Yieldmanager probleme

#0
08.02.2006, 00:56
...neu hier

Beiträge: 4
#1 Ich krieg diese nervtoetenden popups von yielmanager und weiss nicht wie ich die loswerde
hier mein hijack log
*ausm safe mode*

Logfile of HijackThis v1.99.1
Scan saved at 4:43:12 PM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Robi\Desktop\Antivirus\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\r0p8la7u1d.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe


THx 4Help
Seitenanfang Seitenende
08.02.2006, 13:44
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 LSPfix
http://www.spychecker.com/program/lspfix.html

hake an: "I know what Im doing"--Remove
und loesche die idmmbc.dll
(eventuell musst du die dll von links nach rechts bringen)

deinstallieren:
internetdownloadmanager

stelle den CleanUp
genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien
. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.02.2006, 02:23
...neu hier

Themenstarter

Beiträge: 4
#3 danke fuer die hilfe soweit
hab idm deinstalliert
demnach hat lspfix nix gefunden

hier die 3 logs aus datfinder



Volume in drive C has no label.
Volume Seri*hier nicht!* Number is A0C9-6F8E

Directory of C:\WINDOWS\system32

02/08/2006 06:08 PM 234,213 jfmd400.dll
02/08/2006 06:08 PM 234,626 fpj4031qe.dll
02/08/2006 06:04 PM 236,142 natrap.dll
02/08/2006 06:04 PM 234,213 enlul1391.dll
02/07/2006 07:48 PM 236,142 bpackbox.dll
02/07/2006 07:48 PM 234,220 ir4ul5h91.dll
02/07/2006 05:11 PM 234,187 mvp8l97u1.dll
02/07/2006 12:37 PM 5,000 lzxdpo.exe
02/06/2006 05:30 PM 5,000 lzxdpo.dll
02/06/2006 03:29 AM 91,888 FNTCACHE.DAT
02/05/2006 11:12 PM 2,206 wpa.dbl
01/29/2006 04:25 PM 3,558 KGyGaAvL.sys
01/29/2006 04:24 PM 56 34273C1BCE.sys
01/28/2006 02:02 PM 21 zxdnt3d.cfg
01/04/2006 07:46 PM 2,827,616 MRT.exe
12/28/2005 07:54 PM 280,064 gdi32.dll
12/24/2005 01:36 PM 38,904 DH9013.exe
12/24/2005 12:40 PM 24,576 DZINSTEX.DLL
12/24/2005 12:39 PM 25 DWZVER.INI
11/30/2005 08:59 PM 1,492,480 shdocvw.dll
11/23/2005 06:06 PM 3,015,680 mshtml.dll
11/23/2005 06:06 PM 1,022,464 browseui.dll
11/16/2005 12:43 PM 312,172 perfh009.dat
11/16/2005 12:43 PM 40,394 perfc009.dat
11/16/2005 12:43 PM 356,302 PerfStringBackup.INI
11/09/2005 11:23 AM 5,357 jupdate-1.5.0_05-b05.log
11/08/2005 11:24 AM 3,460 jupdate-1.5.0_03-b07.log
11/04/2005 08:16 PM 609,280 urlmon.dll
11/04/2005 08:16 PM 1,054,208 danim.dll

