Nervige Werbebanner |
||
---|---|---|
#0
| ||
30.04.2006, 13:04
Zwackmix
zu Gast
|
||
|
||
30.04.2006, 15:53
Ehrenmitglied
Beiträge: 29434 |
#2
Zwackmix
1. wende an: Look2Me-Destroyer V1.0.5 http://virus-protect.org/l2mfix.html poste den scanreport 2. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 3. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.04.2006, 16:27
Zwackmix
zu Gast
Themenstarter |
#3
L2MFIX find log 032106
These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\hrlo0533e.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{23BC6EF3-9763-8CCC-71F2-D6A6431E1520}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschaftenseite fr vorherige Versionen" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorherige Versionen" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}"="OmniPass Shell Extension" "{D0CE97A0-415B-42E9-B251-34393AF2D5F6}"="OmniPass Shell Extension" "{D5B1944E-DB4E-482E-B3F1-DB05827F0978}"="OmniPass ShellNameSpace Extension" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{efb97cb8-a4a4-4357-a261-002ffaed0267}"="CD Slideshow Powertoy" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" "{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx" @="CorelDRAW Shell Extension Component" "{EA231374-F808-4960-B81A-49412BE3B156}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{EA231374-F808-4960-B81A-49412BE3B156}] @="" [HKEY_CLASSES_ROOT\CLSID\{EA231374-F808-4960-B81A-49412BE3B156}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{EA231374-F808-4960-B81A-49412BE3B156}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{EA231374-F808-4960-B81A-49412BE3B156}\InprocServer32] @="C:\\WINDOWS\\system32\\hsp95en.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ browseui.dll Sat 4 Mar 2006 5:34:40 A.... 1.022.976 999,00 K cdfview.dll Sat 4 Mar 2006 5:34:40 A.... 152.064 148,50 K cmdlin~1.dll Mon 24 Apr 2006 14:19:10 A.... 98.304 96,00 K cmdlin~2.dll Tue 25 Apr 2006 21:48:50 A.... 43.520 42,50 K danim.dll Sat 4 Mar 2006 5:34:42 A.... 1.056.256 1,00 M dxtrans.dll Sat 4 Mar 2006 5:34:42 A.... 205.312 200,50 K extmgr.dll Sat 4 Mar 2006 5:34:42 A.... 55.808 54,50 K g0400a~1.dll Sun 30 Apr 2006 16:05:32 ..S.R 234.230 228,74 K hrlo05~1.dll Sun 30 Apr 2006 16:02:32 ..S.R 234.565 229,07 K hsp95en.dll Sun 30 Apr 2006 16:22:58 ..... 234.565 229,07 K iepeers.dll Sat 4 Mar 2006 5:34:42 A.... 251.392 245,50 K inetcomm.dll Fri 17 Mar 2006 11:11:30 A.... 679.424 663,50 K inseng.dll Sat 4 Mar 2006 5:34:42 A.... 96.768 94,50 K mshtml.dll Thu 23 Mar 2006 22:34:46 A.... 3.074.560 2,93 M mshtmled.dll Sat 4 Mar 2006 5:34:44 A.... 448.512 438,00 K msrating.dll Sat 4 Mar 2006 5:34:44 A.... 146.432 143,00 K mstime.dll Sat 4 Mar 2006 5:34:44 A.... 532.480 520,00 K pngfilt.dll Sat 4 Mar 2006 5:34:44 A.... 39.424 38,50 K shdocvw.dll Thu 30 Mar 2006 11:26:22 A.... 1.492.480 1,42 M shell32.dll Fri 17 Mar 2006 6:03:36 A.... 8.493.056 8,10 M shlwapi.dll Sat 4 Mar 2006 5:34:44 A.... 474.624 463,50 K urlmon.dll Sat 18 Mar 2006 13:09:44 A.... 615.424 