Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Brauche dringend Hilfe!!!!!

Brauche dringend Hilfe!!!!!


Log-Analyse und Auswertung: Brauche dringend Hilfe!!!!!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.12.2005, 12:25   #1
HeiSchmi
 
Brauche dringend Hilfe!!!!! - Standard

Brauche dringend Hilfe!!!!!


Hilfe, kann mir einer helfen und sich mal mein LogFile ansehen??? Seit gestern poppen bei mir dauernd Seiten beim IE auf, ich werde bald wahnsinnig

Vielen Dank schon mal, Heike

Logfile of HijackThis v1.99.1
Scan saved at 12:10:11, on 16.12.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
E:\***\AVWUPSRV.EXE
C:\Programme\Microsoft SQL Server\MSSQL$EAZYSALES\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Outlook Express\msimn.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
E:\ANTIVIRUS\AVGUARD.EXE
E:\Antivirus\AVGNT.EXE
E:\Antivirus\AVWIN.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Heike2\LOKALE~1\Temp\Rar$EX00.040\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w*w.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hpppta] C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [AVGCtrl] "E:\Antivirus\AVGNT.EXE" /min
O4 - HKLM\..\Run: [WatchDog] C:\Programme\mobile PhoneTools\WatchDog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Programme\Yahoo\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Mountit.lnk = C:\Programme\Roxio\WinOnCD 6 DVD\MountIt.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken 2004 Zahlungserinnerung.lnk.disabled
O4 - Global Startup: Quicken 2006 Zahlungserinnerung.lnk = F:\Programme\Quicken 6\billmind.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Artikel überwachen - {711E941A-59B6-45E0-8F3B-3DA9738242D2} - E:\Programme\Etope\global\vbs\sendtowatch.vbs
O9 - Extra 'Tools' menuitem: Artikel überwachen - {711E941A-59B6-45E0-8F3B-3DA9738242D2} - E:\Programme\Etope\global\vbs\sendtowatch.vbs
O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - http://adfarm.mediaplex.com/ad/ck/707-1170-5704-22?mpre=http://w*w.ebay.de (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - h**p://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - h**ps://banking.seb.de/hbci/plugin/AXFOAM.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - h**p://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,84/mcinsctl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - h**p://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://w*w5.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\p6n8lg5u16.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\ANTIVIRUS\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\Antivirus\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE

Alt 16.12.2005, 12:29   #2
Wildone
 
Brauche dringend Hilfe!!!!! - Standard

Brauche dringend Hilfe!!!!!


Hallo,
besorge dir folgendes Tool und führe es erstmal nur mit der Option "1" aus und poste das daraufhin erscheinende Logfile.


Grüße Wildone
__________________
Alt 16.12.2005, 12:36   #3
Cidre
Administrator, a.D.
 
Brauche dringend Hilfe!!!!! - Standard

Brauche dringend Hilfe!!!!!


Hallo,

der Grund allen Übels ist auf dein ungepatchtes System zurückzuführen und wenn deine weitere verwendete Software ebenfalls diesen Patchstand aufweist, dann braucht man sich auch nicht wundern.

Wenn du dein Patchverhalten überdenkst, dann könnte eine Bereinigung vielleicht Sinn machen, aber so wird das nichts.
__________________
__________________
Alt 16.12.2005, 12:41   #4
HeiSchmi
 
Brauche dringend Hilfe!!!!! - Standard

Brauche dringend Hilfe!!!!!


Zitat:
Zitat von Wildone
Hallo,
besorge dir folgendes Tool und führe es erstmal nur mit der Option "1" aus und poste das daraufhin erscheinende Logfile.


Grüße Wildone

Hallo Wildone, danke schon mal, hier der Log:

L2MFIX find log 121505
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DateTime]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\p6n8lg5u16.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{27098BF3-95A4-C96E-806A-DC9FC7CB63AA}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Eigenschaftenseitenerweiterung des automatischen Updates"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{0107B611-5FC7-11D5-B092-00C026283F7F}"="Bro Plus SendenAn Erweiterung"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{E5E9BECC-D6E2-4FD5-A7E5-2DB0B72802CF}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E5E9BECC-D6E2-4FD5-A7E5-2DB0B72802CF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E5E9BECC-D6E2-4FD5-A7E5-2DB0B72802CF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E5E9BECC-D6E2-4FD5-A7E5-2DB0B72802CF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E5E9BECC-D6E2-4FD5-A7E5-2DB0B72802CF}\InprocServer32]
@="C:\\WINDOWS\\system32\\tgrmmgr.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
tgrmmgr.dll Fri 16 Dec 2005 9:51:50 ..S.R 234.176 228,69 K
gfgwq.dll Wed 14 Dec 2005 7:49:42 A.... 24.064 23,50 K
sdardssp.dll Wed 14 Dec 2005 6:15:44 ..S.R 234.272 228,78 K
icsnap.dll Wed 14 Dec 2005 17:37:14 ..S.R 236.289 230,75 K
en2ol1~1.dll Wed 14 Dec 2005 7:30:02 ..S.R 235.972 230,44 K
ir0ml5~1.dll Thu 15 Dec 2005 17:56:44 ..S.R 237.249 231,69 K
p6n8lg~1.dll Thu 15 Dec 2005 5:33:42 ..S.R 234.176 228,69 K
j4p0le~1.dll Fri 16 Dec 2005 9:51:50 ..S.R 235.250 229,73 K

8 items found: 8 files (7 H/S), 0 directories.
Total of file sizes: 1.671.448 bytes 1,59 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Datentr„ger in Laufwerk C: ist WIN1
Volumeseriennummer: 7ED6-A6F2

Verzeichnis von C:\WINDOWS\System32

16.12.2005 09:51 234.176 tgrmmgr.dll
16.12.2005 09:51 235.250 j4p0le7m1h.dll
15.12.2005 17:56 237.249 ir0ml5d11.dll
15.12.2005 05:33 234.176 p6n8lg5u16.dll
14.12.2005 17:37 236.289 iCsnap.dll
14.12.2005 07:30 235.972 en2ol1f31.dll
14.12.2005 06:15 234.272 sdardssp.dll
26.09.2003 16:37 <DIR> Microsoft
20.09.2003 16:54 <DIR> dllcache
01.01.2000 01:00 23 li32me_e.sav
8 Datei(en) 1.647.407 Bytes
2 Verzeichnis(se), 9.339.748.352 Bytes frei

Alt 16.12.2005, 12:47   #5
Wildone
 
Brauche dringend Hilfe!!!!! - Standard

Brauche dringend Hilfe!!!!!


Hallo,
jetzt führst du das Tool mit der Option "2" aus, daraufhin wird dein System neu starten, dann das daraufhin erscheinende Log posten.


Grüße Wildone


Alt 16.12.2005, 13:13   #6
HeiSchmi
 
Brauche dringend Hilfe!!!!! - Standard

Brauche dringend Hilfe!!!!!


Hi Wildone,

hier jetzt der neue Log.

L2mfix Beta 121505
Creating Account.
Der Befehl wurde erfolgreich ausgefhrt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 456 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 724 'winlogon.exe'
Killing PID 724 'winlogon.exe'
Killing PID 724 'winlogon.exe'
Killing PID 724 'winlogon.exe'
Killing PID 724 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'
Killing PID 1676 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1452 'rundll32.exe'
Killing PID 1452 'rundll32.exe'
Killing PID 1452 'rundll32.exe'
Killing PID 1452 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
Granting SeDebugPrivilege to Administrateurs ... failed (GetAccountSid(Administrateurs)=1332
Granting SeDebugPrivilege to Administrat÷rer ... failed (GetAccountSid(Administrat÷rer)=1332
Granting SeDebugPrivilege to Administradores ... failed (GetAccountSid(Administradores)=1332
Granting SeDebugPrivilege to Amministratore ... failed (GetAccountSid(Amministratore)=1332
Granting SeDebugPrivilege to Administratoren ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\en2ol1f31.dll
Backing Up: C:\WINDOWS\system32\iCsnap.dll
Backing Up: C:\WINDOWS\system32\ir0ml5d11.dll
Backing Up: C:\WINDOWS\system32\j4p0le7m1h.dll
Backing Up: C:\WINDOWS\system32\p6n8lg5u16.dll
Backing Up: C:\WINDOWS\system32\sdardssp.dll
Backing Up: C:\WINDOWS\system32\tgrmmgr.dll
moving: C:\WINDOWS\system32\en2ol1f31.dll
Successfully Moved: C:\WINDOWS\system32\en2ol1f31.dll
moving: C:\WINDOWS\system32\iCsnap.dll
Successfully Moved: C:\WINDOWS\system32\iCsnap.dll
moving: C:\WINDOWS\system32\ir0ml5d11.dll
Successfully Moved: C:\WINDOWS\system32\ir0ml5d11.dll
moving: C:\WINDOWS\system32\j4p0le7m1h.dll
Successfully Moved: C:\WINDOWS\system32\j4p0le7m1h.dll
moving: C:\WINDOWS\system32\p6n8lg5u16.dll
Successfully Moved: C:\WINDOWS\system32\p6n8lg5u16.dll
moving: C:\WINDOWS\system32\sdardssp.dll
Successfully Moved: C:\WINDOWS\system32\sdardssp.dll
moving: C:\WINDOWS\system32\tgrmmgr.dll
Successfully Moved: C:\WINDOWS\system32\tgrmmgr.dll

Desktop.ini sucessfully removed


Zipping up files for submission:
adding: Dokumente und Einstellungen/Heike2/Desktop/l2mfix/backregs/notibac.reg (deflated 87%)
adding: Dokumente und Einstellungen/Heike2/Desktop/l2mfix/backregs/shell.reg (deflated 73%)


Restoring Windows Update Certificates.:

deleting local copy: en2ol1f31.dll
deleting local copy: iCsnap.dll
deleting local copy: ir0ml5d11.dll
deleting local copy: j4p0le7m1h.dll
deleting local copy: p6n8lg5u16.dll
deleting local copy: sdardssp.dll
deleting local copy: tgrmmgr.dll

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DateTime]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\p6n8lg5u16.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\en2ol1f31.dll
C:\WINDOWS\system32\iCsnap.dll
C:\WINDOWS\system32\ir0ml5d11.dll
C:\WINDOWS\system32\j4p0le7m1h.dll
C:\WINDOWS\system32\p6n8lg5u16.dll
C:\WINDOWS\system32\sdardssp.dll
C:\WINDOWS\system32\tgrmmgr.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E5E9BECC-D6E2-4FD5-A7E5-2DB0B72802CF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E5E9BECC-D6E2-4FD5-A7E5-2DB0B72802CF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E5E9BECC-D6E2-4FD5-A7E5-2DB0B72802CF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E5E9BECC-D6E2-4FD5-A7E5-2DB0B72802CF}\InprocServer32]
@="C:\\WINDOWS\\system32\\tgrmmgr.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{E5E9BECC-D6E2-4FD5-A7E5-2DB0B72802CF}"=-
[-HKEY_CLASSES_ROOT\CLSID\{E5E9BECC-D6E2-4FD5-A7E5-2DB0B72802CF}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
C:\WINDOWS\System32\E5E9BECC-D6E2-4FD5-A7E5-2DB0B72802CF.reg
Checking for L2MFix account(0=no 1=yes):
0
adding: dlls/en2ol1f31.dll (deflated 5%)
adding: dlls/iCsnap.dll (deflated 5%)
adding: dlls/ir0ml5d11.dll (deflated 6%)
adding: dlls/j4p0le7m1h.dll (deflated 5%)
adding: dlls/p6n8lg5u16.dll (deflated 4%)
adding: dlls/sdardssp.dll (deflated 4%)
adding: dlls/tgrmmgr.dll (deflated 4%)

Alt 16.12.2005, 13:24   #7
Wildone
 
Brauche dringend Hilfe!!!!! - Standard

Brauche dringend Hilfe!!!!!


Hallo,
jetzt läßt du l2mfix noch mal mit der Option "4" laufen und postest danach ein neues HijackThis Logfile.


Grüße Wildone

Alt 16.12.2005, 13:35   #8
HeiSchmi
 
Brauche dringend Hilfe!!!!! - Standard

Brauche dringend Hilfe!!!!!


Hallo Wildone,

hier nochmal das Hijack Log: Es poppt nix mehr auf Hoffentlich ist der Spuk jetzt vorbei.....

Heike

Logfile of HijackThis v1.99.1
Scan saved at 13:33:18, on 16.12.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\notepad.exe
E:\Antivirus\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
E:\ANTIVIRUS\AVGUARD.EXE
E:\Antivirus\AVWUPSRV.EXE
C:\Programme\Microsoft SQL Server\MSSQL$EAZYSALES\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Heike2\LOKALE~1\Temp\Rar$EX00.518\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hpppta] C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [AVGCtrl] "E:\Antivirus\AVGNT.EXE" /min
O4 - HKLM\..\Run: [WatchDog] C:\Programme\mobile PhoneTools\WatchDog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Programme\Yahoo\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Mountit.lnk = C:\Programme\Roxio\WinOnCD 6 DVD\MountIt.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken 2004 Zahlungserinnerung.lnk.disabled
O4 - Global Startup: Quicken 2006 Zahlungserinnerung.lnk = F:\Programme\Quicken 6\billmind.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Artikel überwachen - {711E941A-59B6-45E0-8F3B-3DA9738242D2} - E:\Programme\Etope\global\vbs\sendtowatch.vbs
O9 - Extra 'Tools' menuitem: Artikel überwachen - {711E941A-59B6-45E0-8F3B-3DA9738242D2} - E:\Programme\Etope\global\vbs\sendtowatch.vbs
O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - http://adfarm.mediaplex.com/ad/ck/707-1170-5704-22?mpre=http://www.ebay.de (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://banking.seb.de/hbci/plugin/AXFOAM.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,84/mcinsctl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\p6n8lg5u16.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\ANTIVIRUS\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\Antivirus\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE

Alt 16.12.2005, 13:44   #9
Wildone
 
Brauche dringend Hilfe!!!!! - Standard

Brauche dringend Hilfe!!!!!


Hallo,
jetzt fixt(Haken davor und auf "fix checked") du noch folgende Einträge mit HijackThis:
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\p6n8lg5u16.dll (file missing)

Das sollte es dann erstmal gewesen sein, aber jetzt kommen wir mal zur Vorsorge, gibt es einen bestimmten Grund warum dein System auf dem Stand von vor Jahren ist?


Grüße Wildone

Antwort

Themen zu Brauche dringend Hilfe!!!!!
.dll, adobe, adobe reader, antivirus, dll, dringend, ebay, excel, explorer, helfen, hijack, hijackthis, hilfe!!, hilfe!!!, internet, internet explorer, logfile, mssql, nvidia, outlook express, plug-in, programme, rundll, seiten, server, software, system, temp, windows, windows xp, yahoo


« Virusbefall smitfraud | SinEspias-Befall Bitte um Hilfe bei der Log-File Auswertung »


Ähnliche Themen: Brauche dringend Hilfe!!!!!


  1. brauche dringend hilfe
    Plagegeister aller Art und deren Bekämpfung - 29.04.2009 (10)
  2. Brauche Hilfe...(dringend)
    Plagegeister aller Art und deren Bekämpfung - 17.04.2009 (3)
  3. Brauche dringend Hilfe (
    Log-Analyse und Auswertung - 28.07.2008 (1)
  4. Brauche dringend Hilfe .....
    Plagegeister aller Art und deren Bekämpfung - 15.07.2008 (6)
  5. brauche dringend hilfe
    Mülltonne - 12.07.2008 (0)
  6. Brauche dringend Hilfe
    Plagegeister aller Art und deren Bekämpfung - 26.01.2006 (11)
  7. Brauche DRINGEND hilfe!!
    Netzwerk und Hardware - 07.08.2005 (3)
  8. brauche dringend hilfe...
    Log-Analyse und Auswertung - 04.05.2005 (4)
  9. Brauche dringend Hilfe!
    Log-Analyse und Auswertung - 30.04.2005 (3)
  10. Brauche dringend hilfe !
    Plagegeister aller Art und deren Bekämpfung - 27.04.2005 (5)
  11. Brauche Dringend Hilfe
    Log-Analyse und Auswertung - 25.04.2005 (0)
  12. Brauche dringend Hilfe
    Alles rund um Windows - 23.04.2005 (12)
  13. Hilfe Rechner voll Spyware!! Brauche dringend HILFE!!!
    Log-Analyse und Auswertung - 03.03.2005 (1)
  14. Brauche dringend Hilfe
    Plagegeister aller Art und deren Bekämpfung - 28.02.2005 (2)
  15. Brauche dringend Hilfe
    Plagegeister aller Art und deren Bekämpfung - 02.01.2005 (3)
  16. Brauche mal dringend hilfe...!
    Log-Analyse und Auswertung - 27.10.2004 (11)
  17. Brauche dringend Hilfe
    Plagegeister aller Art und deren Bekämpfung - 25.03.2004 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Brauche dringend Hilfe!!!!! - Hilfe, kann mir einer helfen und sich mal mein LogFile ansehen??? Seit gestern poppen bei mir dauernd Seiten beim IE auf, ich werde bald wahnsinnig Vielen Dank schon mal, Heike - Brauche dringend Hilfe!!!!!...
Archiv
Du betrachtest: Brauche dringend Hilfe!!!!! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130