 04.02.2006 12:11 234.538 PRCSDK.dll 04.02.2006 11:59 234.538 sxcur32.dll 03.02.2006 13:33 233.978 d40m0ed1eh0.dll 03.02.2006 12:58 233.978 mtc42loc.dll 29.01.2006 14:25 <DIR> dllcache 18.12.2005 18:36 <DIR> Microsoft 10 Datei(en) 2.519.401 Bytes 2 Verzeichnis(se), 17.418.211.328 Bytes frei und das zweite Log : REGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 04.02.2006 13:01:51 for strings: ; 'windows disk check windows disk check windows disk check' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... |
|
|
||
04.02.2006, 17:08
Ehrenmitglied
Beiträge: 29434 |
#10
das war die Option 1 ---> du musst die Option 2 anwenden und mir nach neustart und scan den scanreport posten
wende das an (noch mal...und kopiere mir den scanreport hier) http://virus-protect.org/artikel/tools/vundofixx.html loesche mit der Killbox: C:\WINDOWS\SYSTEM32\atmtdd~1.tmp C:\WINDOWS\SYSTEM32\mcrh.tmp C:\WINDOWS\SYSTEM32\kfdhe.dll C:\WINDOWS\SYSTEM32\m2julc191f.dll C:\WINDOWS\SYSTEM32\ezpsrv.dll C:\WINDOWS\SYSTEM32\enjol1131.dll C:\WINDOWS\SYSTEM32\en60l1jm1.dll C:\WINDOWS\SYSTEM32\PRCSDK.dll C:\WINDOWS\SYSTEM32\sxcur32.dll C:\WINDOWS\SYSTEM32\d40m0ed1eh0.dll C:\WINDOWS\SYSTEM32\mtc42loc.dll C:\WINDOWS\SYSTEM32\winhfp32.dll C:\WINDOWS\SYSTEM32\mwhcp.dll scanne mit Spysweeper (trial) und kopiere ebenfalls den scanreport) http://virus-protect.org/spysweeper.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.02.2006, 16:37
...neu hier
Themenstarter Beiträge: 10 |
#11
ich weiss zwar nicht wovon option 1 und wovon option zwei, aber hier schon mal die scanreports von :
VundoFix V4.0 Listing files found while scanning.... C:\WINDOWS\System32\yayyy.dll C:\WINDOWS\System32\yyyay.ini C:\WINDOWS\System32\yyyay.bak1 C:\WINDOWS\System32\yyyay.bak2 C:\WINDOWS\system32\pmnlm.dll C:\WINDOWS\system32\yyyay.bak1 C:\WINDOWS\system32\yyyay.bak2 C:\WINDOWS\system32\yyyay.ini C:\WINDOWS\system32\yayyy.dll Attempting to delete C:\WINDOWS\System32\yayyy.dll C:\WINDOWS\System32\yayyy.dll Could not be deleted. Attempting to delete C:\WINDOWS\System32\yyyay.ini C:\WINDOWS\System32\yyyay.ini Has been deleted! Attempting to delete C:\WINDOWS\System32\yyyay.bak1 C:\WINDOWS\System32\yyyay.bak1 Has been deleted! Attempting to delete C:\WINDOWS\System32\yyyay.bak2 C:\WINDOWS\System32\yyyay.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnlm.dll C:\WINDOWS\system32\pmnlm.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yayyy.dll C:\WINDOWS\system32\yayyy.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V4.0 ******** 16:23: | Start of Session, Montag, 6. Februar 2006 | 16:23: Spy Sweeper started 16:23: Sweep initiated using definitions version 611 16:23: Found Trojan Horse: trojan-downloader-conhook 16:23: HKCR\clsid\{ea32fb3b-21c9-42cc-b8ef-01a9b28edb0d}\inprocserver32\ (2 subtraces) (ID = 1139035) 16:23: pmnlm.dll (ID = 1139035) 16:23: Starting Memory Sweep 16:25: Memory Sweep Complete, Elapsed Time: 00:01:15 16:25: Starting Registry Sweep 16:25: Found Adware: effective-i toolbar 16:25: HKU\.default\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}\ (1 subtraces) (ID = 125650) 16:25: Found Adware: virtumonde 16:25: HKCR\atldistrib.atldistrib\ (5 subtraces) (ID = 1030533) 16:25: HKCR\atldistrib.atldistrib\clsid\ (1 subtraces) (ID = 1030535) 16:25: HKCR\atldistrib.atldistrib\curver\ (1 subtraces) (ID = 1030537) 16:25: HKCR\atldistrib.atldistrib.1\ (3 subtraces) (ID = 1030539) 16:25: HKCR\atldistrib.atldistrib.1\clsid\ (1 subtraces) (ID = 1030541) 16:25: HKLM\software\classes\atldistrib.atldistrib\ (5 subtraces) (ID = 1030666) 16:25: HKLM\software\classes\atldistrib.atldistrib\clsid\ (1 subtraces) (ID = 1030668) 16:25: HKLM\software\classes\atldistrib.atldistrib\curver\ (1 subtraces) (ID = 1030670) 16:25: HKLM\software\classes\atldistrib.atldistrib.1\ (3 subtraces) (ID = 1030672) 16:25: HKLM\software\classes\atldistrib.atldistrib.1\clsid\ (1 subtraces) (ID = 1030674) 16:25: HKCR\clsid\{ea32fb3b-21c9-42cc-b8ef-01a9b28edb0d}\ (3 subtraces) (ID = 1124201) 16:25: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{ea32fb3b-21c9-42cc-b8ef-01a9b28edb0d}\ (ID = 1124227) 16:25: HKLM\software\classes\clsid\{ea32fb3b-21c9-42cc-b8ef-01a9b28edb0d}\ (3 subtraces) (ID = 1124238) 16:25: HKCR\clsid\{2353fcbc-012d-487b-8bf3-865c0929fbeb}\ (12 subtraces) (ID = 1124723) 16:25: HKLM\software\classes\clsid\{2353fcbc-012d-487b-8bf3-865c0929fbeb}\ (12 subtraces) (ID = 1124736) 16:25: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{2353fcbc-012d-487b-8bf3-865c0929fbeb}\ (ID = 1124749) 16:25: Found Adware: dollarrevenue 16:25: HKLM\software\microsoft\drsmartload2\ (1 subtraces) (ID = 1134137) 16:25: Registry Sweep Complete, Elapsed Time:00:00:06 16:25: Starting Cookie Sweep 16:25: Cookie Sweep Complete, Elapsed Time: 00:00:00 16:25: Starting File Sweep 16:25: Found Adware: targetsaver 16:25: tsupdate2[1].ini (ID = 193498) 16:25: Found Trojan Horse: trojan downloader matcash 16:25: launcher[1].exe (ID = 184140) 16:25: Found Adware: maxifiles 16:25: director_install[1].exe (ID = 190798) 16:26: Found Adware: look2me 16:26: risppp.dll (ID = 159) 16:26: en26l1fs1.dll (ID = 159) 16:26: mowsock.dll (ID = 159) 16:26: mhvcp50.dll (ID = 159) 16:26: zhpfldr.dll (ID = 159) 16:26: installer[1].exe (ID = 168558) 16:26: mdvcp50.dll (ID = 159) 16:26: appwrap[3].exe (ID = 65721) 16:27: appwrap[1].exe (ID = 65722) 16:27: ucmoreiex[1].exe (ID = 59853) 16:27: stbiop.dll (ID = 159) 16:27: epfbchaee.dll (ID = 159) 16:27: muc42loc.dll (ID = 159) 16:27: saorage.dll (ID = 159) 16:27: appwrap[2].exe (ID = 65739) 16:27: sqorage.dll (ID = 159) 16:27: cbwmdm.dll (ID = 159) 16:27: ihaksie.dll (ID = 159) 16:27: mrw3prt.dll (ID = 163672) 16:28: drsmartload[1].exe (ID = 239204) 16:28: appwrap[1].exe (ID = 65739) 16:28: appwrap[4].exe (ID = 65722) 16:28: jnsd400.dll (ID = 159) 16:28: dzgest.dll (ID = 163672) 16:28: Found Adware: command 16:28: asappsrv.dll (ID = 144945) 16:28: dsskperf.dll (ID = 163672) 16:28: insecsnp.dll (ID = 159) 16:28: cwl3d32.dll (ID = 163672) 16:28: dddxof.dll (ID = 159) 16:28: ijfgnt5.dll (ID = 159) 16:28: freeprodtb[1].exe (ID = 198662) 16:28: dergres.dll (ID = 159) 16:29: hr6q05j5e.dll (ID = 159) 16:29: l22slcf71f2.dll (ID = 159) 16:29: appwrap[5].exe (ID = 65722) 16:29: bgowsewm.dll (ID = 159) 16:29: dlrpsetu.dll (ID = 163672) 16:29: guard.tmp (ID = 159) 16:29: p2n8lc5u1f.dll (ID = 159) 16:29: installer[1].exe (ID = 231664) 16:29: bjowser.dll (ID = 159) 16:29: f4j20e1oeh.dll (ID = 159) 16:29: mmobjs.dll (ID = 159) 16:29: clmmdlg.dll (ID = 159) 16:29: ozhcxquxtk.vbs (ID = 185675) 16:29: donotdelete[1].htm (ID = 198788) 16:29: File Sweep Complete, Elapsed Time: 00:03:48 16:29: Full Sweep has completed. Elapsed time 00:05:12 16:29: Traces Found: 125 16:30: Removal process initiated 16:30: Quarantining All Traces: look2me 16:30: Quarantining All Traces: trojan downloader matcash 16:30: Quarantining All Traces: virtumonde 16:30: Quarantining All Traces: dollarrevenue 16:30: Quarantining All Traces: maxifiles 16:30: Quarantining All Traces: trojan-downloader-conhook 16:30: trojan-downloader-conhook is in use. It will be removed on reboot. 16:30: pmnlm.dll is in use. It will be removed on reboot. 16:30: Quarantining All Traces: command 16:30: Quarantining All Traces: effective-i toolbar 16:30: Quarantining All Traces: targetsaver 16:30: Removal process completed. Elapsed time 00:00:41 ******** 16:19: | Start of Session, Montag, 6. Februar 2006 | 16:19: Spy Sweeper started 16:23: Your spyware definitions have been updated. 16:23: | End of Session, Montag, 6. Februar 2006 | |
|
|
||
06.02.2006, 16:40
Ehrenmitglied
Beiträge: 29434 |
#12
karolf
Start -- Ausführen -- regedit (reinschreiben) bearbeiten--> suchen--> dskcheck Sollte man Probleme haben, die Einträge zu löschen, Legacy_ .....kann nicht gelöscht werden. Fehler beim Löschen des Schlüssels, dann gehe mit Rechtsklick im Kontextmenü auf: "Berechtigungen" Setze das Häkchen bei "Vollzugriff zulassen" Übernehmen, OK Danach sollte(n) sich der(die) betreffenden Schlüssel löschen lassen. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DSKCHECK\0000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dskcheck [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DSKCHECK\0000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dskcheck [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DSKCHECK\0000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dskcheck Zitat 16:30: trojan-downloader-conhook is in use. It will be removed on reboot.starte den PC neu L2mfix--> wende Option 2 an, und nach neustart und scan...poste den scanreport http://virus-protect.org/l2mfix.html nun buegel noch mal mit dem panda (Onlinescan) drueber und berichte http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.02.2006, 16:25
...neu hier
Themenstarter Beiträge: 10 |
#13
Die Werte :
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DSKCHECK\0000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dskcheck waren nicht vorhanden. L2mfix--> Option 2 ergab folgendes : Running From: C:\l2mfix Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 468 'smss.exe' Error 0x6 : Das Handle ist ungültig. Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 560 'winlogon.exe' Error 0x6 : Das Handle ist ungültig. Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1288 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of rundll32.exe Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administratoren ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 1 Datei(en) kopiert. Deleting: C:\WINDOWS\system32\skfolder.dll Successfully Deleted: C:\WINDOWS\system32\skfolder.dll msg11?.dll 0 Datei(en) kopiert. Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Group Policy] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\en60l1jm1.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlm] "Asynchronous"=dword:00000001 "DllName"="pmnlm.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyy] "Asynchronous"=dword:00000001 "DllName"="C:\\WINDOWS\\System32\\yayyy.dll" "Impersonate"=dword:00000000 "Startup"="SysLogon" "Logoff"="SysLogoff" The following are the files found: **************************************************************************** C:\WINDOWS\system32\skfolder.dll Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CBA0AD09-7761-4156-8225-06AF90FDCFFE}] @="" [HKEY_CLASSES_ROOT\CLSID\{CBA0AD09-7761-4156-8225-06AF90FDCFFE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CBA0AD09-7761-4156-8225-06AF90FDCFFE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CBA0AD09-7761-4156-8225-06AF90FDCFFE}\InprocServer32] @="C:\\WINDOWS\\system32\\ezpsrv.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C87C2245-D1E6-4CB8-96EB-96BB4BC1B352}] @="" [HKEY_CLASSES_ROOT\CLSID\{C87C2245-D1E6-4CB8-96EB-96BB4BC1B352}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C87C2245-D1E6-4CB8-96EB-96BB4BC1B352}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C87C2245-D1E6-4CB8-96EB-96BB4BC1B352}\InprocServer32] @="C:\\WINDOWS\\system32\\kfdhe.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{CBA0AD09-7761-4156-8225-06AF90FDCFFE}"=- "{C87C2245-D1E6-4CB8-96EB-96BB4BC1B352}"=- [-HKEY_CLASSES_ROOT\CLSID\{CBA0AD09-7761-4156-8225-06AF90FDCFFE}] [-HKEY_CLASSES_ROOT\CLSID\{C87C2245-D1E6-4CB8-96EB-96BB4BC1B352}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Panda ergab : Incident Status Location Adware:adware/maxifiles Not disinfected C:\PROGRAMME\GEMEINSAME DATEIEN\InetGet Spyware:spyware/virtumonde Not disinfected Windows Registry Virus:W32/Sdbot.GJB.worm Disinfected C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\TBX2Z85H\winsysupd3[1].exe Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Rolf\Desktop\l2mfix(2).exe[Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Rolf\Desktop\l2mfix.exe[Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Rolf\l2mfix\Process.exe Adware:Adware/Look2Me Not disinfected C:\l2mfix\dlls\skfolder.dll Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSU_0001_LPNetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5U_0001_N57M1412NetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSU_0001_LPNetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5U_0001_N57M1412NetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSU_0001_LPNetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5U_0001_N57M1412NetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSU_0001_LPNetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5U_0001_N57M1412NetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSU_0001_LPNetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5U_0001_N57M1412NetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UERSU_0001_LPNetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5U_0001_N57M1412NetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UERSU_0001_LPNetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWFX5U_0001_N57M1412NetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UERSU_0001_LPNetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWFX5U_0001_N57M1412NetInstaller.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX5U_0001_N57M1412NetInstaller.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\awtts.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\jkkif.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\khfdc.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\khhed.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ljjjk.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mllif.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\oppqo.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\rqrsr.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vtust.dll |