601,00 K wininet.dll Sat 4 Mar 2006 5:34:46 A.... 664.064 648,50 K wmp.dll Fri 10 Mar 2006 6:09:14 A.... 5.533.696 5,28 M xpsp3res.dll Thu 30 Mar 2006 3:16:48 A.... 18.944 18,50 K 25 items found: 25 files (2 H/S), 0 directories. Total of file sizes: 25.898.880 bytes 24,70 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Sun 30 Apr 2006 16:23:58 ..S.R 234.565 229,07 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 234.565 bytes 229,07 K ********************************************************************************** Directory Listing of system files: Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger Volumeseriennummer: 44BB-7427 Verzeichnis von C:\WINDOWS\System32 30.04.2006 16:23 234.565 guard.tmp 30.04.2006 16:05 234.230 g0400ahmed4a0.dll 30.04.2006 16:02 234.565 hrlo0533e.dll 30.04.2006 12:23 <DIR> dllcache 03.03.2006 17:10 1.682 KGyGaAvL.sys 03.03.2006 17:10 56 6D2AA531D2.sys 16.11.2005 23:56 <DIR> Microsoft 5 Datei(en) 705.098 Bytes 2 Verzeichnis(se), 11.780.218.880 Bytes frei Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger Volumeseriennummer: 44BB-7427 Verzeichnis von C:\WINDOWS\system32 30.04.2006 16:23 234.565 guard.tmp 30.04.2006 16:23 40.937 nvapps.xml 30.04.2006 16:22 234.565 hsp95en.dll 30.04.2006 16:05 234.230 g0400ahmed4a0.dll 30.04.2006 16:02 234.565 hrlo0533e.dll 25.04.2006 21:48 43.520 CmdLineExt03.dll 24.04.2006 14:19 98.304 CmdLineExt.dll 12.04.2006 17:28 2.206 wpa.dbl 06.04.2006 21:48 5.143.456 MRT.exe 06.04.2006 13:34 1.024 pdf2word.DAT 30.03.2006 11:26 1.492.480 shdocvw.dll 30.03.2006 10:23 234.368 FNTCACHE.DAT 30.03.2006 03:16 18.944 xpsp3res.dll 26.03.2006 14:33 316.924 perfh007.dat 26.03.2006 14:33 48.354 perfc007.dat 26.03.2006 14:33 311.740 perfh009.dat 26.03.2006 14:33 40.128 perfc009.dat 26.03.2006 14:33 723.744 PerfStringBackup.INI 23.03.2006 22:34 3.074.560 mshtml.dll 18.03.2006 13:09 615.424 urlmon.dll 17.03.2006 11:11 679.424 inetcomm.dll 17.03.2006 06:03 8.493.056 shell32.dll 17.03.2006 02:38 28.672 verclsid.exe 10.03.2006 06:09 5.533.696 wmp.dll 04.03.2006 05:34 664.064 wininet.dll 04.03.2006 05:34 474.624 shlwapi.dll 04.03.2006 05:34 39.424 pngfilt.dll 04.03.2006 05:34 448.512 mshtmled.dll 04.03.2006 05:34 146.432 msrating.dll 04.03.2006 05:34 532.480 mstime.dll 04.03.2006 05:34 1.056.256 danim.dll 04.03.2006 05:34 205.312 dxtrans.dll 04.03.2006 05:34 55.808 extmgr.dll 04.03.2006 05:34 96.768 inseng.dll 04.03.2006 05:34 251.392 iepeers.dll 04.03.2006 05:34 1.022.976 browseui.dll 04.03.2006 05:34 152.064 cdfview.dll 03.03.2006 17:10 1.682 KGyGaAvL.sys 03.03.2006 17:10 56 6D2AA531D2.sys 16.02.2006 16:48 5.242.934 toyhide.bmp 18.01.2006 14:05 57.344 avsda.dll 11.01.2006 15:05 7.006 jupdate-1.5.0_06-b05.log 06.01.2006 14:50 664 d3d9caps.dat 04.01.2006 05:35 68.096 webclnt.dll Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger Volumeseriennummer: 44BB-7427 Verzeichnis von C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp 30.04.2006 16:23 53.248 ~ef7194.tmp 30.04.2006 15:46 66.877 java_install_reg.log 30.04.2006 15:40 222 wecerr.txt 30.04.2006 15:40 158.735 FRONTPG.log 29.04.2006 08:51 576 travel01.rgn 29.04.2006 08:50 800 no_popups.rgn 29.04.2006 08:48 5.851 plfA.tmp 29.04.2006 08:47 16.384 ~DF89F0.tmp 29.04.2006 08:44 5.851 plf5.tmp 29.04.2006 08:29 624 cellphones04.rgn 29.04.2006 08:29 2.576 travel04.rgn 29.04.2006 08:12 1.072 auto02.rgn 29.04.2006 08:09 4.176 homes01.rgn 05.04.2006 18:46 16.384 ~WRF0002.tmp 05.04.2006 18:27 46.080 ~e5d141.tmp usw... (edit Sabina) Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger Volumeseriennummer: 44BB-7427 Verzeichnis von C:\WINDOWS 30.04.2006 16:21 0 0.log 30.04.2006 16:20 159 wiadebug.log 30.04.2006 16:20 1.061.124 WindowsUpdate.log 30.04.2006 16:20 50 wiaservc.log 30.04.2006 16:20 2.048 bootstat.dat 30.04.2006 16:19 20.606 SchedLgU.Txt 29.04.2006 08:58 54.156 QTFont.qfn 29.04.2006 08:50 9.240 Hosts 29.04.2006 08:50 9.240 b_as_Hosts 29.04.2006 08:49 112.128 CdaC14BA.DLL 29.04.2006 08:49 30.720 CdaC13BA.EXE 29.04.2006 08:47 13 scode8.cfg 29.04.2006 08:46 796.672 GPInstall.exe 28.04.2006 15:25 276 game.ini 28.04.2006 15:14 230 NeroDigital.ini 28.04.2006 14:54 0 keyboard151.dat 26.04.2006 13:40 64.973 ntdtcsetup.log 26.04.2006 13:40 1.374 imsins.log 26.04.2006 13:40 116.840 tsoc.log 26.04.2006 13:40 46.909 iis6.log 26.04.2006 13:40 18.512 KB900485.log 26.04.2006 13:40 110.075 comsetup.log 26.04.2006 13:40 16.617 ocmsn.log 26.04.2006 13:40 148.821 ocgen.log 26.04.2006 13:40 15.055 msgsocm.log 26.04.2006 13:40 295.935 FaxSetup.log 26.04.2006 13:40 199.447 setupapi.log 25.04.2006 20:19 64.003 wmsetup.log 25.04.2006 20:19 460 wmsetup10.log 20.04.2006 16:53 1.409 QTFont.for 19.04.2006 13:07 122 setup.log 16.04.2006 10:45 2.180 spupdsvc.log 15.04.2006 19:20 18.572 KB908531.log 15.04.2006 19:20 1.374 imsins.BAK 15.04.2006 19:20 22.505 updspapi.log 15.04.2006 19:20 17.809 KB911562.log 15.04.2006 19:19 20.603 KB912812.log 15.04.2006 19:19 17.999 KB911565.log 15.04.2006 19:19 12.451 KB911567.log 06.04.2006 13:34 106 pdf2rtf.INI 03.04.2006 20:27 192 winamp.ini 02.03.2006 15:53 31.608 FontData.fdb 16.02.2006 15:00 12.672 KB911927.log 16.02.2006 15:00 9.102 KB911564.log 16.02.2006 14:59 7.482 KB913446.log 12.02.2006 19:58 149 KPCMS.INI 04.02.2006 19:44 25.253 DirectX.log Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger Volumeseriennummer: 44BB-7427 Verzeichnis von C:\ 30.04.2006 16:27 0 sys.txt 30.04.2006 16:27 8.365 system.txt 30.04.2006 16:26 24.123 systemtemp.txt 30.04.2006 16:26 101.532 system32.txt 30.04.2006 16:24 64 direct.txt 30.04.2006 16:20 805.306.368 pagefile.sys 27.01.2006 13:16 11.072 results.txt 17.11.2005 14:43 200 lxbt.log 16.11.2005 23:52 0 IO.SYS 16.11.2005 23:52 0 CONFIG.SYS 16.11.2005 23:52 0 AUTOEXEC.BAT 16.11.2005 23:52 0 MSDOS.SYS 16.11.2005 23:45 211 boot.ini 04.08.2004 14:00 4.952 bootfont.bin 04.08.2004 14:00 47.564 NTDETECT.COM 04.08.2004 14:00 251.184 ntldr 16 Datei(en) 805.755.635 Bytes 0 Verzeichnis(se), 11.780.321.280 Bytes frei |
|
|
||
30.04.2006, 19:17
Ehrenmitglied
Beiträge: 29434 |
#4
1.
