Home » Viren, Trojaner & Malware Forum » Mein pc dreht durch !!! popups ohne ende » Themenansicht

Mein pc dreht durch !!! popups ohne ende

Thema ist geschlossen!
Thema ist geschlossen!
#0
17.03.2006, 19:01
Harbs
Member

Beiträge: 18
#1 joa....andauernt öffnen sich irgendwelche werbe fenster über firefox ....



vielleicht kann mir da ja mal jemand helfen !!!!!!!!!!!!!!
Dieser Beitrag wurde am 18.03.2006 um 14:36 Uhr von Harbs editiert.
Seitenanfang Seitenende
17.03.2006, 19:24
Shen848
Member

Beiträge: 11
#2 Gaar .. ich kann Hijackthis nicht leiden .. was findet ihr nur alle daran??


-Saug dir mal den CCleaner .. der säubert deinen PC von deinen Templates usw. damit sich die Malware nicht nach dem löschen gerade wieder installiert.
www.download.com

noch nicht weg?

-Als nächstes saugst du dir Hitman2pro .. das installiert alle gängigen Antispam programme und führt sie automatisch durch www.hitmanpro.nl

-jetzt ziehst du dir AntiVir personal Edition und machst das Update
www.download.com

-wenn du nicht gerade irgendeine gecrackte Windows version hast zieh dir das ServicePack 2 und alle Sicherheitsupdates .. die beugen Malware vor ..
wenn das über microsoft nicht klappt kannst du dir das Servicepack auch manuell runterladen (musst nur bei google suchen)


Also bei mir hat kein Virus die Prozedur überlebt
Seitenanfang Seitenende
18.03.2006, 01:07
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#3 Harbs

Viel Sinn macht es nicht, das reinigen zu wollen, du hast die den PC selbst zerstoert, weil du per P2P auf alles klickst, was da glaenzt.............

Zitat

I downloaded pirated Software from P2P and now I post my Hijack log whining
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.03.2006, 02:44
Harbs
Member

Themenstarter

Beiträge: 18
#4 was soll ich mit den textdateien machen ??
sry ... aber das check ich net::::::::::::

Verzeichnis von C:\WINDOWS\system32

18.03.2006 02:30 36.055 vsconfig.xml
18.03.2006 02:29 235.933 bspanui.dll
18.03.2006 02:29 27.436 kspydoc.log
18.03.2006 02:29 0 Sweeper.cfg
18.03.2006 02:27 233.968 hrjq0515e.dll
18.03.2006 02:24 235.933 ir6ul5j91.dll
17.03.2006 13:48 233.968 kldhu.dll
17.03.2006 12:56 2 stera.job
17.03.2006 12:55 2 stera.log
17.03.2006 04:42 234.137 q8psli7718.dll
16.03.2006 13:39 236.216 aamen32.dll
15.03.2006 20:02 2 cmd.com
15.03.2006 20:02 2 regedit.com
15.03.2006 20:02 2 taskkill.com
15.03.2006 20:02 2 tasklist.com
15.03.2006 20:02 2 tracert.com
15.03.2006 20:02 2 ping.com
15.03.2006 20:02 2 netstat.com
15.03.2006 18:34 290 n.bat
15.03.2006 18:33 28.713 astr.exe
15.03.2006 18:33 75.813 xxx.exe
15.03.2006 18:33 28.032 dr.exe
15.03.2006 18:33 0 taskkill.exe
10.03.2006 01:10 4.799.320 MRT.exe
27.02.2006 01:06 4.212 zllictbl.dat
22.02.2006 15:11 233.576 FNTCACHE.DAT
04.02.2006 13:34 43.520 CmdLineExt03.dll
31.01.2006 20:29 2.206 wpa.dbl
24.01.2006 11:46 21.840 SIntfNT.dll
24.01.2006 11:46 17.212 SIntf32.dll
24.01.2006 11:46 12.067 SIntf16.dll
23.01.2006 14:08 375.406 perfh009.dat
23.01.2006 14:08 51.204 perfc009.dat
23.01.2006 14:08 385.728 perfh007.dat
23.01.2006 14:08 61.968 perfc007.dat
23.01.2006 14:08 884.200 PerfStringBackup.INI
04.01.2006 04:35 68.096 webclnt.dll
29.12.2005 03:54 280.064 gdi32.dll

