|
Log-Analyse und Auswertung: Hilfe Pop UpsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.10.2005, 18:38 | #1 |
| Hilfe Pop Ups hi an alle computer spezalisten! ich habe folgendes problem: es gehen ständig lässtige pop up fenster auf unf ich kann nix dagegen machen!auch das updaten von windows geht nicht!es steht dann da: uüdate insatllation konnte nicht beendet werden--->messender sicherheitstool K8......!! die pop up seiten sind zb.: h**p://www.ez-savings.com/normal/XBCYINT.html ich habe jetzt dieses e scan das im forum empfohlen wird installiert und im abgesicherten modus laufen lassen und das ist das ergebniss: wenn ich auf löschen klicke dann steht immer--->es konnten nicht alle dateien gelöscht werden!! Fri Oct 28 17:36:13 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Fri Oct 28 17:36:15 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!! Fri Oct 28 17:36:15 2005 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken. Fri Oct 28 17:36:16 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\3gblb0co\s_code[1].js Fri Oct 28 17:36:16 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken Fri Oct 28 17:36:17 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\uox78cue\show_ads[2].js Fri Oct 28 17:36:17 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Fri Oct 28 17:36:17 2005 => Offending file found: C:\WINDOWS\system32\objsafe.tlb Fri Oct 28 17:36:17 2005 => System found infected with roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken. Fri Oct 28 17:36:19 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temp\outlook logging\firstrun.log Fri Oct 28 17:36:19 2005 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken. Fri Oct 28 17:36:20 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temp\temporary internet files\content.ie5\4965opup\show_ads[2].js Fri Oct 28 17:36:20 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Fri Oct 28 17:36:20 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temp\temporary internet files\content.ie5\i749uhot\ads[1].htm Fri Oct 28 17:36:20 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Fri Oct 28 17:36:21 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temp\temporary internet files\content.ie5\i749uhot\s_code[1].js Fri Oct 28 17:36:21 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken. Fri Oct 28 17:36:23 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat Fri Oct 28 17:36:23 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. Fri Oct 28 17:37:46 2005 => File C:\WINDOWS\system32\rsajit.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken. Fri Oct 28 17:41:03 2005 => Scanning File C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0JVBU499\lookinfected[1].jpg [**] Fri Oct 28 17:46:16 2005 => Scanning File C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UT70T0ZU\title_infected[1].gif [**] Fri Oct 28 17:53:30 2005 => File C:\escheck\ECBackup\a0022124.exe.bkp infected by "Trojan-Downloader.Win32.VB.ri" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:30 2005 => File C:\escheck\ECBackup\a0022128.dll.bkp infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:30 2005 => Scanning File C:\escheck\ECBackup\a0022129.exe.bkp Fri Oct 28 17:53:30 2005 => File C:\escheck\ECBackup\a0022129.exe.bkp infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:30 2005 => Scanning File C:\escheck\ECBackup\a0022130.exe.bkp Fri Oct 28 17:53:30 2005 => File C:\escheck\ECBackup\a0022130.exe.bkp infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:30 2005 => Scanning File C:\escheck\ECBackup\a0022142.exe.bkp Fri Oct 28 17:53:30 2005 => File C:\escheck\ECBackup\a0022142.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:30 2005 => Scanning File C:\escheck\ECBackup\a0022143.exe.bkp Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022143.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022305.exe.bkp Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022305.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.jm" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022311.exe.bkp Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022311.exe.bkp infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022318.dll.bkp Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022318.dll.bkp infected by "Trojan-Downloader.Win32.IstBar.ms" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022395.exe.bkp Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022395.exe.bkp infected by "Trojan-Downloader.Win32.VB.nh" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022407.exe.bkp Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022407.