nun gut, du hast zwar nicht das Tool angewendet, was ich wollte....[Look2Me-Destroyer V1.0.5] aber...mache folgendes..klicke Option 2 bei l2mfix, starte den PC neu, warte den scan ab und 2. poste den scanreport von l2mfix 3. Hinweis: Verzeichnis von C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp --- muss leer sein, also noch mal mit CleanUp scannen ! 4. KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: ...... C:\WINDOWS\Hosts C:\WINDOWS\b_as_Hosts C:\WINDOWS\CdaC14BA.DLL C:\WINDOWS\CdaC13BA.EXE C:\WINDOWS\scode8.cfg C:\WINDOWS\GPInstall.exe PC neustarten 5. Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren) 6. Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. 7. Scanne mit Panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.05.2006, 18:53
Zwackmix
zu Gast
Themenstarter |
#5
L2mfix 032106
Creating Account. Das Konto existiert bereits. Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2224 eingeben. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 444 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 528 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1204 'explorer.exe' Killing PID 1204 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of rundll32.exe Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administratoren ... successful Scanning First Pass. Please Wait! Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 448 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 532 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1440 'explorer.exe' Killing PID 1440 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of rundll32.exe Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administratoren ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\g0400ahmed4a0.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{EA231374-F808-4960-B81A-49412BE3B156}] @="" [HKEY_CLASSES_ROOT\CLSID\{EA231374-F808-4960-B81A-49412BE3B156}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{EA231374-F808-4960-B81A-49412BE3B156}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{EA231374-F808-4960-B81A-49412BE3B156}\InprocServer32] @="C:\\WINDOWS\\system32\\marddm.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/g0400ahmed4a0.dll (164 bytes security) (deflated 4%) adding: dlls/jt4q07h5e.dll (164 bytes security) (deflated 5%) adding: dlls/marddm.dll (164 bytes security) (deflated 4%) adding: dlls/mvjml9111.dll (164 bytes security) (deflated 4%) adding: dlls/pzspl.dll (164 bytes security) (deflated 4%) adding: dlls/q686lgls16q6.dll (164 bytes security) (deflated 4%) adding: backregs/EA231374-F808-4960-B81A-49412BE3B156.reg (188 bytes security) (deflated 70%) adding: backregs/notibac.reg (164 bytes security) (deflated 87%) adding: backregs/shell.reg (164 bytes security) (deflated 73%) Incident Status Location Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\backup.zip[dlls/g0400ahmed4a0.dll] Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\backup.zip[dlls/jt4q07h5e.dll] Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\backup.zip[dlls/marddm.dll] Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\backup.zip[dlls/mvjml9111.dll] Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\backup.zip[dlls/pzspl.dll] Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\backup.zip[dlls/q686lgls16q6.dll] Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\dlls\g0400ahmed4a0.dll Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\dlls\jt4q07h5e.dll Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\dlls\marddm.dll Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\dlls\mvjml9111.dll Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\dlls\pzspl.dll Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\dlls\q686lgls16q6.dll Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix.exe[l2mfix/Process.exe] |
|
|
||
01.05.2006, 21:26
Ehrenmitglied
Beiträge: 29434 |
#6
Look2Me-Destroyer V1.0.5
Lade den L2Me Destroyer hier und speichere Ihn auf deinem Desktop: http://www.atribune.org/content/view/28/ 1 ) Schließe alle offenen Fenster und Doppel-klicke die Look2Me-Destroyer.exe um das Programm zu starten. 2 ) Setzte einen Haken bei run this program as a task 3 ) Es erscheint eine Nachricht in der steht, dass sich innerhalb der naechsten 10 Sekunden der Look2Me Destroyer oeffnen und schliessen wird. 4 ) Klicke auf OK 5 ) Wenn das Programm sich wieder oeffnet, auf scan for L2Me klicken. 6 ) Wenn der Scan fertig ist, auf Remove L2Me klicken. Es erscheint danach eine "Done scanning" Nachricht. Einfach auf "OK" klicken. 7) Nach Beendigung des Scans, kommt folgende Nachricht: Done removing infected files! Look2Me-Destroyer will now shutdown your compute und der PC faehrt herunter. 8 ) PC starten und den Inhalt der C:\Look2Me-Destroyer.txt --------------------- dann alles weitere abarbeiten..und poste den scanreport vom Panda-Onlinescan __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.05.2006, 23:10
Zwackmix
zu Gast
Themenstarter |
#7
Incident Status Location
