Der Wurm ist drin |
||
---|---|---|
#0
| ||
14.02.2007, 18:17
Ehrenmitglied
Beiträge: 29434 |
||
|
||
14.02.2007, 18:38
Member
Themenstarter Beiträge: 262 |
#47
Habe ich gemacht - genau die selbe Melung kommt:
Die initialisierung der dll..... Ich habe ignorieren gedrückt dann kam dieser Report L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "sv1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ wmvcore.dll Thu 7 Dec 2006 6:29:34 A.... 2.374.472 2,26 M 1 item found: 1 file, 0 directories. Total of file sizes: 2.374.472 bytes 2,26 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2765-140C Verzeichnis von C:\WINDOWS\System32 11.07.2002 17:52 <DIR> Microsoft 10.07.2002 20:00 <DIR> dllcache 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 65.514.176.512 Bytes frei |
|
|
||
14.02.2007, 19:32
Ehrenmitglied
Beiträge: 29434 |
#48
fein die dll sind geloescht
IM NORMALMODUS - (kein abges.Modus...........) RunThis.bat doppelt klicken http://virus-protect.org/artikel/tools/sdfix.html reinschreiben: 1 1 : es wird a-squared geladen a-squared 1. update 2. full scan 3. full scan (heuristic/riskware scanning enabled) - scanne 4. save quarantine list poste den scanreport - muesstest du finden, wenn du 4 eingibst. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.02.2007, 19:37
Member
Themenstarter Beiträge: 262 |
||
|
||
15.02.2007, 12:43
Member
Themenstarter Beiträge: 262 |
#50
Hallo
a-squared Command Line Scanner v. 2.0.0.103 (c) 2006 Emsi Software GmbH - www.emsisoft.com ID Object 0 Key: HKEY_LOCAL_MACHINE\software\myway\mybar detected: Trace.Registry.MyWaySpeedbar 1 C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\precisiontime detected: Trace.Directory.Claria.PrecisionTime 2 C:\Programme\mlh detected: Trace.Directory.DownloadWare 3 Key: HKEY_LOCAL_MACHINE\software\myway detected: Trace.Registry.MyWaySpeedbar 4 C:\Programme\recommended hotfix - 421701d detected: Trace.Directory.NetworkEssentials 5 Key: HKEY_CLASSES_ROOT\clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToobar 6 C:\WINDOWS\gatorpatch.log detected: Trace.File.Claria.CommonComponents 7 Key: HKEY_CLASSES_ROOT\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3} detected: Trace.Registry.MyWebSearchToobar 8 C:\WINDOWS\gatorpdpsetup.log detected: Trace.File.Claria.CommonComponents 9 Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} detected: Trace.Registry.MyWebSearchToobar 10 C:\WINDOWS\gatorgaininstaller.log detected: Trace.File.Claria.GotSmiley 11 Key: HKEY_CLASSES_ROOT\appid\hp.exe detected: Trace.Registry.NetworkEssentials 12 C:\WINDOWS\iconz.exe detected: Trace.File.Ezula 13 Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{0421701d-cf13-4e70-adf0-45a953e7cb8b} detected: Trace.Registry.NetworkEssentials 14 C:\WINDOWS\system32\msrev23.dll detected: Trace.File.Ezula 15 Key: HKEY_CLASSES_ROOT\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} detected: Trace.Registry.RXToolbar 16 C:\WINDOWS\system32\msrev43.dll detected: Trace.File.Ezula 17 Key: HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 detected: Trace.Registry.RXToolbar 18 C:\WINDOWS\system32\msrev21.dll detected: Trace.File.Suspicious 19 Key: HKEY_CLASSES_ROOT\rxresult.rxresultfilter detected: Trace.Registry.RXToolbar 20 C:\WINDOWS\smdat32a.sys detected: Trace.File.Twain-Tech 21 Key: HKEY_CLASSES_ROOT\rxresult.rxresulttracker.1 detected: Trace.Registry.RXToolbar 22 C:\WINDOWS\smdat32m.sys detected: Trace.File.Twain-Tech 23 Key: HKEY_CLASSES_ROOT\rxresult.rxresulttracker detected: Trace.Registry.RXToolbar 24 C:\WINDOWS\twaintec.ini detected: Trace.File.Twain-Tech 25 Key: HKEY_CLASSES_ROOT\clsid\{417386c3-8d4a-4611-9b91-e57e89d603ac} detected: Trace.Registry.AdDestroyer 26 Key: HKEY_CLASSES_ROOT\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b} detected: Trace.Registry.AdDestroyer 27 Key: HKEY_CLASSES_ROOT\interface\{10d7db96-56dc-4617-8eab-ec506abe6c7e} detected: Trace.Registry.AdDestroyer 28 Key: HKEY_CLASSES_ROOT\interface\{6cdc3337-01f7-4a79-a4af-0b19303cc0be} detected: Trace.Registry.AdDestroyer 29 Key: HKEY_CLASSES_ROOT\interface\{795398d0-dc2f-4118-a69c-592273ba9c2b} detected: Trace.Registry.AdDestroyer 30 Key: HKEY_CLASSES_ROOT\interface\{b288f21c-a144-4ca2-9b70-8afa1fae4b06} detected: Trace.Registry.AdDestroyer 31 Key: HKEY_CLASSES_ROOT\typelib\{d0c29a75-7146-4737-98ee-bc4d7cf44af9} detected: Trace.Registry.AdDestroyer 32 Key: HKEY_CLASSES_ROOT\typelib\{e0d3b292-a0b0-4640-975c-2f882e039f52} detected: Trace.Registry.AdDestroyer 33 Key: HKEY_CURRENT_USER\software\vb and vba program settings\addestroyer detected: Trace.Registry.AdDestroyer 34 Key: HKEY_LOCAL_MACHINE\software\classes\interface\{f6fbfe07-ca76-438e-b34e-4f4dc41f0123} detected: Trace.Registry.BargainBuddy 35 Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object --> eventmessagefile detected: Trace.Registry.BonziBuddy 36 Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object --> typessupported detected: Trace.Registry.BonziBuddy 37 Key: HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} detected: Trace.Registry.Claria.CommonComponents 38 Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\precisiontime --> slowinfocache detected: Trace.Registry.Claria.Dashbar 39 Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\precisiontime --> changed detected: Trace.Registry.Claria.PrecisionTime 40 Key: HKEY_CURRENT_USER\software\clipgenie detected: Trace.Registry.ClipGenie 41 Key: HKEY_CURRENT_USER\software\traynotifier\clipgenie detected: Trace.Registry.ClipGenie 42 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\clipgenie detected: Trace.Registry.ClipGenie 43 Key: HKEY_LOCAL_MACHINE\software\traynotifier\clipgenie detected: Trace.Registry.ClipGenie 44 Key: HKEY_CLASSES_ROOT\clsid\{1d3bce37-7834-4579-8169-e67681420a98} detected: Trace.Registry.Cydoor.TOPicks.a 45 Key: HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} detected: Trace.Registry.Cydoor.TOPicks.a 46 Key: HKEY_CLASSES_ROOT\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d} detected: Trace.Registry.Cydoor.TOPicks.a 47 Key: HKEY_CLASSES_ROOT\clsid\{def37997-d9c9-4a4b-bf3c-88f99eaceec2} detected: Trace.Registry.Cydoor.TOPicks.a 48 Key: HKEY_CLASSES_ROOT\clsid\{e813099d-5529-47f4-9b37-4afafcb00a43} detected: Trace.Registry.Cydoor.TOPicks.a 49 Key: HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d} detected: Trace.Registry.Cydoor.TOPicks.a 50 Key: HKEY_CLASSES_ROOT\interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5} detected: Trace.Registry.Cydoor.TOPicks.a 51 Key: HKEY_CLASSES_ROOT\interface\{9d4548ce-92fd-4c6c-ae7f-3dbe3bc763d8} detected: Trace.Registry.Cydoor.TOPicks.a 52 Key: HKEY_CLASSES_ROOT\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb} detected: Trace.Registry.Cydoor.TOPicks.a 53 Key: HKEY_CLASSES_ROOT\interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438} detected: Trace.Registry.Cydoor.TOPicks.a 54 Key: HKEY_CLASSES_ROOT\interface\{e813099d-5529-47f4-9b37-4afafcb00a43} detected: Trace.Registry.Cydoor.TOPicks.a 55 Key: HKEY_CURRENT_USER\software\medialoads detected: Trace.Registry.DownloadWare 56 Key: HKEY_LOCAL_MACHINE\software\mlh detected: Trace.Registry.DownloadWare 57 Key: HKEY_CLASSES_ROOT\clsid\{8940e505-72c6-44de-be85-1d746780efbf} detected: Trace.Registry.Ezula 58 Key: HKEY_CLASSES_ROOT\interface\{6e0ed53c-9908-49ed-b055-7cb31b162577} detected: Trace.Registry.Ezula 59 Key: HKEY_CLASSES_ROOT\interface\{830d3aed-2fa9-454f-b266-d931862bbf34} detected: Trace.Registry.Ezula 60 Key: HKEY_CLASSES_ROOT\interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273} detected: Trace.Registry.Ezula 61 Key: HKEY_CLASSES_ROOT\interface\{9bcdd51b-4a7b-446c-8452-d32d38004582} detected: Trace.Registry.Ezula 62 Key: HKEY_CLASSES_ROOT\interface\{a986f4db-792e-4571-8974-0bb6e024766f} detected: Trace.Registry.Ezula 63 Key: HKEY_CLASSES_ROOT\interface\{bccab53d-0895-40c3-a942-a03538ce227a} detected: Trace.Registry.Ezula 64 Key: HKEY_CLASSES_ROOT\interface\{c0f88e9e-dceb-4655-968a-ae508a677c39} detected: Trace.Registry.Ezula 65 Key: HKEY_CLASSES_ROOT\interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c} detected: Trace.Registry.Ezula 66 Key: HKEY_CLASSES_ROOT\typelib\{5e594162-60a9-487d-84b8-dbdd716cb862} detected: Trace.Registry.Ezula 67 Key: HKEY_CLASSES_ROOT\interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} detected: Trace.Registry.FunWebProducts 68 Key: HKEY_LOCAL_MACHINE\software\fun web products detected: Trace.Registry.FunWebProducts 69 Key: HKEY_LOCAL_MACHINE\software\funwebproducts detected: Trace.Registry.FunWebProducts 70 Key: HKEY_CLASSES_ROOT\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64} detected: Trace.Registry.Grokster 71 Key: HKEY_CLASSES_ROOT\typelib\{676f6d1d-c559-42a9-860b-27c1477b7179} detected: Trace.Registry.Grokster 72 Key: HKEY_CLASSES_ROOT\typelib\{bff4f684-677e-44f4-8c74-1d575c950e10} detected: Trace.Registry.Grokster 73 Key: HKEY_CLASSES_ROOT\clsid\{6fb2639a-4ba3-4531-8db8-fab03e0a8ffd} detected: Trace.Registry.HotBar 74 Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser --> {b195b3b3-8a05-11d3-97a4-0004aca6948e} detected: Trace.Registry.HotBar 75 Key: HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} detected: Trace.Registry.KaZaA 76 Key: HKEY_CURRENT_USER\software\kazaa detected: Trace.Registry.KaZaA 77 Key: HKEY_LOCAL_MACHINE\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} detected: Trace.Registry.KaZaA 78 Key: HKEY_LOCAL_MACHINE\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62} detected: Trace.Registry.KaZaA 79 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0 detected: Trace.Registry.KaZaA 80 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0seconds detected: Trace.Registry.KaZaA 81 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b1 detected: Trace.Registry.KaZaA 82 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> b detected: Trace.Registry.KaZaA 83 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> time detected: Trace.Registry.KaZaA 84 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0 detected: Trace.Registry.KaZaA 85 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0seconds detected: Trace.Registry.KaZaA 86 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b1 detected: Trace.Registry.KaZaA 87 Value: HKEY_LOCAL_MACHINE\software\kazaa\cloudload --> sharedir detected: Trace.Registry.KaZaA 88 Key: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo detected: Trace.Registry.KaZaA 89 Key: HKEY_LOCAL_MACHINE\software\kazaa\localcontent detected: Trace.Registry.KaZaA 90 Key: HKEY_LOCAL_MACHINE\software\kazaa detected: Trace.Registry.KaZaA 91 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking detected: Trace.Registry.KaZaA 92 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\d:\installshield\kazaa detected: Trace.Registry.KaZaA 93 Key: HKEY_LOCAL_MACHINE\software\sharman networks ltd detected: Trace.Registry.KaZaA 94 Key: HKEY_CLASSES_ROOT\appid\{6e0afb50-ab22-477c-b16a-aa155937791c} detected: Trace.Registry.MyDailyHoroscope 95 Key: HKEY_CLASSES_ROOT\appid\mydailyhoroscope.exe detected: Trace.Registry.MyDailyHoroscope 96 Key: HKEY_CURRENT_USER\software\enconfidence detected: Trace.Registry.MyDailyHoroscope 97 Key: HKEY_LOCAL_MACHINE\software\enconfidence detected: Trace.Registry.MyDailyHoroscope 98 Key: HKEY_CLASSES_ROOT\mywaytoolbar.settingsplugin.1 detected: Trace.Registry.MyWay 99 Key: HKEY_CLASSES_ROOT\mywaytoolbar.settingsplugin detected: Trace.Registry.MyWay 100 Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser --> {0494d0d9-f8e0-41ad-92a3-14154ece70ac} detected: Trace.Registry.MyWay 101 Key: HKEY_CLASSES_ROOT\mywaytoolbar.netscapeshutdown.1 detected: Trace.Registry.MyWaySpeedbar 102 Key: HKEY_CLASSES_ROOT\mywaytoolbar.netscapeshutdown detected: Trace.Registry.MyWaySpeedbar 103 Key: HKEY_CLASSES_ROOT\mywaytoolbar.netscapestartup.1 detected: Trace.Registry.MyWaySpeedbar 104 Key: HKEY_CLASSES_ROOT\mywaytoolbar.netscapestartup detected: Trace.Registry.MyWaySpeedbar 105 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\my way speedbar uninstall detected: Trace.Registry.MyWaySpeedbar 106 Key: HKEY_CLASSES_ROOT\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6} detected: Trace.Registry.RXToolbar 107 Key: HKEY_CLASSES_ROOT\clsid\{3646c2bd-3554-49ca-8125-44deefb881de} detected: Trace.Registry.SearchCentrix 108 Key: HKEY_CLASSES_ROOT\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0} detected: Trace.Registry.SearchCentrix 109 Key: HKEY_CLASSES_ROOT\clsid\{002f4e27-b273-4fa5-adfc-1fb9ed210b37} detected: Trace.Registry.Search-Exe 110 Key: HKEY_CLASSES_ROOT\interface\{83a13e87-fa20-4b6a-aae8-c1226b5e1573} detected: Trace.Registry.Search-Exe 111 Value: HKEY_LOCAL_MACHINE\software\microsoft\cryptography\services --> vurl detected: Trace.Registry.SpediaBar 112 Key: HKEY_CLASSES_ROOT\clsid\{000020dd-c72e-4113-af77-dd56626c6c42} detected: Trace.Registry.Twain-Tech 113 Value: HKEY_LOCAL_MACHINE\software\wise solutions\wise installation system\repair\c:/windows/system32/innervbinstall.log --> 2\software\microsoft\cryptography\services\\rurl