|
|
||
07.02.2006, 16:29
Ehrenmitglied
Beiträge: 29434 |
#14
Versteckte- und Systemdateien
http://virus-protect.org/invisible.html loesche: C:\PROGRAMME\GEMEINSAME DATEIEN\InetGet C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\TBX2Z85H--> loeschen loesche mit der Killbox: C:\WINDOWS\system32\awtts.dll C:\WINDOWS\system32\jkkif.dll C:\WINDOWS\system32\khfdc.dll C:\WINDOWS\system32\khhed.dll C:\WINDOWS\system32\ljjjk.dll C:\WINDOWS\system32\mllif.dll C:\WINDOWS\system32\oppqo.dll C:\WINDOWS\system32\rqrsr.dll C:\WINDOWS\system32\vtust.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX5U_0001_N57M1412NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UERSU_0001_LPNetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWFX5U_0001_N57M1412NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UERSU_0001_LPNetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWFX5U_0001_N57M1412NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UERSU_0001_LPNetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5U_0001_N57M1412NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5U_0001_N57M1412NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSU_0001_LPNetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSU_0001_LPNetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5U_0001_N57M1412NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5U_0001_N57M1412NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSU_0001_LPNetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5U_0001_N57M1412NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSU_0001_LPNetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSU_0001_LPNetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5U_0001_N57M1412NetInstaller.exe PC neustarten Start-->Ausfuehren --> cmd gebe folgende Befehel in die Konsole ein: (reinkopieren) attrib -a -h -r -s C:\WINDOWS\system32\mcrh.tmp del C:\WINDOWS\system32\mcrh.tmp attrib -a -h -r -s C:\WINDOWS\system32\atmtd.dll.tmp del C:\WINDOWS\system32\atmtd.dll.tmp attrib -a -h -r -s C:\WINDOWS\system32\REN6.tmp del C:\WINDOWS\system32\REN6.tmp attrib -a -h -r -s C:\WINDOWS\system32\REN5.tmp del C:\WINDOWS\system32\REN5.tmp --------------------------------------------------------------------- scanne noch mal: (poste den scanreport) http://virus-protect.org/artikel/tools/vundofixx.html dann poste noch mal die 4 Logs von datfinbat __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.02.2006, 23:32
...neu hier
Beiträge: 2 |
#15
ich habe den winfixer. ich habe hijackthis runtergeladen, weiß aber ncihtm, wie ich damit umgehen mss, hier das ergebnis meines scans
Logfile of HijackThis v1.99.1 Scan saved at 23:26:08, on 07.02.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe D:\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Lexmark X1100 Series\lxbkbmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\WEBDE\SmartSurfer\SmartSurfer.exe D:\iTunes.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Julia\LOKALE~1\Temp\Rar$EX45.709\HijackThis.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunServices: [Windows live Support] wlmsn.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: SmartSurfer_0.lnk = C:\Programme\WEBDE\SmartSurfer\SmartSurfer.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .php: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{6D622980-164E-4CD4-AD01-54CB53A08350}: NameServer = 62.104.191.241 62.104.196.134 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: awvtq - C:\WINDOWS\System32\awvtq.dll (file missing) O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\h0n00a5med.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: dllmgr64 - Unknown owner - C:\WINDOWS\dllmgr64.exe (file missing) O23 - Service: fwnet64 (fwnet) - Unknown owner - C:\WINDOWS\fwnet64.exe (file missing) O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Programme\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: netconf32 - Unknown owner - C:\WINDOWS\netconf32.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe (file missing) O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ich habe antivir und zonealarm. mit ad-aware konnte nciht alles gelöscht werden, mein browser geht automatischa uf seiten wie diese hier: http://www.blow-outsales.com/normal/yyy102.html bitte helft mir, ich kann das alleine nciht! |
|
|
||