Spyware:Cookie/Mediaplex Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Anwendungsdaten\Mozilla\Firefox\Profiles\dowgbt68.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/2o7 Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Anwendungsdaten\Mozilla\Firefox\Profiles\dowgbt68.default\cookies.txt[.2o7.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Anwendungsdaten\Mozilla\Firefox\Profiles\dowgbt68.default\cookies.txt[.atdmt.com/] Spyware:Cookie/2o7 Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Cookies\maximilian zwick@2o7[1].txt Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\backup.zip[dlls/g0400ahmed4a0.dll] Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\backup.zip[dlls/jt4q07h5e.dll] Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\backup.zip[dlls/marddm.dll] Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\backup.zip[dlls/mvjml9111.dll] Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\backup.zip[dlls/pzspl.dll] Adware:Adware/Look2Me Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\backup.zip[dlls/q686lgls16q6.dll] Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix.exe[l2mfix/Process.exe] Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 01.05.2006 21:59:50 Infected! C:\WINDOWS\system32\g0400ahmed4a0.dll Infected! C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\g0400ahmed4a0.dll Infected! C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\jt4q07h5e.dll Infected! C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\marddm.dll Infected! C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\mvjml9111.dll Infected! C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\pzspl.dll Infected! C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\q686lgls16q6.dll Attempting to delete infected files... Attempting to delete: C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\g0400ahmed4a0.dll C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\g0400ahmed4a0.dll Deleted successfully! Attempting to delete: C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\jt4q07h5e.dll C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\jt4q07h5e.dll Deleted successfully! Attempting to delete: C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\marddm.dll C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\marddm.dll Deleted successfully! Attempting to delete: C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\mvjml9111.dll C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\mvjml9111.dll Deleted successfully! Attempting to delete: C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\pzspl.dll C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\pzspl.dll Deleted successfully! Attempting to delete: C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\q686lgls16q6.dll C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\Programme\Anti Virus\l2mfix\dlls\q686lgls16q6.dll Deleted successfully! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administratoren - Succeeded Dieser Beitrag wurde am 01.05.2006 um 23:22 Uhr von Zwackmix editiert.
|
|
|
||
02.05.2006, 09:49
Ehrenmitglied
Beiträge: 29434 |
#8
1.
loesche: C:\Dokumente und Einstellungen\Maximilian Zwick\Desktop\l2mfix\ 2. noch mal anwenden Look2Me-Destroyer V1.0.12 3. ueberpruefe, ob das geloescht wurde. (siehe Killbox) C:\WINDOWS\system32 29.04.2006 08:50 9.240 Hosts 29.04.2006 08:50 9.240 b_as_Hosts 29.04.2006 08:49 112.128 CdaC14BA.DLL 29.04.2006 08:49 30.720 CdaC13BA.EXE 29.04.2006 08:47 13 scode8.cfg 29.04.2006 08:46 796.672 GPInstall.exe 4. scanne mit kaspersky und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.05.2006, 12:38
Zwackmix
zu Gast
Themenstarter |
#9
So hab nachträglich von Hand noch
29.04.2006 08:49 112.128 CdaC14BA.DLL 29.04.2006 08:49 30.720 CdaC13BA.EXE gelöscht! Report: Nix, weil er nix gefunden hat :-) Dankeschön!!!! |
|
|
||
ich hab gestern etwas rumgesurft und jetzt gehen alle paar Sekunden Flashwerbungen, werbebanner und ganze Fenster mit Sicherheitsfragen auf.
In den laufenden Programmen sind das .exe!
Was kann ich dagegen tun? Mein Popupblocker greift nicht ein, und diese Werbung geht auch auf wenn ich nicht im Internet bin und zum beispiel spiele!
Logfile of HijackThis v1.99.1
Scan saved at 13:00:41, on 30.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programme\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Softex\OmniPass\scureapp.exe
C:\Programme\Lexmark 5200 series\lxbtbmgr.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
C:\Programme\Lexmark 5200 series\lxbtbmon.exe
C:\FRAPS\FRAPS.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\DATA BECKER\Pop-Up & Banner Blocker\asd.exe
C:\Programme\DATA BECKER\Pop-Up & Banner Blocker\dbad.exe
C:\Programme\DATA BECKER\Pop-Up & Banner Blocker\adblock.exe
C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\~ef7194.tmp
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\Rar$EX00.281\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Programme\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DATA BECKER - Dialer-Schutz.lnk = C:\Programme\DATA BECKER\Pop-Up & Banner Blocker\asd.exe
O4 - Global Startup: DATA BECKER - Pop-Up und Banner Blocker.lnk = C:\Programme\DATA BECKER\Pop-Up & Banner Blocker\dbad.exe
O4 - Global Startup: DATA BECKER - Werbebannerblocker.lnk = C:\Programme\DATA BECKER\Pop-Up & Banner Blocker\adblock.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\r46ulej91ho.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Programme\Softex\OmniPass\Omniserv.exe