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.is" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022409.exe.bkp Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022409.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.is" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022476.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.is" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\a0022564.exe.bkp Fri Oct 28 17:53:31 2005 => File C:\escheck\ECBackup\a0022564.exe.bkp infected by "Trojan-Downloader.Win32.VB.nh" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:31 2005 => Scanning File C:\escheck\ECBackup\cp[1].ist2.bkp Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\cp[1].ist2.bkp infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\istdownload[1].exe.bkp Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\istdownload[1].exe.bkp infected by "Trojan-Downloader.Win32.IstBar.lw" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\istsvc[1].exe.bkp Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\istsvc[1].exe.bkp infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\jfghjhhfgudk.exe.bkp Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\jfghjhhfgudk.exe.bkp infected by "Trojan-Downloader.Win32.IstBar.lw" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\msuvfw32.dll.bkp Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\msuvfw32.dll.bkp infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\prompt[1].htm.bkp [**] Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\protect[1].htm.bkp [**] Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\usemqsvc.exe.bkp Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\usemqsvc.exe.bkp infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken. Fri Oct 28 17:53:32 2005 => Scanning File C:\escheck\ECBackup\ysb[1].dll.bkp Fri Oct 28 17:53:32 2005 => File C:\escheck\ECBackup\ysb[1].dll.bkp infected by "Trojan-Downloader.Win32.IstBar.ms" Virus! Action Taken: No Action Taken. Fri Oct 28 18:03:11 2005 => File C:\Programme\Theenger\ace.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken. Fri Oct 28 18:03:28 2005 => File C:\Programme\Theenger\dsdraspi.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken. Fri Oct 28 18:03:28 2005 => Scanning File C:\Programme\Theenger\pxwwups.exe Fri Oct 28 18:03:28 2005 => File C:\Programme\Theenger\pxwwups.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken. Fri Oct 28 18:06:39 2005 => File C:\System Volume Information\_restore{A36EF0B5-57B7-4460-8D7E-29870FD246FD}\RP78\A0023626.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken. Fri Oct 28 18:06:39 2005 => Scanning File C:\System Volume Information\_restore{A36EF0B5-57B7-4460-8D7E-29870FD246FD}\RP78\A0023627.exe Fri Oct 28 18:06:39 2005 => File C:\System Volume Information\_restore{A36EF0B5-57B7-4460-8D7E-29870FD246FD}\RP78\A0023627.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken. Fri Oct 28 18:06:39 2005 => Scanning File C:\System Volume Information\_restore{A36EF0B5-57B7-4460-8D7E-29870FD246FD}\RP78\A0023628.dll Fri Oct 28 18:06:39 2005 => File C:\System Volume Information\_restore{A36EF0B5-57B7-4460-8D7E-29870FD246FD}\RP78\A0023628.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken. Fri Oct 28 18:17:13 2005 => File C:\WINDOWS\system32\rsajit.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken. Fri Oct 28 18:18:45 2005 => Scanning File E:\Shared Files\Musik\Mp3\My Shared Folder\Sum41 - Does This Look Infected - No Brains (1).mp3 [**] ich hab einfach alles mit INFECTED kopiert und hoffe dass ihr mir helfen könnt lg [edit] links entfernt [/edit] Geändert von GUA (30.10.2005 um 16:33 Uhr) |
28.10.2005, 19:05 | #2 |
| Hilfe Pop Ups und hier ist das HijackThis log file:
__________________ich weiss zwar nicht was das ist aber ihr könnt sicher was damit anfangen: Logfile of HijackThis v1.97.7 Scan saved at 20:03:35, on 28.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\QW5uYQAA\command.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Java\jre1.5.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\****\LOKALE~1\Temp\Rar$EX00.578\HijackThis.exe C:\Programme\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R3 - Default URLSearchHook is missing O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQ.exe -minimize O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - h**p://office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B027DD99-B60D-4387-8D72-D6A8F4453CD7}: NameServer = 192.168.0.1 LG [edit] links entfernt [/edit] Geändert von GUA (30.10.2005 um 16:35 Uhr) |
28.10.2005, 19:37 | #3 |
/// Helfer-Team | Hilfe Pop Ups Lade und update Ad-aware und Spybot und lasse die Programme laufen.
