Yieldmanager probleme |
||
---|---|---|
#0
| ||
08.02.2006, 00:56
...neu hier
Beiträge: 4 |
||
|
||
08.02.2006, 13:44
Ehrenmitglied
Beiträge: 29434 |
#2
LSPfix
http://www.spychecker.com/program/lspfix.html hake an: "I know what Im doing"--Remove und loesche die idmmbc.dll (eventuell musst du die dll von links nach rechts bringen) deinstallieren: internetdownloadmanager stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.02.2006, 02:23
...neu hier
Themenstarter Beiträge: 4 |
#3
danke fuer die hilfe soweit
hab idm deinstalliert demnach hat lspfix nix gefunden hier die 3 logs aus datfinder Volume in drive C has no label. Volume Seri*hier nicht!* Number is A0C9-6F8E Directory of C:\WINDOWS\system32 02/08/2006 06:08 PM 234,213 jfmd400.dll 02/08/2006 06:08 PM 234,626 fpj4031qe.dll 02/08/2006 06:04 PM 236,142 natrap.dll 02/08/2006 06:04 PM 234,213 enlul1391.dll 02/07/2006 07:48 PM 236,142 bpackbox.dll 02/07/2006 07:48 PM 234,220 ir4ul5h91.dll 02/07/2006 05:11 PM 234,187 mvp8l97u1.dll 02/07/2006 12:37 PM 5,000 lzxdpo.exe 02/06/2006 05:30 PM 5,000 lzxdpo.dll 02/06/2006 03:29 AM 91,888 FNTCACHE.DAT 02/05/2006 11:12 PM 2,206 wpa.dbl 01/29/2006 04:25 PM 3,558 KGyGaAvL.sys 01/29/2006 04:24 PM 56 34273C1BCE.sys 01/28/2006 02:02 PM 21 zxdnt3d.cfg 01/04/2006 07:46 PM 2,827,616 MRT.exe 12/28/2005 07:54 PM 280,064 gdi32.dll 12/24/2005 01:36 PM 38,904 DH9013.exe 12/24/2005 12:40 PM 24,576 DZINSTEX.DLL 12/24/2005 12:39 PM 25 DWZVER.INI 11/30/2005 08:59 PM 1,492,480 shdocvw.dll 11/23/2005 06:06 PM 3,015,680 mshtml.dll 11/23/2005 06:06 PM 1,022,464 browseui.dll 11/16/2005 12:43 PM 312,172 perfh009.dat 11/16/2005 12:43 PM 40,394 perfc009.dat 11/16/2005 12:43 PM 356,302 PerfStringBackup.INI 11/09/2005 11:23 AM 5,357 jupdate-1.5.0_05-b05.log 11/08/2005 11:24 AM 3,460 jupdate-1.5.0_03-b07.log 11/04/2005 08:16 PM 609,280 urlmon.dll 11/04/2005 08:16 PM 1,054,208 danim.dll Volume in drive C has no label. Volume Seri*hier nicht!* Number is A0C9-6F8E Directory of C:\WINDOWS 02/08/2006 06:09 PM 172,230 ntbtlog.txt 02/08/2006 06:09 PM 0 0.log 02/08/2006 06:08 PM 2,048 bootstat.dat 02/08/2006 06:07 PM 6,914 WindowsUpdate.log 02/07/2006 07:36 PM 68 IDMan.INI 02/07/2006 05:11 PM 159 wiadebug.log 02/07/2006 05:11 PM 48 wiaservc.log 02/07/2006 05:11 PM 0 Sti_Trace.log 02/07/2006 05:11 PM 232 SchedLgU.Txt 02/06/2006 05:32 PM 43 drsmartload2.dat 02/06/2006 05:31 PM 7,878 ModemLog_Conexant Soft 56K Modem.txt 02/06/2006 03:32 AM 0 winsysupd51.dat 02/05/2006 05:18 PM 0 gimmygames1.dat 02/05/2006 05:18 PM 0 myupdates1.dat 02/05/2006 05:14 PM 0 uniq 01/30/2006 03:47 PM 477 win.ini 01/30/2006 03:47 PM 227 system.ini 01/28/2006 02:19 PM 737,280 iun6002.exe 01/03/2006 05:45 PM 1,989 uninstall_nmon.vbs 12/24/2005 01:50 PM 0 z00096.exe 12/24/2005 01:35 PM 0 timessquare1.dat 12/24/2005 01:35 PM 0 drsmartloadb1.dat 12/24/2005 12:57 PM 66 vmreg32.dll 12/24/2005 12:47 PM 16 SCNDRVU.INI 11/23/2005 12:58 PM 754 WORDPAD.INI 11/23/2005 11:28 AM 26 WINCMD.INI 11/15/2005 01:30 PM 167,936 Setup1.exe 11/15/2005 01:30 PM 74,752 ST6UNST.EXE 11/11/2005 08:59 AM 342 Clony2.ini 11/06/2005 07:32 PM 19 SoundConverter.INI Volume in drive C has no label. Volume Seri*hier nicht!* Number is A0C9-6F8E Directory of C:\ 02/08/2006 06:19 PM 0 sys.txt 02/08/2006 06:19 PM 4,314 system.txt 02/08/2006 06:19 PM 124 systemtemp.txt 02/08/2006 06:18 PM 103,692 system32.txt 02/08/2006 06:07 PM 377,487,360 pagefile.sys 01/30/2006 03:47 PM 211 boot.ini 12/24/2005 01:39 PM 421,819 AGEU_SilentSudokuInstaller.exe 12/24/2005 01:38 PM 129,204 SS1001.exe 12/24/2005 12:43 PM 0 ChkLog.txt 12/24/2005 12:40 PM 0 DELETE.DAT 12/24/2005 12:40 PM 0 CHANGES.DAT 12/24/2005 12:40 PM 0 Schd.txt 12/24/2005 12:40 PM 230 DWIZARD.LOG 12/03/2005 06:31 PM 0 $RJ$.DAT 10/31/2005 08:56 AM 700,416 StubInstaller.exe |