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: C0F6-F3B6

Verzeichnis von C:\DOKUME~1\Start\LOKALE~1\Temp

18.03.2006 02:32 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}17916.html
18.03.2006 02:31 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}14868.html
18.03.2006 02:30 16.384 ~DFAD36.tmp
18.03.2006 02:30 512 ~DF4F5F.tmp
18.03.2006 02:30 16.384 ~DF47B5.tmp
18.03.2006 02:30 412 jusched.log
13.03.2006 09:09 126 D9164221.TMP
7 Datei(en) 35.779 Bytes
0 Verzeichnis(se), 30.953.332.736 Bytes frei
................................................................................................

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: C0F6-F3B6

Verzeichnis von C:\WINDOWS

18.03.2006 02:45 24 p0Y7b-->Apropos
http://virus-protect.org/artikel/spyware/apropos1.html

18.03.2006 02:30 3.039 setupapi.log
18.03.2006 02:30 159 wiadebug.log
18.03.2006 02:30 4.210 ModemLog_Creatix V.9X DSP Data Fax Modem.txt
18.03.2006 02:30 1.082.095 WindowsUpdate.log
18.03.2006 02:30 1.920 ModemLog_Standardmodem.txt
18.03.2006 02:29 50 wiaservc.log
18.03.2006 02:29 0 0.log
18.03.2006 02:29 2.048 bootstat.dat
18.03.2006 02:28 31.942 SchedLgU.Txt
15.03.2006 20:02 155.648 b.exe
15.03.2006 18:33 0 keyboard21.dat
15.03.2006 18:33 0 newname.dat
14.03.2006 19:13 110 wininit.ini
14.03.2006 12:26 10.752 DH.dll
13.03.2006 05:22 54.156 QTFont.qfn
01.03.2006 19:02 29 TRWINUPD.DLL
25.02.2006 10:06 3.145.782 Picture It!-Hintergrundbild.bmp
23.02.2006 12:32 1.409 QTFont.for
23.01.2006 14:04 2.082 ModemLog_Standardmodem ber Bluetooth-Verbindung.txt
14.01.2006 13:31 2.359.350 Firefox Wallpaper.bmp
06.01.2006 19:55 1.421 win.ini
03.01.2006 17:45 1.989 uninstall_nmon.vbs
27.12.2005 17:17 6.104 ModemLog_Bluetooth DUN Modem.txt
27.12.2005 17:17 6.098 ModemLog_Bluetooth Fax Modem.txt
25.12.2005 00:34 118.784 bwUnin-7.2.0.137-8876480SL.exe
24.12.2005 16:21 1.525 pstudio.ini
...............................................................................................

Verzeichnis von C:\

18.03.2006 02:46 0 sys.txt
18.03.2006 02:45 9.693 system.txt
18.03.2006 02:45 676 systemtemp.txt
18.03.2006 02:41 110.964 system32.txt
18.03.2006 02:29 536.403.968 hiberfil.sys
18.03.2006 02:29 805.306.368 pagefile.sys
18.03.2006 01:51 45 TEST.XML
15.03.2006 18:34 299.624 WHCC2.exe
15.03.2006 18:33 49.152 newname2.exe
15.03.2006 18:33 38.040 DR140306.exe
15.03.2006 18:33 20.480 keyboard2.exe
15.03.2006 18:33 49.152 drsmartload1.exe
25.02.2006 16:57 444.307 stub.log
18.12.2005 12:21 152 Delme.bat

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

SO ?

Hier noch mal n aktueller logfile( weis zwar net ob ihr den gebrauchen könnt aber ich poste den einfach mal ^^) und schon einmal VIELEN VIELEN DANK FÜR EURE HILFE :


Logfile of HijackThis v1.99.1
Scan saved at 12:20:55, on 18.03.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\Dit.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Anti-Hijacker\AntiHijacker 1.2.EXE
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Start\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [list clock wave surf] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eachjoylistclock\BalmShow.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] D:\Antiblaxx an 192.168.0.254\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Fifa Soccer 2006 crack.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Anti-Hijacker.lnk = C:\Programme\Anti-Hijacker\AntiHijacker 1.2.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\q0nula591d.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


die pop ups und so sind VERSCHWUNDEN !!!!!!! SUPER !!!!! ICH LIEBE EUCH ^^
aber sauber ist mein pc, glaub ich ,trotzdem noch nicht
Dieser Beitrag wurde am 18.03.2006 um 14:37 Uhr von Harbs editiert.
Seitenanfang Seitenende
18.03.2006, 16:19
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5 Harbs

*
Versteckte- und Systemdateien sichtbar machen
http://virus-protect.org/invisible.html

*
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor]
**
avenger
http://virus-protect.org/artikel/tools/avenger.html

kopiere rein:

Zitat

Files to delete:

C:\WINDOWS\system32\csrrs.exe
C:\WINDOWS\system32\Fifa Soccer 2006 crack.exe
C:\WINDOWS\system32\drivers\netpt.sys
C:\WINDOWS\system32\bspanui.dll
C:\WINDOWS\system32\wuauclt10.exe
C:\WINDOWS\system32\kspydoc.log
C:\WINDOWS\system32\Sweeper.cfg
C:\WINDOWS\system32\hrjq0515e.dll
C:\WINDOWS\system32\ir6ul5j91.dll
C:\WINDOWS\system32\kldhu.dll
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\q8psli7718.dll
C:\WINDOWS\system32\aamen32.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\n.bat
C:\WINDOWS\system32\astr.exe
C:\WINDOWS\system32\xxx.exe
C:\WINDOWS\system32\dr.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\b.exe
C:\WINDOWS\DH.dll
C:\WINDOWS\TRWINUPD.DLL
C:\WINDOWS\keyboard21.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\uninstall_nmon.vbs
C:\WHCC2.exe
C:\newname2.exe
C:\DR140306.exe
C:\keyboard2.exe
C:\drsmartload1.exe
C:\Delme.bat
klicke auf die gruene "Ampel" im Avenger

das Sript wird nun ausgeführt, dann wird der PC automatisch neustarten

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [list clock wave surf] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eachjoylistclock\BalmShow.exe
O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Fifa Soccer 2006 crack.exe
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\q0nula591d.dll (file missing)

pc neustarten
Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken

deinstallieren
MessengerPlus! 3

loesche:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eachjoylistclock

----------------------------------------------------------------------------------------------
1.
poste den scanbericht vom avenger

2.
aproposfix
http://swandog46.geekstogo.com/aproposfix.exe

lade aproposfix.exe --> klicke RunThis.bat
klicke "enter" und warte, bis sich das Fenster schliesst.
dann kopiere die log.txt ab.

3.
l2mfix--> arbeite Option 2 ab und poste nach neustart und scan den scanbericht
http://virus-protect.org/l2mfix.html

4.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

5.
scanne mit ewido--> poste den scanreport
http://virus-protect.org/ewido.html

6.
Panda (scanne und poste den scanbericht)
http://virus-protect.org/onlinescan.html




dann kommt noch mehr...aber erst mal bis hier.
uebrigens..lange sehe ich schon nicht mehr so einen verseuchten pc ..
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.03.2006, 16:39
Harbs
Member

Themenstarter

Beiträge: 18
#6 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qdcjksyi

*******************

Script file located at: \??\C:\WINDOWS\dmxlhpgm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\csrrs.exe not found!
Deletion of file C:\WINDOWS\system32\csrrs.exe failed!

File C:\WINDOWS\system32\Fifa Soccer 2006 crack.exe not found!
Deletion of file C:\WINDOWS\system32\Fifa Soccer 2006 crack.exe failed!

Could not process line:
C:\WINDOWS\system32\Fifa Soccer 2006 crack.exe
Status: 0xc0000034

File C:\WINDOWS\system32\bspanui.dll not found!
Deletion of file C:\WINDOWS\system32\bspanui.dll failed!

Could not process line:
C:\WINDOWS\system32\bspanui.dll
Status: 0xc0000034

File C:\WINDOWS\system32\wuauclt10.exe deleted successfully.
File C:\WINDOWS\system32\kspydoc.log deleted successfully.
File C:\WINDOWS\system32\Sweeper.cfg deleted successfully.


File C:\WINDOWS\system32\hrjq0515e.dll not found!
Deletion of file C:\WINDOWS\system32\hrjq0515e.dll failed!

Could not process line:
C:\WINDOWS\system32\hrjq0515e.dll
Status: 0xc0000034



File C:\WINDOWS\system32\ir6ul5j91.dll not found!
Deletion of file C:\WINDOWS\system32\ir6ul5j91.dll failed!

Could not process line:
C:\WINDOWS\system32\ir6ul5j91.dll
Status: 0xc0000034



File C:\WINDOWS\system32\kldhu.dll not found!
Deletion of file C:\WINDOWS\system32\kldhu.dll failed!

Could not process line:
C:\WINDOWS\system32\kldhu.dll
Status: 0xc0000034

File C:\WINDOWS\system32\stera.job deleted successfully.
File C:\WINDOWS\system32\stera.log deleted successfully.


File C:\WINDOWS\system32\q8psli7718.dll not found!
Deletion of file C:\WINDOWS\system32\q8psli7718.dll failed!

Could not process line:
C:\WINDOWS\system32\q8psli7718.dll
Status: 0xc0000034



File C:\WINDOWS\system32\aamen32.dll not found!
Deletion of file C:\WINDOWS\system32\aamen32.dll failed!

Could not process line:
C:\WINDOWS\system32\aamen32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\cmd.com not found!
Deletion of file C:\WINDOWS\system32\cmd.com failed!

Could not process line:
C:\WINDOWS\system32\cmd.com
Status: 0xc0000034



File C:\WINDOWS\system32\regedit.com not found!
Deletion of file C:\WINDOWS\system32\regedit.com failed!

Could not process line:
C:\WINDOWS\system32\regedit.com
Status: 0xc0000034



File C:\WINDOWS\system32\taskkill.com not found!
Deletion of file C:\WINDOWS\system32\taskkill.com failed!

Could not process line:
C:\WINDOWS\system32\taskkill.com
Status: 0xc0000034



File C:\WINDOWS\system32\tasklist.com not found!
Deletion of file C:\WINDOWS\system32\tasklist.com failed!

Could not process line:
C:\WINDOWS\system32\tasklist.com
Status: 0xc0000034



File C:\WINDOWS\system32\tracert.com not found!
Deletion of file C:\WINDOWS\system32\tracert.com failed!

Could not process line:
C:\WINDOWS\system32\tracert.com
Status: 0xc0000034



File C:\WINDOWS\system32\ping.com not found!
Deletion of file C:\WINDOWS\system32\ping.com failed!

Could not process line:
C:\WINDOWS\system32\ping.com
Status: 0xc0000034



File C:\WINDOWS\system32\netstat.com not found!
Deletion of file C:\WINDOWS\system32\netstat.com failed!

Could not process line:
C:\WINDOWS\system32\netstat.com
Status: 0xc0000034

File C:\WINDOWS\system32\n.bat deleted successfully.


File C:\WINDOWS\system32\astr.exe not found!
Deletion of file C:\WINDOWS\system32\astr.exe failed!

Could not process line:
C:\WINDOWS\system32\astr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\xxx.exe deleted successfully.
File C:\WINDOWS\system32\dr.exe deleted successfully.
File C:\WINDOWS\system32\taskkill.exe deleted successfully.
File C:\WINDOWS\b.exe deleted successfully.
File C:\WINDOWS\keyboard21.dat deleted successfully.
File C:\WINDOWS\newname.dat deleted successfully.