__________________http://www.comsafe.de/download.html MiT Spybot immunisieren. Installiere cleanup, rufe es auf und setze den Haken bei alles löschen und dann Löschen drücken. http://www.clearprog.de/ Danach neues HJT-LOG, aber vollständig. |
30.10.2005, 13:04 | #4 |
| Hilfe Pop Ups hi zuerst mal BIG THX für die antwort!! habe ad aware und spybot geladen upgedated und dann immunisiert!! ad aware hat 212 sachen gefunden und gelöscht und spybot hat dann nichts gefunden!! mit clean up habe ich alles gelöscht (waren so 340 mb)!! die pop ups kommen aber trotzdem noch immer! hier das hijack: Logfile of HijackThis v1.99.1 Scan saved at 13:03:45, on 30.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Java\jre1.5.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\QW5uYQAA\command.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\++++\LOKALE~1\Temp\Rar$EX01.265\HijackThis.exe R3 - Default URLSearchHook is missing O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQ.exe -minimize O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B027DD99-B60D-4387-8D72-D6A8F4453CD7}: NameServer = 192.168.0.1 O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\ir00l5dm1.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5uYQAA\command.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ich weiss jetzt nicht ob das hijack vollständig ist aber mehr kommt bei mir nicht!!! LG |
30.10.2005, 18:29 | #6 |
| Hilfe Pop Ups hi habe das mit dem L2mfix gemacht und hier ist das LOG: L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] "Asynchronous"=dword:00000000 "DllName"="" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\c6000gdme60a0.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{5668E7E4-0606-68FE-BD91-0B7B36819735}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{c2c1d8a0-016a-11d1-a7fa-444553540000}"="Shell Extension Sample" "{f802f260-519b-11d1-bb5d-0060974c6013}"="ICQ Shell Extension" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{F8425849-0718-4C21-8AAB-16C9AAB1C61F}"="" "{E44E5ED2-0B22-4AB8-8832-E410AD3125B2}"="" "{6E1D99D4-D8F4-4F27-8687-0518D09FE16F}"="" "{083C9524-665F-4E66-9E58-D19313B7DAD2}"="" "{4A749C8C-9C3C-4E94-9399-F7D8F8B302B7}"="" "{03D897B1-988D-4630-AE91-D8E950F351CF}"="" "{31559450-4A51-47FF-BA2D-EF9CA225089E}"="" |
30.10.2005, 18:31 | #7 |
| Hilfe Pop Ups ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{F8425849-0718-4C21-8AAB-16C9AAB1C61F}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{F8425849-0718-4C21-8AAB-16C9AAB1C61F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F8425849-0718-4C21-8AAB-16C9AAB1C61F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F8425849-0718-4C21-8AAB-16C9AAB1C61F}\InprocServer32] @="C:\\WINDOWS\\system32\\msrdim.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E44E5ED2-0B22-4AB8-8832-E410AD3125B2}] @="" [HKEY_CLASSES_ROOT\CLSID\{E44E5ED2-0B22-4AB8-8832-E410AD3125B2}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E44E5ED2-0B22-4AB8-8832-E410AD3125B2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E44E5ED2-0B22-4AB8-8832-E410AD3125B2}\InprocServer32] @="C:\\WINDOWS\\system32\\kgdsl1.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6E1D99D4-D8F4-4F27-8687-0518D09FE16F}] @="" [HKEY_CLASSES_ROOT\CLSID\{6E1D99D4-D8F4-4F27-8687-0518D09FE16F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6E1D99D4-D8F4-4F27-8687-0518D09FE16F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6E1D99D4-D8F4-4F27-8687-0518D09FE16F}\InprocServer32] @="C:\\WINDOWS\\system32\\nOrrhook.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{083C9524-665F-4E66-9E58-D19313B7DAD2}] @="" [HKEY_CLASSES_ROOT\CLSID\{083C9524-665F-4E66-9E58-D19313B7DAD2}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{083C9524-665F-4E66-9E58-D19313B7DAD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{083C9524-665F-4E66-9E58-D19313B7DAD2}\InprocServer32] @="C:\\WINDOWS\\system32\\obbccu32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4A749C8C-9C3C-4E94-9399-F7D8F8B302B7}] @="" [HKEY_CLASSES_ROOT\CLSID\{4A749C8C-9C3C-4E94-9399-F7D8F8B302B7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4A749C8C-9C3C-4E94-9399-F7D8F8B302B7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4A749C8C-9C3C-4E94-9399-F7D8F8B302B7}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{03D897B1-988D-4630-AE91-D8E950F351CF}] @="" [HKEY_CLASSES_ROOT\CLSID\{03D897B1-988D-4630-AE91-D8E950F351CF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{03D897B1-988D-4630-AE91-D8E950F351CF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{03D897B1-988D-4630-AE91-D8E950F351CF}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{31559450-4A51-47FF-BA2D-EF9CA225089E}] @="" [HKEY_CLASSES_ROOT\CLSID\{31559450-4A51-47FF-BA2D-EF9CA225089E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{31559450-4A51-47FF-BA2D-EF9CA225089E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{31559450-4A51-47FF-BA2D-EF9CA225089E}\InprocServer32] @="C:\\WINDOWS\\system32\\drrgui.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ atmtd.dll Wed 26 Oct 2005 19:29:54 A.... 687.592 671,48 K browseui.dll Sat 3 Sep 2005 0:53:20 A.... 1.019.904 996,00 K c6000g~1.dll Sun 30 Oct 2005 18:08:30 ..S.R 233.999 228,51 K cdfview.dll Sat 3 Sep 2005 0:53:20 A.... 152.064 148,50 K cdosys.dll Sat 10 Sep 2005 2:54:28 A.... 2.067.968 1,97 M danim.dll Sat 3 Sep 2005 0:53:20 A.... 1.055.744 1,00 M dlmsvinn.dll Fri 28 Oct 2005 17:53:00 ..S.R 233.774 228,29 K dn2001~1.dll Fri 28 Oct 2005 12:39:10 ..S.R 236.578 231,03 K drrgui.dll Sat 29 Oct 2005 7:36:10 ..S.R 233.774 228,29 K dxtrans.dll Sat 3 Sep 2005 0:53:22 A.... 205.312 200,50 K e220lc~1.dll Sun 30 Oct 2005 18:19:32 ..S.R 235.021 229,51 K extmgr.dll Sat 3 Sep 2005 0:53:22 ..... 55.808 54,50 K g204lc~1.dll Fri 28 Oct 2005 8:23:04 ..S.R 236.149 230,61 K hr4o05~1.dll Thu 27 Oct 2005 13:41:24 ..S.R 236.149 230,61 K iepeers.dll Sat 3 Sep 2005 0:53:22 A.... 251.392 245,50 K inseng.dll Sat 3 Sep 2005 0:53:22 A.... 96.768 94,50 K kgdsl1.dll Sun 30 Oct 2005 18:19:32 ..S.R 233.999 228,51 K linkinfo.dll Thu 1 Sep 2005 2:44:42 A.... 19.968 19,50 K mshtml.dll Tue 4 Oct 2005 16:26:02 A.... 3.013.120 2,87 M mshtmled.dll Sat 3 Sep 2005 0:53:22 A.... 448.512 438,00 K msrating.dll Sat 3 Sep 2005 0:53:22 A.... 146.432 143,00 K mstime.dll Sat 3 Sep 2005 0:53:22 A.... 530.432 518,00 K mzl_hp.dll Sun 30 Oct 2005 17:58:06 ..S.R 235.889 230,36 K netman.dll Mon 22 Aug 2005 19:31:48 A.... 197.632 193,00 K norrhook.dll Thu 27 Oct 2005 14:35:50 ..S.R 234.580 229,08 K nwwks.dll Thu 11 Aug 2005 16:11:34 A.... 65.024 63,50 K obbccu32.dll Thu 27 Oct 2005 17:23:32 ..S.R 236.149 230,61 K plpsvc.dll Fri 28 Oct 2005 14:16:30 ..S.R 236.557 231,01 K pngfilt.dll Sat 3 Sep 2005 0:53:22 A.... 39.424 38,50 K quartz.dll Tue 30 Aug 2005 4:55:36 A.... 1.292.800 1,23 M shdocvw.dll Sat 3 Sep 2005 0:53:22 A.... 1.484.288 1,41 M shell32.dll Fri 23 Sep 2005 4:06:22 A.... 8.491.520 8,10 M shlwapi.dll Sat 3 Sep 2005 0:53:22 A.... 474.112 463,00 K umpnpmgr.dll Tue 23 Aug 2005 4:39:58 A.... 124.416 121,50 K urlmon.dll Sat 3 Sep 2005 0:53:22 A.... 605.696 591,50 K uxrrtosa.dll Fri 28 Oct 2005 12:10:08 ..S.R 235.882 230,35 K wininet.dll Sat 3 Sep 2005 0:53:22 A.... 664.064 648,50 K winsrv.dll Thu 1 Sep 2005 2:44:44 A.... 292.352 285,50 K 38 items found: 38 files (13 H/S), 0 directories. Total of file sizes: 26.540.844 bytes 25,31 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8C73-3E12 Verzeichnis von C:\WINDOWS\System32 30.10.2005 18:19 233.999 kgdsl1.dll 30.10.2005 18:19 235.021 e220lcfm1f2a.dll 30.10.2005 18:08 233.999 c6000gdme60a0.dll 30.10.2005 17:58 235.889 mzl_hp.dll 29.10.2005 07:36 233.774 drrgui.dll 28.10.2005 17:52 233.774 dlmsvinn.dLL 28.10.2005 14:16 236.557 pLpsvc.dll 28.10.2005 12:39 236.578 dn2001fme.dll 28.10.2005 12:10 235.882 uxrrtosa.dll 28.10.2005 08:23 236.149 g204lcdq1f0e.dll 27.10.2005 17:23 236.149 obbccu32.dll 27.10.2005 14:35 234.580 nOrrhook.dll 27.10.2005 13:41 236.149 hr4o05h3e.dll 25.10.2005 08:39 <DIR> dllcache 09.02.2005 14:26 <DIR> Microsoft 13 Datei(en) 3.058.500 Bytes 2 Verzeichnis(se), 18.268.651.520 Bytes frei WIE GIBTS ES SOWAS Überhaupt?? wieso können diese ***** so dumme sachen programmieren die man nicht mehr wegbekommt?? was sind das für leute und was erwarten sich die von ihrem vertrottelten online casino oder von ihren date siten?? _____________ Anm. Ich kann deinen Unmut zwar verstehen, aber solche Ausdrücke haben hier im Forum nichts verloren. Gruß Cidre S-Mod TB Geändert von Cidre (01.11.2005 um 02:17 Uhr) |
30.10.2005, 19:42 | #8 |
| Hilfe Pop Ups Hallo, also erstmal ein wenig mehr Selbstkontrolle wäre angebracht, den Mixer mit W solltest du editieren, das hat hier nichts zu suchen! Führe mal folgendes aus, danach nochmal das l2mfix Tool diese mal mit der zweiten Option, dann das neue Logfile von l2mfix posten. Grüße Wildone |
31.10.2005, 14:54 | #9 |
| Hilfe Pop Ups sorry aber das editieren zeichen ist bei mir verschwunden!ich habe bisher einen eintrag editiert und seitdem gehts nimma! ABER VIELEN VIELEN DANK an WILDONE...das letzte das du vorgeschlagen hast hat funktioniert!am anfang war es so dass beim neustart nichts mehr gegangen ist und der pc nur noch fehler aangezeigt hat aber dann kam doch der windows desktop und seitdem keine pop ups mehr!!!!!!!!! DANKE |
Themen zu Hilfe Pop Ups |
abgesicherten modus, c:\windows\temp, computer, content.ie5, dateien gelöscht, einstellungen, file, geht nicht, helfen, infected, internet, limewire, löschen, microsoft, mp3, musik, object, pop up fenster, pop ups, problem, programme, scan, seiten, software, symantec, system, system volume information, temp, ups, virus, windows, windows\temp |