Volume in drive C has no label.
Volume Seri*hier nicht!* Number is A0C9-6F8E

Directory of C:\WINDOWS

02/08/2006 06:09 PM 172,230 ntbtlog.txt
02/08/2006 06:09 PM 0 0.log
02/08/2006 06:08 PM 2,048 bootstat.dat
02/08/2006 06:07 PM 6,914 WindowsUpdate.log
02/07/2006 07:36 PM 68 IDMan.INI
02/07/2006 05:11 PM 159 wiadebug.log
02/07/2006 05:11 PM 48 wiaservc.log
02/07/2006 05:11 PM 0 Sti_Trace.log
02/07/2006 05:11 PM 232 SchedLgU.Txt
02/06/2006 05:32 PM 43 drsmartload2.dat
02/06/2006 05:31 PM 7,878 ModemLog_Conexant Soft 56K Modem.txt
02/06/2006 03:32 AM 0 winsysupd51.dat
02/05/2006 05:18 PM 0 gimmygames1.dat
02/05/2006 05:18 PM 0 myupdates1.dat
02/05/2006 05:14 PM 0 uniq
01/30/2006 03:47 PM 477 win.ini
01/30/2006 03:47 PM 227 system.ini
01/28/2006 02:19 PM 737,280 iun6002.exe
01/03/2006 05:45 PM 1,989 uninstall_nmon.vbs
12/24/2005 01:50 PM 0 z00096.exe
12/24/2005 01:35 PM 0 timessquare1.dat
12/24/2005 01:35 PM 0 drsmartloadb1.dat
12/24/2005 12:57 PM 66 vmreg32.dll
12/24/2005 12:47 PM 16 SCNDRVU.INI
11/23/2005 12:58 PM 754 WORDPAD.INI
11/23/2005 11:28 AM 26 WINCMD.INI
11/15/2005 01:30 PM 167,936 Setup1.exe
11/15/2005 01:30 PM 74,752 ST6UNST.EXE
11/11/2005 08:59 AM 342 Clony2.ini
11/06/2005 07:32 PM 19 SoundConverter.INI

Volume in drive C has no label.
Volume Seri*hier nicht!* Number is A0C9-6F8E

Directory of C:\

02/08/2006 06:19 PM 0 sys.txt
02/08/2006 06:19 PM 4,314 system.txt
02/08/2006 06:19 PM 124 systemtemp.txt
02/08/2006 06:18 PM 103,692 system32.txt
02/08/2006 06:07 PM 377,487,360 pagefile.sys
01/30/2006 03:47 PM 211 boot.ini
12/24/2005 01:39 PM 421,819 AGEU_SilentSudokuInstaller.exe
12/24/2005 01:38 PM 129,204 SS1001.exe
12/24/2005 12:43 PM 0 ChkLog.txt
12/24/2005 12:40 PM 0 DELETE.DAT
12/24/2005 12:40 PM 0 CHANGES.DAT
12/24/2005 12:40 PM 0 Schd.txt
12/24/2005 12:40 PM 230 DWIZARD.LOG
12/03/2005 06:31 PM 0 $RJ$.DAT
10/31/2005 08:56 AM 700,416 StubInstaller.exe
Seitenanfang Seitenende
09.02.2006, 14:49
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 robbirob

silentsudokuinstaller
http://virus-protect.org/artikel/spyware/silentsudokuinstaller.html

----------------------------------------------------------------------

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren:

C:\WINDOWS\system32\jfmd400.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\fpj4031qe.dll
C:\WINDOWS\system32\natrap.dll
C:\WINDOWS\system32\enlul1391.dll
C:\WINDOWS\system32\bpackbox.dll
C:\WINDOWS\system32\ir4ul5h91.dll
C:\WINDOWS\system32\mvp8l97u1.dll
C:\WINDOWS\system32\r0p8la7u1d.dll
C:\WINDOWS\system32\lzxdpo.exe
C:\WINDOWS\system32\lzxdpo.dll
C:\WINDOWS\system32\34273C1BCE.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\system32\DH9013.exe
C:\WINDOWS\system32\DZINSTEX.DLL
C:\WINDOWS\system32\DWZVER.INI
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\winsysupd51.dat
C:\WINDOWS\gimmygames1.dat
C:\WINDOWS\myupdates1.dat
C:\WINDOWS\uniq
C:\WINDOWS\iun6002.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\z00096.exe
C:\WINDOWS\timessquare1.dat
C:\WINDOWS\drsmartloadb1.dat
C:\WINDOWS\vmreg32.dll
C:\AGEU_SilentSudokuInstaller.exe
C:\SS1001.exe
C:\ChkLog.txt
C:\DELETE.DAT
C:\CHANGES.DAT
C:\Schd.txt
C:\DWIZARD.LOG
C:\StubInstaller.exe

PC neustarten

nach dem Neustart suche: C:\!KillBox
und loesche alle dort befindlichen Dateien manuell