|
|
||
09.02.2006, 14:49
Ehrenmitglied
Beiträge: 29434 |
#4
robbirob
silentsudokuinstaller http://virus-protect.org/artikel/spyware/silentsudokuinstaller.html ---------------------------------------------------------------------- KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: C:\WINDOWS\system32\jfmd400.dll C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\fpj4031qe.dll C:\WINDOWS\system32\natrap.dll C:\WINDOWS\system32\enlul1391.dll C:\WINDOWS\system32\bpackbox.dll C:\WINDOWS\system32\ir4ul5h91.dll C:\WINDOWS\system32\mvp8l97u1.dll C:\WINDOWS\system32\r0p8la7u1d.dll C:\WINDOWS\system32\lzxdpo.exe C:\WINDOWS\system32\lzxdpo.dll C:\WINDOWS\system32\34273C1BCE.sys C:\WINDOWS\system32\zxdnt3d.cfg C:\WINDOWS\system32\DH9013.exe C:\WINDOWS\system32\DZINSTEX.DLL C:\WINDOWS\system32\DWZVER.INI C:\WINDOWS\drsmartload2.dat C:\WINDOWS\winsysupd51.dat C:\WINDOWS\gimmygames1.dat C:\WINDOWS\myupdates1.dat C:\WINDOWS\uniq C:\WINDOWS\iun6002.exe C:\WINDOWS\uninstall_nmon.vbs C:\WINDOWS\z00096.exe C:\WINDOWS\timessquare1.dat C:\WINDOWS\drsmartloadb1.dat C:\WINDOWS\vmreg32.dll C:\AGEU_SilentSudokuInstaller.exe C:\SS1001.exe C:\ChkLog.txt C:\DELETE.DAT C:\CHANGES.DAT C:\Schd.txt C:\DWIZARD.LOG C:\StubInstaller.exe PC neustarten nach dem Neustart suche: C:\!KillBox und loesche alle dort befindlichen Dateien manuell L2mfix http://virus-protect.org/l2mfix.html # Schließen Sie alle offenen Programme , da der nächste Schritt einen Neustart erfordert. Klicken Sie erneut auf l2mfix.bat und tippen Sie 2 ein --- [Enter]. # Drücken Sie eine beliebige Taste, um einen Systemneustart einzuleiten nach neustart + scan poste hier den scanreport. dann sehen wir weiter __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.02.2006, 22:17
...neu hier
Themenstarter Beiträge: 4 |
#5
konnte nachdem ich mit killbox alle eintraege geloescht habe die !killbox datein nicht loeschen weil der ordner nicht vorhanden war
hier ist mein l2mfix log soweit schaut es glaub ich ruihig aus hab keine popups mehr danke fuer deine riesen hilfe soweit L2mfix 010406 Creating Account. The command completed successfully. Adding Administrative privleges. The command completed successfully. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 564 'smss.exe' Killing PID 564 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Killing PID 636 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1680 'explorer.exe' Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 560 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 648 'winlogon.exe' Killing PID 648 'winlogon.exe' Killing PID 648 'winlogon.exe' Killing PID 648 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1864 'explorer.exe' Killing PID 1864 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1828 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. Deleting: C:\WINDOWS\system32\fp2403fqe.dll Successfully Deleted: C:\WINDOWS\system32\fp2403fqe.dll Deleting: C:\WINDOWS\system32\fpr2039oe.dll Successfully Deleted: C:\WINDOWS\system32\fpr2039oe.dll Deleting: C:\WINDOWS\system32\jr0025dmg.dll Successfully Deleted: C:\WINDOWS\system32\jr0025dmg.dll Deleting: C:\WINDOWS\system32\p4r40e9qeh.dll Successfully Deleted: C:\WINDOWS\system32\p4r40e9qeh.dll Deleting: C:\WINDOWS\system32\WsWin32.dll Successfully Deleted: C:\WINDOWS\system32\WsWin32.dll Deleting: C:\WINDOWS\system32\__delete_on_reboot__guard.tmp Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__guard.tmp msg11?.dll 0 file(s) copied. Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\fpr2039oe.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** C:\WINDOWS\system32\fp2403fqe.dll C:\WINDOWS\system32\fpr2039oe.dll C:\WINDOWS\system32\jr0025dmg.dll C:\WINDOWS\system32\p4r40e9qeh.dll C:\WINDOWS\system32\WsWin32.dll C:\WINDOWS\system32\__delete_on_reboot__guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2EC7430A-09EB-4B4D-964F-4924AE51FE93}] @="" [HKEY_CLASSES_ROOT\CLSID\{2EC7430A-09EB-4B4D-964F-4924AE51FE93}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2EC7430A-09EB-4B4D-964F-4924AE51FE93}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2EC7430A-09EB-4B4D-964F-4924AE51FE93}\InprocServer32] @="C:\\WINDOWS\\system32\\WsWin32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{163E97AF-B6CF-44AE-BBAB-D4340B4210B4}] @="" [HKEY_CLASSES_ROOT\CLSID\{163E97AF-B6CF-44AE-BBAB-D4340B4210B4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{163E97AF-B6CF-44AE-BBAB-D4340B4210B4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{163E97AF-B6CF-44AE-BBAB-D4340B4210B4}\InprocServer32] @="C:\\WINDOWS\\system32\\cpb.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{BC24C5DC-0558-402E-82E1-0DC784B8DA23}] @="" [HKEY_CLASSES_ROOT\CLSID\{BC24C5DC-0558-402E-82E1-0DC784B8DA23}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{BC24C5DC-0558-402E-82E1-0DC784B8DA23}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{BC24C5DC-0558-402E-82E1-0DC784B8DA23}\InprocServer32] @="C:\\WINDOWS\\system32\\notui2.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{5544505A-2983-4F93-A404-DBE2141967C2}] @="" [HKEY_CLASSES_ROOT\CLSID\{5544505A-2983-4F93-A404-DBE2141967C2}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{5544505A-2983-4F93-A404-DBE2141967C2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{5544505A-2983-4F93-A404-DBE2141967C2}\InprocServer32] @="C:\\WINDOWS\\system32\\rqsutils.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{85BF1767-9D47-42C1-867F-493EA0FFAE1A}] @="" [HKEY_CLASSES_ROOT\CLSID\{85BF1767-9D47-42C1-867F-493EA0FFAE1A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{85BF1767-9D47-42C1-867F-493EA0FFAE1A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{85BF1767-9D47-42C1-867F-493EA0FFAE1A}\InprocServer32] @="C:\\WINDOWS\\system32\\bpackbox.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{006EA08A-300C-41ED-8134-A3D76DA24576}] @="" [HKEY_CLASSES_ROOT\CLSID\{006EA08A-300C-41ED-8134-A3D76DA24576}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{006EA08A-300C-41ED-8134-A3D76DA24576}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{006EA08A-300C-41ED-8134-A3D76DA24576}\InprocServer32] @="C:\\WINDOWS\\system32\\natrap.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{68BF5DF4-6FFC-48C8-8D70-0D6728332278}] @="" [HKEY_CLASSES_ROOT\CLSID\{68BF5DF4-6FFC-48C8-8D70-0D6728332278}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{68BF5DF4-6FFC-48C8-8D70-0D6728332278}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{68BF5DF4-6FFC-48C8-8D70-0D6728332278}\InprocServer32] @="C:\\WINDOWS\\system32\\jfmd400.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{58EC83F0-6FBD-4825-9BA2-22CE7638ABF7}"=- "{2EC7430A-09EB-4B4D-964F-4924AE51FE93}"=- "{163E97AF-B6CF-44AE-BBAB-D4340B4210B4}"=- "{BC24C5DC-0558-402E-82E1-0DC784B8DA23}"=- "{5544505A-2983-4F93-A404-DBE2141967C2}"=- "{85BF1767-9D47-42C1-867F-493EA0FFAE1A}"=- "{006EA08A-300C-41ED-8134-A3D76DA24576}"=- "{68BF5DF4-6FFC-48C8-8D70-0D6728332278}"=- [-HKEY_CLASSES_ROOT\CLSID\{58EC83F0-6FBD-4825-9BA2-22CE7638ABF7}] [-HKEY_CLASSES_ROOT\CLSID\{2EC7430A-09EB-4B4D-964F-4924AE51FE93}] [-HKEY_CLASSES_ROOT\CLSID\{163E97AF-B6CF-44AE-BBAB-D4340B4210B4}] [-HKEY_CLASSES_ROOT\CLSID\{BC24C5DC-0558-402E-82E1-0DC784B8DA23}] [-HKEY_CLASSES_ROOT\CLSID\{5544505A-2983-4F93-A404-DBE2141967C2}] [-HKEY_CLASSES_ROOT\CLSID\{85BF1767-9D47-42C1-867F-493EA0FFAE1A}] [-HKEY_CLASSES_ROOT\CLSID\{006EA08A-300C-41ED-8134-A3D76DA24576}] [-HKEY_CLASSES_ROOT\CLSID\{68BF5DF4-6FFC-48C8-8D70-0D6728332278}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/fp2403fqe.dll (164 bytes security) (deflated 5%) adding: dlls/fpr2039oe.dll (164 bytes security) (deflated 4%) adding: dlls/jr0025dmg.dll (164 bytes security) (deflated 4%) adding: dlls/p4r40e9qeh.dll (164 bytes security) (deflated 5%) adding: dlls/WsWin32.dll (164 bytes security) (deflated 4%) adding: dlls/__delete_on_reboot__guard.tmp (164 bytes security) (deflated 4%) adding: backregs/006EA08A-300C-41ED-8134-A3D76DA24576.reg (212 bytes security) (deflated 70%) adding: backregs/163E97AF-B6CF-44AE-BBAB-D4340B4210B4.reg (212 bytes security) (deflated 70%) adding: backregs/2EC7430A-09EB-4B4D-964F-4924AE51FE93.reg (212 bytes security) (deflated 70%) adding: backregs/5544505A-2983-4F93-A404-DBE2141967C2.reg (212 bytes security) (deflated 70%) adding: backregs/68BF5DF4-6FFC-48C8-8D70-0D6728332278.reg (212 bytes security) (deflated 70%) adding: backregs/85BF1767-9D47-42C1-867F-493EA0FFAE1A.reg (212 bytes security) (deflated 70%) adding: backregs/BC24C5DC-0558-402E-82E1-0DC784B8DA23.reg (212 bytes security) (deflated 70%) adding: backregs/notibac.reg (164 bytes security) (deflated 87%) adding: backregs/shell.reg (164 bytes security) (deflated 73%) |
|
|
||
09.02.2006, 23:50
Ehrenmitglied
Beiträge: 29434 |
#6
loesche mit der killbox:
C:\WINDOWS\system32\msg11?.dll ----------------------------------------------------------------- Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. scanne mit der Trialversion Spysweeper http://virus-protect.org/spysweeper.html scanne Online mit kaspersky und kopiere den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
hier mein hijack log
*ausm safe mode*
Logfile of HijackThis v1.99.1
Scan saved at 4:43:12 PM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Robi\Desktop\Antivirus\HijackThis1991.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\r0p8la7u1d.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
THx 4Help