File C:\WINDOWS\uninstall_nmon.vbs not found!
Deletion of file C:\WINDOWS\uninstall_nmon.vbs failed!

Could not process line:
C:\WINDOWS\uninstall_nmon.vbs
Status: 0xc0000034



File C:\WHCC2.exe not found!
Deletion of file C:\WHCC2.exe failed!

Could not process line:
C:\WHCC2.exe
Status: 0xc0000034

File C:\newname2.exe deleted successfully.


File C:\DR140306.exe not found!
Deletion of file C:\DR140306.exe failed!

Could not process line:
C:\DR140306.exe
Status: 0xc0000034



File C:\keyboard2.exe not found!
Deletion of file C:\keyboard2.exe failed!

Could not process line:
C:\keyboard2.exe
Status: 0xc0000034



File C:\drsmartload1.exe not found!
Deletion of file C:\drsmartload1.exe failed!

Could not process line:
C:\drsmartload1.exe
Status: 0xc0000034

File C:\Delme.bat deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Zitat

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
soll ich die datei zur registrie hinzufügen ?
Dieser Beitrag wurde am 18.03.2006 um 16:44 Uhr von Harbs editiert.
Seitenanfang Seitenende
18.03.2006, 16:48
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#7 ja, aber erst spaeter (im abgesicherten Modus) ...ist alles aufgelistet.............
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.03.2006, 16:52
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren: ...........

C:\WINDOWS\DH.dll
C:\WINDOWS\TRWINUPD.DLL
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\astr.exe
C:\WINDOWS\system32\Fifa Soccer 2006 crack.exe
C:\WINDOWS\system32\csrrs.exe
C:\WINDOWS\keyboard21.dat
C:\WINDOWS\uninstall_nmon.vbs
C:\WHCC2.exe
C:\DR140306.exe
C:\keyboard2.exe
C:\drsmartload1.exe

PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.03.2006, 17:12
Harbs
Member

Themenstarter

Beiträge: 18
#9 Log of AproposFix v1.1

************

Running from directory:
C:\Dokumente und Einstellungen\Start\Desktop\aproposfix

************

Warning: batch running in normal mode, not Safe Mode! In normal mode the fix WILL NOT WORK!


Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!
Seitenanfang Seitenende
18.03.2006, 17:13
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10

Zitat

Warning: batch running in normal mode, not Safe Mode! In normal mode the fix WILL NOT WORK!
noch mal..im abgesicherten Modus...um den apropos zu loeschen !!!!!!!!!!!
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.03.2006, 17:32
Harbs
Member

Themenstarter

Beiträge: 18
#11 L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F4F00575-0444-A768-1F9E-11DD00C42F5B}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{D120D80B-BD26-4A74-8E43-2C2AF0966139}"="QuickPar ContextMenu extension"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universelle Plug & Play-Ger„te"
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}"="Multiscan"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{59B12D92-FC2B-4063-B3D5-6BC628A0D4EB}"="ArchiCrypt Shredder2 ShellExtension"
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension"
"{8A53CA2A-955E-4010-9D7F-F5830C3D816E}"=""
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning"
"{377BBCBD-F863-486F-A723-F6CF1E5AC046}"=""
"{37F1B261-ADEC-4E51-8482-6A56FB966324}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8A53CA2A-955E-4010-9D7F-F5830C3D816E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8A53CA2A-955E-4010-9D7F-F5830C3D816E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8A53CA2A-955E-4010-9D7F-F5830C3D816E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8A53CA2A-955E-4010-9D7F-F5830C3D816E}\InprocServer32]
@="C:\\WINDOWS\\system32\\rTstapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{377BBCBD-F863-486F-A723-F6CF1E5AC046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{377BBCBD-F863-486F-A723-F6CF1E5AC046}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{377BBCBD-F863-486F-A723-F6CF1E5AC046}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{377BBCBD-F863-486F-A723-F6CF1E5AC046}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Directory Listing of system files:
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: C0F6-F3B6

Verzeichnis von C:\WINDOWS\System32

18.03.2006 17:23 <DIR> ..
18.03.2006 17:23 <DIR> .
15.03.2006 18:33 <DIR> dllcache
13.12.2003 17:23 32 {E262E80D-BE08-44C1-B4C9-B555F1F6FCEF}.dat
05.02.2003 08:41 <DIR> Microsoft
1 Datei(en) 32 Bytes
4 Verzeichnis(se), 30.757.462.016 Bytes frei
Seitenanfang Seitenende
18.03.2006, 17:37
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 du solltest die option 2 abarbeiten...nicht die 1
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.03.2006, 18:04
Harbs
Member

Themenstarter

Beiträge: 18
#13 L2mfix 010406
Creating Account.
Der Befehl wurde erfolgreich ausgefhrt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
Seitenanfang Seitenende
18.03.2006, 18:09
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 aproposfix
http://swandog46.geekstogo.com/aproposfix.exe

im abgesicherten Modus !!!!!!!!!!!!!!!!

danach noch mal l2mfix ...option 1
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.03.2006, 18:13
Harbs
Member

Themenstarter

Beiträge: 18
#15 Running From:
C:\Dokumente und Einstellungen\Start\Desktop\l2mfix

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 456 'smss.exe'
Error 0x6 : Das Handle ist ungültig.


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 608 'winlogon.exe'
Error 0x6 : Das Handle ist ungültig.


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1440 'explorer.exe'
Killing PID 1440 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administratoren ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8A53CA2A-955E-4010-9D7F-F5830C3D816E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8A53CA2A-955E-4010-9D7F-F5830C3D816E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8A53CA2A-955E-4010-9D7F-F5830C3D816E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8A53CA2A-955E-4010-9D7F-F5830C3D816E}\InprocServer32]
@="C:\\WINDOWS\\system32\\rTstapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{377BBCBD-F863-486F-A723-F6CF1E5AC046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{377BBCBD-F863-486F-A723-F6CF1E5AC046}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{377BBCBD-F863-486F-A723-F6CF1E5AC046}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{377BBCBD-F863-486F-A723-F6CF1E5AC046}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{8A53CA2A-955E-4010-9D7F-F5830C3D816E}"=-
"{377BBCBD-F863-486F-A723-F6CF1E5AC046}"=-
"{37F1B261-ADEC-4E51-8482-6A56FB966324}"=-
[-HKEY_CLASSES_ROOT\CLSID\{8A53CA2A-955E-4010-9D7F-F5830C3D816E}]
[-HKEY_CLASSES_ROOT\CLSID\{377BBCBD-F863-486F-A723-F6CF1E5AC046}]
[-HKEY_CLASSES_ROOT\CLSID\{37F1B261-ADEC-4E51-8482-6A56FB966324}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************


ok....mach ich dann mal

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{D120D80B-BD26-4A74-8E43-2C2AF0966139}"="QuickPar ContextMenu extension"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universelle Plug & Play-Ger„te"
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}"="Multiscan"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{59B12D92-FC2B-4063-B3D5-6BC628A0D4EB}"="ArchiCrypt Shredder2 ShellExtension"
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension"
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
Directory Listing of system files:
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: C0F6-F3B6

Verzeichnis von C:\WINDOWS\System32

18.03.2006 18:18 <DIR> ..
18.03.2006 18:18 <DIR> .
15.03.2006 18:33 <DIR> dllcache
13.12.2003 17:23 32 {E262E80D-BE08-44C1-B4C9-B555F1F6FCEF}.dat
05.02.2003 08:41 <DIR> Microsoft
1 Datei(en) 32 Bytes
4 Verzeichnis(se), 35.404.296.192 Bytes frei


----------------------------------------------------------------------------
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
----------------------------------------------------------------------------

SO !!!!! und nun noch ewido und Panda durchlaufen lassen oder wie ?!
Dieser Beitrag wurde am 18.03.2006 um 18:27 Uhr von Harbs editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 123