L2mfix
http://virus-protect.org/l2mfix.html
# Schließen Sie alle offenen Programme , da der nächste Schritt einen Neustart erfordert. Klicken Sie erneut auf l2mfix.bat und tippen Sie 2 ein --- [Enter].
# Drücken Sie eine beliebige Taste, um einen Systemneustart einzuleiten

nach neustart + scan poste hier den scanreport.


dann sehen wir weiter ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.02.2006, 22:17
...neu hier

Themenstarter

Beiträge: 4
#5 konnte nachdem ich mit killbox alle eintraege geloescht habe die !killbox datein nicht loeschen weil der ordner nicht vorhanden war
hier ist mein l2mfix log

soweit schaut es glaub ich ruihig aus hab keine popups mehr
danke fuer deine riesen hilfe soweit
L2mfix 010406
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 564 'smss.exe'
Killing PID 564 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'
Killing PID 636 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1680 'explorer.exe'

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 560 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 648 'winlogon.exe'
Killing PID 648 'winlogon.exe'
Killing PID 648 'winlogon.exe'
Killing PID 648 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1864 'explorer.exe'
Killing PID 1864 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1828 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\fp2403fqe.dll
Successfully Deleted: C:\WINDOWS\system32\fp2403fqe.dll
Deleting: C:\WINDOWS\system32\fpr2039oe.dll
Successfully Deleted: C:\WINDOWS\system32\fpr2039oe.dll
Deleting: C:\WINDOWS\system32\jr0025dmg.dll
Successfully Deleted: C:\WINDOWS\system32\jr0025dmg.dll
Deleting: C:\WINDOWS\system32\p4r40e9qeh.dll
Successfully Deleted: C:\WINDOWS\system32\p4r40e9qeh.dll
Deleting: C:\WINDOWS\system32\WsWin32.dll
Successfully Deleted: C:\WINDOWS\system32\WsWin32.dll
Deleting: C:\WINDOWS\system32\__delete_on_reboot__guard.tmp
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__guard.tmp

msg11?.dll
0 file(s) copied.