detected: Trace.Registry.VirtualBouncer 114 Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata --> tuid detected: Trace.Registry.WebSearchToolbar 115 Key: HKEY_CLASSES_ROOT\clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7} detected: Trace.Registry.WinTools 116 Key: HKEY_CLASSES_ROOT\clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d} detected: Trace.Registry.WinTools 117 Value: HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.MyWay 118 Value: HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.MyWay 119 Value: HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.MyWay 120 Value: HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.MyWay 121 Value: HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.MyWay 122 Value: HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.MyWay 123 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Way Speedbar Uninstall --> Changed detected: Trace.Registry.MyWay 124 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Way Speedbar Uninstall --> SlowInfoCache detected: Trace.Registry.MyWay 125 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@cgi-bin[1].txt detected: Trace.TrackingCookie 126 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@adserver.adultfriendfinder[2].txt detected: Trace.TrackingCookie 127 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@advertising[2].txt detected: Trace.TrackingCookie 128 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@mediaplex[1].txt detected: Trace.TrackingCookie 129 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\logodumb.exe detected: Heuristic.LOP 130 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@server.iad.liveperson[1].txt detected: Trace.TrackingCookie 131 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\SIGNTRUST.exe detected: Heuristic.LOP 132 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@comdirect[1].txt detected: Trace.TrackingCookie 133 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\globalmeal.exe detected: Heuristic.LOP 134 C:\SDFix\apps\Process.exe detected: Riskware.RiskTool.Win32.Processor.20 135 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\Mpeg Plan.exe detected: Heuristic.LOP 136 C:\WINDOWS\system32\NLNP13.dll detected: Adware.IGetNet 137 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\Bird hole.exe detected: Heuristic.LOP 138 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\Barb That.exe detected: Heuristic.LOP 139 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\supportshim.exe detected: Heuristic.LOP 140 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\Seek Warn.exe detected: Heuristic.LOP 141 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\bowstime.exe detected: Heuristic.LOP 142 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\one bend.exe detected: Heuristic.LOP 143 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\DentLite.exe detected: Heuristic.LOP 144 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\junkuser.exe detected: Heuristic.LOP 145 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\DrawTray.exe detected: Heuristic.LOP 146 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\funk view.exe detected: Heuristic.LOP 147 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\Data barb.exe detected: Heuristic.LOP 148 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\tons platform.exe detected: Heuristic.LOP 149 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\beep eq.exe detected: Heuristic.LOP 150 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\gplbook.exe detected: Heuristic.LOP 151 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\Cool Title.exe detected: Heuristic.LOP 152 C:\Dokumente und Einstellungen\Suzan Shalabi\Desktop\backups\backup-20070210-152510-777.dll detected: Heuristic.LOP 153 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@mediaplex[1].txt detected: Trace.TrackingCookie 154 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@advertising[2].txt detected: Trace.TrackingCookie |
|
|
||
15.02.2007, 13:27
Ehrenmitglied
Beiträge: 29434 |
#51
Avenger
Zitat registry keys to delete:«« poste das log vom avenger, was nach neustart erscheint «« erstelle eine ok.bat - kopiere nur ganz am ende vom text das hier ab: Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.02.2007, 13:45
Member
Themenstarter Beiträge: 262 |
#52
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\nocwvpdl ******************* Script file located at: \??\C:\WINDOWS\vjhdxcqn.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKLM\system\currentcontrolset\services\eventlog\application\easymail pop3 object deleted successfully. File C:\WINDOWS\iconz.exe not found! Deletion of file C:\WINDOWS\iconz.exe failed! Could not process line: C:\WINDOWS\iconz.exe Status: 0xc0000034 File C:\WINDOWS\system32\msrev23.dll not found! Deletion of file C:\WINDOWS\system32\msrev23.dll failed! Could not process line: C:\WINDOWS\system32\msrev23.dll Status: 0xc0000034 File C:\WINDOWS\twaintec.ini not found! Deletion of file C:\WINDOWS\twaintec.ini failed! Could not process line: C:\WINDOWS\twaintec.ini Status: 0xc0000034 File c:\windows\system32\innervbinstall.log deleted successfully. File C:\WINDOWS\system32\NLNP13.dll not found! Deletion of file C:\WINDOWS\system32\NLNP13.dll failed! Could not process line: C:\WINDOWS\system32\NLNP13.dll Status: 0xc0000034 Folder C:\Programme\MLH not found! Deletion of folder C:\Programme\MLH failed! Could not process line: C:\Programme\MLH Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies deleted successfully. Folder C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\precisiontime not found! Deletion of folder C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\precisiontime failed! Could not process line: C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\precisiontime Status: 0xc0000034 Registry key HKLM\software\microsoft\windows\currentversion\uninstall\my way speedbar uninstall not found! Deletion of registry key HKLM\software\microsoft\windows\currentversion\uninstall\my way speedbar uninstall failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Way Speedbar Uninstall deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\myway not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\myway failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\traynotifier\clipgenie not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\traynotifier\clipgenie failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\traynotifier deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\mlh not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\mlh failed! Status: 0xc0000034 Registry key HKLM\software\microsoft\windows\currentversion\uninstall\clipgenie not found! Deletion of registry key HKLM\software\microsoft\windows\currentversion\uninstall\clipgenie failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\classes\interface\{f6fbfe07-ca76-438e-b34e-4f4dc41f0123} not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\classes\interface\{f6fbfe07-ca76-438e-b34e-4f4dc41f0123} failed! Status: 0xc0000034 Registry key HKLM\software\microsoft\windows\currentversion\app management\arpcache\precisiontime deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\fun web products not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\fun web products failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\funwebproducts not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\funwebproducts failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62} not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\kazaa not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\kazaa failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\sharman networks ltd not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\sharman networks ltd failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\enconfidence not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\enconfidence failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. cd\ dir "C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme" >>files.txt notepad files.txt -------- Also das log als ok.bat auf dem Desktop speichern mit diesem kleinen script von Dir (unten dazugefügt) Siehe im Textfeld oben ? Habe ich das richtig verstanden ? |
|
|
||
15.02.2007, 14:13
Ehrenmitglied
Beiträge: 29434 |
#53
ja, erstelle eine neue bat-Datei und poste nur ganz am ende, was erscheint unter
All Users.WINDOWS\Startmenü\Programme __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.02.2007, 14:41
Member
Themenstarter Beiträge: 262 |
#54
Habe ich gemacht, ich hoffe ich habes auch richtig gemacht.
25.07.2005 19:27 <DIR> Roxio Shared 08.08.2005 21:48 <DIR> Macrovision Shared 19.08.2005 14:01 <DIR> DataDesign 0 Datei(en) 0 Bytes 19 Verzeichnis(se), 65.505.230.848 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2765-140C Verzeichnis von C:\Windows\tasks 10.07.2002 20:15 <DIR> . 10.07.2002 20:15 <DIR> .. 15.02.2007 10:55 412 Symantec NetDetect.job 13.02.2007 20:55 398 FRU Task #Hewlett-Packard#hp psc 2200 series#1074196461.job 2 Datei(en) 810 Bytes 2 Verzeichnis(se), 65.505.230.848 Bytes frei |
|
|
||
15.02.2007, 14:57
Ehrenmitglied
Beiträge: 29434 |
#55
ich will sehen, welche programme im Startmenü sind
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.02.2007, 17:11
Member
Themenstarter Beiträge: 262 |
#56
Auto Start
AVG Anti Spyware Helwet Packard Lexware Buchhalter Lexware Lohn Microsoft Office Tools Nero Olympus Master Phillips Viesta Camera Skype Spiele Verwaltung Winzip Zubehör Acrobat Reader desktop.bat MSN Sxplorer MSN Messenger 7.0 MSN Messenger 7.5 ok.bat (stapelverarbeitungsdatei für MS DOS Windows Medssender Verkn. Sollte ich ein paar Dateien Löschen löschen ? Es taucht immer die Meldung auf zu wenig speicher. Gruss |
|
|
||
15.02.2007, 18:06
Ehrenmitglied
Beiträge: 29434 |
#57
««
AVG Anti Spyware - scanne noch mal - alles loeschen, was noch gefunden wird, dann deinstalliere den scanner wieder »» dr.web -scanne ebenfalls noch mal , dann deinstallieren «« http://virus-protect.org/reinigungstoolsregistry.html wende NUR an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner berichte, wieviele Fehler behoben wurden __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.02.2007, 08:48
Member
Themenstarter Beiträge: 262 |
#58
1500 Probleme hat er gefunden und alle bereinigt.
Die Schnellstartleiste ist leider nicht sichtbar hast Du eine Idee ? |
|
|
||
16.02.2007, 10:59
Ehrenmitglied
Beiträge: 29434 |
#59
««
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren) «« versuche, ob es mit dieser Umstellung in der Registry wieder klappt. Start - Ausfuehren - regedit # HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies Explorer # Doppelklicken Sie auf den Schlüssel "NoToolbarsOnTaskbar". - 0 = Die Taskleiste zeigt alle Symbolleisten an. http://www.windowspage.de/frame.php?http://www.windowspage.de/windowsxp/desktop/notoolbarsontaskbar.html «« klicke auf C:\ (rechtsklick) - Eigenschaften, dann berichte, wie viel freier Speicherplatz (in MB) vorhanden ist. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.02.2007, 11:44
Member
Themenstarter Beiträge: 262 |
#60
Belegter Speicher 10 GB
Freier Speicher 62 GB |
|
|
||
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script
Zitat
»»dann poste noch mal das log - option 1 von L2mfix
__________
MfG Sabina
rund um die PC-Sicherheit