Home » Spyware & Browser Hijacker Support Forum » Der Wurm ist drin » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2 3 4 5 6 7

Antworten

Der Wurm ist drin

14.02.2007, 18:17

Sabina

Ehrenmitglied

Beiträge: 29434

#46 Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Files to delete:
C:\Dokumente und Einstellungen\Suzan Shalabi\Startmenü\Programme\Autostart\Virtual Bouncer.lnk
C:\WINDOWS\system32\McIDENT.DLL
C:\WINDOWS\system32\SpDOCVW.DLL
C:\WINDOWS\system32\UhLMON.DLL
C:\WINDOWS\system32\SvLWAPI.DLL
C:\Dokumente und Einstellungen\Owner.ORGANISA-711200\Lokale Einstellungen\Temp\ZTR41.tmp
C:\Dokumente und Einstellungen\Suzan Shalabi\Eigene Dateien\suzan\~WRL0503.tmp

»»
dann poste noch mal das log - option 1 von L2mfix
__________
MfG Sabina

rund um die PC-Sicherheit

14.02.2007, 18:38

r123s

Member

Themenstarter

Beiträge: 262

#47 Habe ich gemacht - genau die selbe Melung kommt:

Die initialisierung der dll.....

Ich habe ignorieren gedrückt dann kam dieser Report

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"sv1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
wmvcore.dll Thu 7 Dec 2006 6:29:34 A.... 2.374.472 2,26 M

1 item found: 1 file, 0 directories.
Total of file sizes: 2.374.472 bytes 2,26 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2765-140C

Verzeichnis von C:\WINDOWS\System32

11.07.2002 17:52 <DIR> Microsoft
10.07.2002 20:00 <DIR> dllcache
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 65.514.176.512 Bytes frei

14.02.2007, 19:32

Sabina

Ehrenmitglied

Beiträge: 29434

#48 fein

die dll sind geloescht

IM NORMALMODUS - (kein abges.Modus...........)

RunThis.bat doppelt klicken
http://virus-protect.org/artikel/tools/sdfix.html
reinschreiben: 1

1 : es wird a-squared geladen

a-squared

1. update
2. full scan
3. full scan (heuristic/riskware scanning enabled) - scanne
4. save quarantine list

poste den scanreport - muesstest du finden, wenn du 4 eingibst.
__________
MfG Sabina

rund um die PC-Sicherheit

14.02.2007, 19:37

r123s

Member

Themenstarter

Beiträge: 262

#49 Danke für die Info
Ich mach das morgen früh.
Der Tag war anstregend
Gute Nacht
Suzi

15.02.2007, 12:43

r123s

Member

Themenstarter

Beiträge: 262

#50 Hallo

a-squared Command Line Scanner v. 2.0.0.103
(c) 2006 Emsi Software GmbH - www.emsisoft.com

ID Object
0 Key: HKEY_LOCAL_MACHINE\software\myway\mybar detected: Trace.Registry.MyWaySpeedbar
1 C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\precisiontime detected: Trace.Directory.Claria.PrecisionTime
2 C:\Programme\mlh detected: Trace.Directory.DownloadWare
3 Key: HKEY_LOCAL_MACHINE\software\myway detected: Trace.Registry.MyWaySpeedbar
4 C:\Programme\recommended hotfix - 421701d detected: Trace.Directory.NetworkEssentials
5 Key: HKEY_CLASSES_ROOT\clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToobar
6 C:\WINDOWS\gatorpatch.log detected: Trace.File.Claria.CommonComponents
7 Key: HKEY_CLASSES_ROOT\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3} detected: Trace.Registry.MyWebSearchToobar
8 C:\WINDOWS\gatorpdpsetup.log detected: Trace.File.Claria.CommonComponents
9 Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} detected: Trace.Registry.MyWebSearchToobar
10 C:\WINDOWS\gatorgaininstaller.log detected: Trace.File.Claria.GotSmiley
11 Key: HKEY_CLASSES_ROOT\appid\hp.exe detected: Trace.Registry.NetworkEssentials
12 C:\WINDOWS\iconz.exe detected: Trace.File.Ezula
13 Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{0421701d-cf13-4e70-adf0-45a953e7cb8b} detected: Trace.Registry.NetworkEssentials
14 C:\WINDOWS\system32\msrev23.dll detected: Trace.File.Ezula
15 Key: HKEY_CLASSES_ROOT\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} detected: Trace.Registry.RXToolbar
16 C:\WINDOWS\system32\msrev43.dll detected: Trace.File.Ezula
17 Key: HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 detected: Trace.Registry.RXToolbar
18 C:\WINDOWS\system32\msrev21.dll detected: Trace.File.Suspicious
19 Key: HKEY_CLASSES_ROOT\rxresult.rxresultfilter detected: Trace.Registry.RXToolbar
20 C:\WINDOWS\smdat32a.sys detected: Trace.File.Twain-Tech
21 Key: HKEY_CLASSES_ROOT\rxresult.rxresulttracker.1 detected: Trace.Registry.RXToolbar
22 C:\WINDOWS\smdat32m.sys detected: Trace.File.Twain-Tech
23 Key: HKEY_CLASSES_ROOT\rxresult.rxresulttracker detected: Trace.Registry.RXToolbar
24 C:\WINDOWS\twaintec.ini detected: Trace.File.Twain-Tech
25 Key: HKEY_CLASSES_ROOT\clsid\{417386c3-8d4a-4611-9b91-e57e89d603ac} detected: Trace.Registry.AdDestroyer
26 Key: HKEY_CLASSES_ROOT\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b} detected: Trace.Registry.AdDestroyer
27 Key: HKEY_CLASSES_ROOT\interface\{10d7db96-56dc-4617-8eab-ec506abe6c7e} detected: Trace.Registry.AdDestroyer
28 Key: HKEY_CLASSES_ROOT\interface\{6cdc3337-01f7-4a79-a4af-0b19303cc0be} detected: Trace.Registry.AdDestroyer
29 Key: HKEY_CLASSES_ROOT\interface\{795398d0-dc2f-4118-a69c-592273ba9c2b} detected: Trace.Registry.AdDestroyer
30 Key: HKEY_CLASSES_ROOT\interface\{b288f21c-a144-4ca2-9b70-8afa1fae4b06} detected: Trace.Registry.AdDestroyer
31 Key: HKEY_CLASSES_ROOT\typelib\{d0c29a75-7146-4737-98ee-bc4d7cf44af9} detected: Trace.Registry.AdDestroyer
32 Key: HKEY_CLASSES_ROOT\typelib\{e0d3b292-a0b0-4640-975c-2f882e039f52} detected: Trace.Registry.AdDestroyer
33 Key: HKEY_CURRENT_USER\software\vb and vba program settings\addestroyer detected: Trace.Registry.AdDestroyer
34 Key: HKEY_LOCAL_MACHINE\software\classes\interface\{f6fbfe07-ca76-438e-b34e-4f4dc41f0123} detected: Trace.Registry.BargainBuddy
35 Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object --> eventmessagefile detected: Trace.Registry.BonziBuddy
36 Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object --> typessupported detected: Trace.Registry.BonziBuddy
37 Key: HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} detected: Trace.Registry.Claria.CommonComponents
38 Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\precisiontime --> slowinfocache detected: Trace.Registry.Claria.Dashbar
39 Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\precisiontime --> changed detected: Trace.Registry.Claria.PrecisionTime
40 Key: HKEY_CURRENT_USER\software\clipgenie detected: Trace.Registry.ClipGenie
41 Key: HKEY_CURRENT_USER\software\traynotifier\clipgenie detected: Trace.Registry.ClipGenie
42 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\clipgenie detected: Trace.Registry.ClipGenie
43 Key: HKEY_LOCAL_MACHINE\software\traynotifier\clipgenie detected: Trace.Registry.ClipGenie
44 Key: HKEY_CLASSES_ROOT\clsid\{1d3bce37-7834-4579-8169-e67681420a98} detected: Trace.Registry.Cydoor.TOPicks.a
45 Key: HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} detected: Trace.Registry.Cydoor.TOPicks.a
46 Key: HKEY_CLASSES_ROOT\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d} detected: Trace.Registry.Cydoor.TOPicks.a
47 Key: HKEY_CLASSES_ROOT\clsid\{def37997-d9c9-4a4b-bf3c-88f99eaceec2} detected: Trace.Registry.Cydoor.TOPicks.a
48 Key: HKEY_CLASSES_ROOT\clsid\{e813099d-5529-47f4-9b37-4afafcb00a43} detected: Trace.Registry.Cydoor.TOPicks.a
49 Key: HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d} detected: Trace.Registry.Cydoor.TOPicks.a
50 Key: HKEY_CLASSES_ROOT\interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5} detected: Trace.Registry.Cydoor.TOPicks.a
51 Key: HKEY_CLASSES_ROOT\interface\{9d4548ce-92fd-4c6c-ae7f-3dbe3bc763d8} detected: Trace.Registry.Cydoor.TOPicks.a
52 Key: HKEY_CLASSES_ROOT\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb} detected: Trace.Registry.Cydoor.TOPicks.a
53 Key: HKEY_CLASSES_ROOT\interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438} detected: Trace.Registry.Cydoor.TOPicks.a
54 Key: HKEY_CLASSES_ROOT\interface\{e813099d-5529-47f4-9b37-4afafcb00a43} detected: Trace.Registry.Cydoor.TOPicks.a
55 Key: HKEY_CURRENT_USER\software\medialoads detected: Trace.Registry.DownloadWare
56 Key: HKEY_LOCAL_MACHINE\software\mlh detected: Trace.Registry.DownloadWare
57 Key: HKEY_CLASSES_ROOT\clsid\{8940e505-72c6-44de-be85-1d746780efbf} detected: Trace.Registry.Ezula
58 Key: HKEY_CLASSES_ROOT\interface\{6e0ed53c-9908-49ed-b055-7cb31b162577} detected: Trace.Registry.Ezula
59 Key: HKEY_CLASSES_ROOT\interface\{830d3aed-2fa9-454f-b266-d931862bbf34} detected: Trace.Registry.Ezula
60 Key: HKEY_CLASSES_ROOT\interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273} detected: Trace.Registry.Ezula
61 Key: HKEY_CLASSES_ROOT\interface\{9bcdd51b-4a7b-446c-8452-d32d38004582} detected: Trace.Registry.Ezula
62 Key: HKEY_CLASSES_ROOT\interface\{a986f4db-792e-4571-8974-0bb6e024766f} detected: Trace.Registry.Ezula
63 Key: HKEY_CLASSES_ROOT\interface\{bccab53d-0895-40c3-a942-a03538ce227a} detected: Trace.Registry.Ezula
64 Key: HKEY_CLASSES_ROOT\interface\{c0f88e9e-dceb-4655-968a-ae508a677c39} detected: Trace.Registry.Ezula
65 Key: HKEY_CLASSES_ROOT\interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c} detected: Trace.Registry.Ezula
66 Key: HKEY_CLASSES_ROOT\typelib\{5e594162-60a9-487d-84b8-dbdd716cb862} detected: Trace.Registry.Ezula
67 Key: HKEY_CLASSES_ROOT\interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} detected: Trace.Registry.FunWebProducts
68 Key: HKEY_LOCAL_MACHINE\software\fun web products detected: Trace.Registry.FunWebProducts
69 Key: HKEY_LOCAL_MACHINE\software\funwebproducts detected: Trace.Registry.FunWebProducts
70 Key: HKEY_CLASSES_ROOT\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64} detected: Trace.Registry.Grokster
71 Key: HKEY_CLASSES_ROOT\typelib\{676f6d1d-c559-42a9-860b-27c1477b7179} detected: Trace.Registry.Grokster
72 Key: HKEY_CLASSES_ROOT\typelib\{bff4f684-677e-44f4-8c74-1d575c950e10} detected: Trace.Registry.Grokster
73 Key: HKEY_CLASSES_ROOT\clsid\{6fb2639a-4ba3-4531-8db8-fab03e0a8ffd} detected: Trace.Registry.HotBar
74 Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser --> {b195b3b3-8a05-11d3-97a4-0004aca6948e} detected: Trace.Registry.HotBar
75 Key: HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} detected: Trace.Registry.KaZaA
76 Key: HKEY_CURRENT_USER\software\kazaa detected: Trace.Registry.KaZaA
77 Key: HKEY_LOCAL_MACHINE\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} detected: Trace.Registry.KaZaA
78 Key: HKEY_LOCAL_MACHINE\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62} detected: Trace.Registry.KaZaA
79 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0 detected: Trace.Registry.KaZaA
80 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0seconds detected: Trace.Registry.KaZaA
81 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b1 detected: Trace.Registry.KaZaA
82 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> b detected: Trace.Registry.KaZaA
83 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> time detected: Trace.Registry.KaZaA
84 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0 detected: Trace.Registry.KaZaA
85 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0seconds detected: Trace.Registry.KaZaA
86 Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b1 detected: Trace.Registry.KaZaA
87 Value: HKEY_LOCAL_MACHINE\software\kazaa\cloudload --> sharedir detected: Trace.Registry.KaZaA
88 Key: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo detected: Trace.Registry.KaZaA
89 Key: HKEY_LOCAL_MACHINE\software\kazaa\localcontent detected: Trace.Registry.KaZaA
90 Key: HKEY_LOCAL_MACHINE\software\kazaa detected: Trace.Registry.KaZaA
91 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking detected: Trace.Registry.KaZaA
92 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\d:\installshield\kazaa detected: Trace.Registry.KaZaA
93 Key: HKEY_LOCAL_MACHINE\software\sharman networks ltd detected: Trace.Registry.KaZaA
94 Key: HKEY_CLASSES_ROOT\appid\{6e0afb50-ab22-477c-b16a-aa155937791c} detected: Trace.Registry.MyDailyHoroscope
95 Key: HKEY_CLASSES_ROOT\appid\mydailyhoroscope.exe detected: Trace.Registry.MyDailyHoroscope
96 Key: HKEY_CURRENT_USER\software\enconfidence detected: Trace.Registry.MyDailyHoroscope
97 Key: HKEY_LOCAL_MACHINE\software\enconfidence detected: Trace.Registry.MyDailyHoroscope
98 Key: HKEY_CLASSES_ROOT\mywaytoolbar.settingsplugin.1 detected: Trace.Registry.MyWay
99 Key: HKEY_CLASSES_ROOT\mywaytoolbar.settingsplugin detected: Trace.Registry.MyWay
100 Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser --> {0494d0d9-f8e0-41ad-92a3-14154ece70ac} detected: Trace.Registry.MyWay
101 Key: HKEY_CLASSES_ROOT\mywaytoolbar.netscapeshutdown.1 detected: Trace.Registry.MyWaySpeedbar
102 Key: HKEY_CLASSES_ROOT\mywaytoolbar.netscapeshutdown detected: Trace.Registry.MyWaySpeedbar
103 Key: HKEY_CLASSES_ROOT\mywaytoolbar.netscapestartup.1 detected: Trace.Registry.MyWaySpeedbar
104 Key: HKEY_CLASSES_ROOT\mywaytoolbar.netscapestartup detected: Trace.Registry.MyWaySpeedbar
105 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\my way speedbar uninstall detected: Trace.Registry.MyWaySpeedbar
106 Key: HKEY_CLASSES_ROOT\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6} detected: Trace.Registry.RXToolbar
107 Key: HKEY_CLASSES_ROOT\clsid\{3646c2bd-3554-49ca-8125-44deefb881de} detected: Trace.Registry.SearchCentrix
108 Key: HKEY_CLASSES_ROOT\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0} detected: Trace.Registry.SearchCentrix
109 Key: HKEY_CLASSES_ROOT\clsid\{002f4e27-b273-4fa5-adfc-1fb9ed210b37} detected: Trace.Registry.Search-Exe
110 Key: HKEY_CLASSES_ROOT\interface\{83a13e87-fa20-4b6a-aae8-c1226b5e1573} detected: Trace.Registry.Search-Exe
111 Value: HKEY_LOCAL_MACHINE\software\microsoft\cryptography\services --> vurl detected: Trace.Registry.SpediaBar
112 Key: HKEY_CLASSES_ROOT\clsid\{000020dd-c72e-4113-af77-dd56626c6c42} detected: Trace.Registry.Twain-Tech
113 Value: HKEY_LOCAL_MACHINE\software\wise solutions\wise installation system\repair\c:/windows/system32/innervbinstall.log --> 2\software\microsoft\cryptography\services\\rurl detected: Trace.Registry.VirtualBouncer
114 Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata --> tuid detected: Trace.Registry.WebSearchToolbar
115 Key: HKEY_CLASSES_ROOT\clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7} detected: Trace.Registry.WinTools
116 Key: HKEY_CLASSES_ROOT\clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d} detected: Trace.Registry.WinTools
117 Value: HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.MyWay
118 Value: HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.MyWay
119 Value: HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.MyWay
120 Value: HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.MyWay
121 Value: HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.MyWay
122 Value: HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.MyWay
123 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Way Speedbar Uninstall --> Changed detected: Trace.Registry.MyWay
124 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Way Speedbar Uninstall --> SlowInfoCache detected: Trace.Registry.MyWay
125 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@cgi-bin[1].txt detected: Trace.TrackingCookie
126 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@adserver.adultfriendfinder[2].txt detected: Trace.TrackingCookie
127 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@advertising[2].txt detected: Trace.TrackingCookie
128 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@mediaplex[1].txt detected: Trace.TrackingCookie
129 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\logodumb.exe detected: Heuristic.LOP
130 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@server.iad.liveperson[1].txt detected: Trace.TrackingCookie
131 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\SIGNTRUST.exe detected: Heuristic.LOP
132 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@comdirect[1].txt detected: Trace.TrackingCookie
133 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\globalmeal.exe detected: Heuristic.LOP
134 C:\SDFix\apps\Process.exe detected: Riskware.RiskTool.Win32.Processor.20
135 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\Mpeg Plan.exe detected: Heuristic.LOP
136 C:\WINDOWS\system32\NLNP13.dll detected: Adware.IGetNet
137 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\Bird hole.exe detected: Heuristic.LOP
138 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\Barb That.exe detected: Heuristic.LOP
139 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\supportshim.exe detected: Heuristic.LOP
140 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\Seek Warn.exe detected: Heuristic.LOP
141 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\bowstime.exe detected: Heuristic.LOP
142 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\one bend.exe detected: Heuristic.LOP
143 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\DentLite.exe detected: Heuristic.LOP
144 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\junkuser.exe detected: Heuristic.LOP
145 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\DrawTray.exe detected: Heuristic.LOP
146 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\funk view.exe detected: Heuristic.LOP
147 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\Data barb.exe detected: Heuristic.LOP
148 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\tons platform.exe detected: Heuristic.LOP
149 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\beep eq.exe detected: Heuristic.LOP
150 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\gplbook.exe detected: Heuristic.LOP
151 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies\Cool Title.exe detected: Heuristic.LOP
152 C:\Dokumente und Einstellungen\Suzan Shalabi\Desktop\backups\backup-20070210-152510-777.dll detected: Heuristic.LOP
153 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@mediaplex[1].txt detected: Trace.TrackingCookie
154 C:\Dokumente und Einstellungen\Suzan Shalabi\Cookies\suzan shalabi@advertising[2].txt detected: Trace.TrackingCookie

15.02.2007, 13:27

Sabina

Ehrenmitglied

Beiträge: 29434

#51 Avenger

Zitat

registry keys to delete:
HKLM\software\microsoft\windows\currentversion\uninstall\my way speedbar uninstall
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Way Speedbar Uninstall
HKEY_LOCAL_MACHINE\software\myway
HKEY_LOCAL_MACHINE\software\traynotifier\clipgenie
HKEY_LOCAL_MACHINE\software\traynotifier
HKEY_LOCAL_MACHINE\software\mlh
HKLM\software\microsoft\windows\currentversion\uninstall\clipgenie
HKEY_LOCAL_MACHINE\software\classes\interface\{f6fbfe07-ca76-438e-b34e-4f4dc41f0123}
HKLM\system\currentcontrolset\services\eventlog\application\easymail pop3 object
HKLM\software\microsoft\windows\currentversion\app management\arpcache\precisiontime
HKEY_LOCAL_MACHINE\software\fun web products
HKEY_LOCAL_MACHINE\software\funwebproducts
HKEY_LOCAL_MACHINE\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}
HKEY_LOCAL_MACHINE\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
HKEY_LOCAL_MACHINE\software\kazaa
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking
HKEY_LOCAL_MACHINE\software\sharman networks ltd
HKEY_LOCAL_MACHINE\software\enconfidence

Files to delete:
C:\WINDOWS\iconz.exe
C:\WINDOWS\system32\msrev23.dll
C:\WINDOWS\twaintec.ini
c:\windows\system32\innervbinstall.log
C:\WINDOWS\system32\NLNP13.dll

Folders to delete:
C:\Programme\MLH
C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies
C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\precisiontime

««
poste das log vom avenger, was nach neustart erscheint

««
erstelle eine ok.bat - kopiere nur ganz am ende vom text das hier ab:

Zitat

cd\
dir "C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

15.02.2007, 13:45

r123s

Member

Themenstarter

Beiträge: 262

#52 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nocwvpdl

*******************

Script file located at: \??\C:\WINDOWS\vjhdxcqn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\system\currentcontrolset\services\eventlog\application\easymail pop3 object deleted successfully.

File C:\WINDOWS\iconz.exe not found!
Deletion of file C:\WINDOWS\iconz.exe failed!

Could not process line:
C:\WINDOWS\iconz.exe
Status: 0xc0000034

File C:\WINDOWS\system32\msrev23.dll not found!
Deletion of file C:\WINDOWS\system32\msrev23.dll failed!

Could not process line:
C:\WINDOWS\system32\msrev23.dll
Status: 0xc0000034

File C:\WINDOWS\twaintec.ini not found!
Deletion of file C:\WINDOWS\twaintec.ini failed!

Could not process line:
C:\WINDOWS\twaintec.ini
Status: 0xc0000034

File c:\windows\system32\innervbinstall.log deleted successfully.

File C:\WINDOWS\system32\NLNP13.dll not found!
Deletion of file C:\WINDOWS\system32\NLNP13.dll failed!

Could not process line:
C:\WINDOWS\system32\NLNP13.dll
Status: 0xc0000034

Folder C:\Programme\MLH not found!
Deletion of folder C:\Programme\MLH failed!

Could not process line:
C:\Programme\MLH
Status: 0xc0000034

Folder C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\faceremoteproclies deleted successfully.

Folder C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\precisiontime not found!
Deletion of folder C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\precisiontime failed!

Could not process line:
C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\precisiontime
Status: 0xc0000034

Registry key HKLM\software\microsoft\windows\currentversion\uninstall\my way speedbar uninstall not found!
Deletion of registry key HKLM\software\microsoft\windows\currentversion\uninstall\my way speedbar uninstall failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Way Speedbar Uninstall deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\myway not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\myway failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\traynotifier\clipgenie not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\traynotifier\clipgenie failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\traynotifier deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\mlh not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\mlh failed!
Status: 0xc0000034

Registry key HKLM\software\microsoft\windows\currentversion\uninstall\clipgenie not found!
Deletion of registry key HKLM\software\microsoft\windows\currentversion\uninstall\clipgenie failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\classes\interface\{f6fbfe07-ca76-438e-b34e-4f4dc41f0123} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\classes\interface\{f6fbfe07-ca76-438e-b34e-4f4dc41f0123} failed!
Status: 0xc0000034

Registry key HKLM\software\microsoft\windows\currentversion\app management\arpcache\precisiontime deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\fun web products not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\fun web products failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\funwebproducts not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\funwebproducts failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\kazaa not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\kazaa failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\sharman networks ltd not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\sharman networks ltd failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\enconfidence not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\enconfidence failed!
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

cd\
dir "C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme" >>files.txt
notepad files.txt

--------

Also das log als ok.bat auf dem Desktop speichern mit diesem kleinen script von Dir (unten dazugefügt) Siehe im Textfeld oben ? Habe ich das richtig verstanden ?

15.02.2007, 14:13

Sabina

Ehrenmitglied

Beiträge: 29434

#53 ja, erstelle eine neue bat-Datei und poste nur ganz am ende, was erscheint unter
All Users.WINDOWS\Startmenü\Programme
__________
MfG Sabina

rund um die PC-Sicherheit

15.02.2007, 14:41

r123s

Member

Themenstarter

Beiträge: 262

#54 Habe ich gemacht, ich hoffe ich habes auch richtig gemacht.

25.07.2005 19:27 <DIR> Roxio Shared
08.08.2005 21:48 <DIR> Macrovision Shared
19.08.2005 14:01 <DIR> DataDesign
0 Datei(en) 0 Bytes
19 Verzeichnis(se), 65.505.230.848 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2765-140C

Verzeichnis von C:\Windows\tasks

10.07.2002 20:15 <DIR> .
10.07.2002 20:15 <DIR> ..
15.02.2007 10:55 412 Symantec NetDetect.job
13.02.2007 20:55 398 FRU Task #Hewlett-Packard#hp psc 2200 series#1074196461.job
2 Datei(en) 810 Bytes
2 Verzeichnis(se), 65.505.230.848 Bytes frei

15.02.2007, 14:57

Sabina

Ehrenmitglied

Beiträge: 29434

#55 ich will sehen, welche programme im Startmenü sind

__________
MfG Sabina

rund um die PC-Sicherheit

15.02.2007, 17:11

r123s

Member

Themenstarter

Beiträge: 262

#56 Auto Start
AVG Anti Spyware
Helwet Packard
Lexware Buchhalter
Lexware Lohn
Microsoft Office Tools
Nero
Olympus Master
Phillips Viesta Camera
Skype
Spiele
Verwaltung
Winzip
Zubehör
Acrobat Reader
desktop.bat
MSN Sxplorer
MSN Messenger 7.0
MSN Messenger 7.5
ok.bat (stapelverarbeitungsdatei für MS DOS
Windows Medssender Verkn.

Sollte ich ein paar Dateien Löschen löschen ?
Es taucht immer die Meldung auf zu wenig speicher.
Gruss

15.02.2007, 18:06

Sabina

Ehrenmitglied

Beiträge: 29434

#57 ««
AVG Anti Spyware - scanne noch mal - alles loeschen, was noch gefunden wird, dann deinstalliere den scanner wieder

»»
dr.web -scanne ebenfalls noch mal , dann deinstallieren

««
http://virus-protect.org/reinigungstoolsregistry.html
wende NUR an:
Cleanup repair -- TuneUp Diskcleaner
Cleanup repair -- Registry Cleaner

berichte, wieviele Fehler behoben wurden
__________
MfG Sabina

rund um die PC-Sicherheit

16.02.2007, 08:48

r123s

Member

Themenstarter

Beiträge: 262

#58 1500 Probleme hat er gefunden und alle bereinigt.
Die Schnellstartleiste ist leider nicht sichtbar hast Du eine Idee ?

16.02.2007, 10:59

Sabina

Ehrenmitglied

Beiträge: 29434

#59 ««
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann wieder aktivieren)

««
versuche, ob es mit dieser Umstellung in der Registry wieder klappt.
Start - Ausfuehren - regedit

# HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Policies
Explorer
# Doppelklicken Sie auf den Schlüssel "NoToolbarsOnTaskbar". - 0 = Die Taskleiste zeigt alle Symbolleisten an.

http://www.windowspage.de/frame.php?http://www.windowspage.de/windowsxp/desktop/notoolbarsontaskbar.html

««
klicke auf C:\ (rechtsklick) - Eigenschaften, dann berichte, wie viel freier Speicherplatz (in MB) vorhanden ist.
__________
MfG Sabina

rund um die PC-Sicherheit

16.02.2007, 11:44

r123s

Member

Themenstarter

Beiträge: 262

#60 Belegter Speicher 10 GB
Freier Speicher 62 GB

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2 3 4 5 6 7