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\fpr2039oe.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\fp2403fqe.dll
C:\WINDOWS\system32\fpr2039oe.dll
C:\WINDOWS\system32\jr0025dmg.dll
C:\WINDOWS\system32\p4r40e9qeh.dll
C:\WINDOWS\system32\WsWin32.dll
C:\WINDOWS\system32\__delete_on_reboot__guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2EC7430A-09EB-4B4D-964F-4924AE51FE93}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2EC7430A-09EB-4B4D-964F-4924AE51FE93}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2EC7430A-09EB-4B4D-964F-4924AE51FE93}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2EC7430A-09EB-4B4D-964F-4924AE51FE93}\InprocServer32]
@="C:\\WINDOWS\\system32\\WsWin32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{163E97AF-B6CF-44AE-BBAB-D4340B4210B4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{163E97AF-B6CF-44AE-BBAB-D4340B4210B4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{163E97AF-B6CF-44AE-BBAB-D4340B4210B4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{163E97AF-B6CF-44AE-BBAB-D4340B4210B4}\InprocServer32]
@="C:\\WINDOWS\\system32\\cpb.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BC24C5DC-0558-402E-82E1-0DC784B8DA23}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC24C5DC-0558-402E-82E1-0DC784B8DA23}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC24C5DC-0558-402E-82E1-0DC784B8DA23}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC24C5DC-0558-402E-82E1-0DC784B8DA23}\InprocServer32]
@="C:\\WINDOWS\\system32\\notui2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5544505A-2983-4F93-A404-DBE2141967C2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5544505A-2983-4F93-A404-DBE2141967C2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5544505A-2983-4F93-A404-DBE2141967C2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5544505A-2983-4F93-A404-DBE2141967C2}\InprocServer32]
@="C:\\WINDOWS\\system32\\rqsutils.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{85BF1767-9D47-42C1-867F-493EA0FFAE1A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{85BF1767-9D47-42C1-867F-493EA0FFAE1A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{85BF1767-9D47-42C1-867F-493EA0FFAE1A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{85BF1767-9D47-42C1-867F-493EA0FFAE1A}\InprocServer32]
@="C:\\WINDOWS\\system32\\bpackbox.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{006EA08A-300C-41ED-8134-A3D76DA24576}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{006EA08A-300C-41ED-8134-A3D76DA24576}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{006EA08A-300C-41ED-8134-A3D76DA24576}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{006EA08A-300C-41ED-8134-A3D76DA24576}\InprocServer32]
@="C:\\WINDOWS\\system32\\natrap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{68BF5DF4-6FFC-48C8-8D70-0D6728332278}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68BF5DF4-6FFC-48C8-8D70-0D6728332278}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68BF5DF4-6FFC-48C8-8D70-0D6728332278}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68BF5DF4-6FFC-48C8-8D70-0D6728332278}\InprocServer32]
@="C:\\WINDOWS\\system32\\jfmd400.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{58EC83F0-6FBD-4825-9BA2-22CE7638ABF7}"=-
"{2EC7430A-09EB-4B4D-964F-4924AE51FE93}"=-
"{163E97AF-B6CF-44AE-BBAB-D4340B4210B4}"=-
"{BC24C5DC-0558-402E-82E1-0DC784B8DA23}"=-
"{5544505A-2983-4F93-A404-DBE2141967C2}"=-
"{85BF1767-9D47-42C1-867F-493EA0FFAE1A}"=-
"{006EA08A-300C-41ED-8134-A3D76DA24576}"=-
"{68BF5DF4-6FFC-48C8-8D70-0D6728332278}"=-
[-HKEY_CLASSES_ROOT\CLSID\{58EC83F0-6FBD-4825-9BA2-22CE7638ABF7}]
[-HKEY_CLASSES_ROOT\CLSID\{2EC7430A-09EB-4B4D-964F-4924AE51FE93}]
[-HKEY_CLASSES_ROOT\CLSID\{163E97AF-B6CF-44AE-BBAB-D4340B4210B4}]
[-HKEY_CLASSES_ROOT\CLSID\{BC24C5DC-0558-402E-82E1-0DC784B8DA23}]
[-HKEY_CLASSES_ROOT\CLSID\{5544505A-2983-4F93-A404-DBE2141967C2}]
[-HKEY_CLASSES_ROOT\CLSID\{85BF1767-9D47-42C1-867F-493EA0FFAE1A}]
[-HKEY_CLASSES_ROOT\CLSID\{006EA08A-300C-41ED-8134-A3D76DA24576}]
[-HKEY_CLASSES_ROOT\CLSID\{68BF5DF4-6FFC-48C8-8D70-0D6728332278}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/fp2403fqe.dll (164 bytes security) (deflated 5%)
adding: dlls/fpr2039oe.dll (164 bytes security) (deflated 4%)
adding: dlls/jr0025dmg.dll (164 bytes security) (deflated 4%)
adding: dlls/p4r40e9qeh.dll (164 bytes security) (deflated 5%)
adding: dlls/WsWin32.dll (164 bytes security) (deflated 4%)
adding: dlls/__delete_on_reboot__guard.tmp (164 bytes security) (deflated 4%)
adding: backregs/006EA08A-300C-41ED-8134-A3D76DA24576.reg (212 bytes security) (deflated 70%)
adding: backregs/163E97AF-B6CF-44AE-BBAB-D4340B4210B4.reg (212 bytes security) (deflated 70%)
adding: backregs/2EC7430A-09EB-4B4D-964F-4924AE51FE93.reg (212 bytes security) (deflated 70%)
adding: backregs/5544505A-2983-4F93-A404-DBE2141967C2.reg (212 bytes security) (deflated 70%)
adding: backregs/68BF5DF4-6FFC-48C8-8D70-0D6728332278.reg (212 bytes security) (deflated 70%)
adding: backregs/85BF1767-9D47-42C1-867F-493EA0FFAE1A.reg (212 bytes security) (deflated 70%)
adding: backregs/BC24C5DC-0558-402E-82E1-0DC784B8DA23.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Seitenanfang Seitenende
09.02.2006, 23:50
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 loesche mit der killbox:
C:\WINDOWS\system32\msg11?.dll

-----------------------------------------------------------------

Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

scanne mit der Trialversion Spysweeper
http://virus-protect.org/spysweeper.html

scanne Online mit kaspersky und kopiere den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: