Apropos , atl.dll , aproposplugin.dll , cxtpls_loader.exe , CxtPls.dll

startseite Gastbuch Kontakt
Apropos atl.dll aproposplugin.dll cxtpls_loader.exe CxtPls.dll
Apropos, atl.dll, aproposplugin.dll

aproposfix





aproposfix aproposfix
http://virus-protect.org/artikel/tools/aproposfix.html
http://swandog46.geekstogo.com/aproposfix.exe

lade aproposfix.exe --> klicke RunThis.bat
klicke "enter" und warte, bis sich das Fenster schliesst.
dann kopiere die log.txt ab.

aproposfix.exe

klicke "enter" und warte, bis sich das Fenster schliesst.

aproposfix.exe

dann kopiere die log.txt ab.

Beispiel:
Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\S\Desktop\aproposfix
************
Registry entries found:
************
No service found!
Removing hidden folder:
No folder found!
Deleting files:
Backing up files:
Done!
Removing registry entries:
REGEDIT4
Done!
Finished!



RootKitRevealer RootKitRevealer
technet/sysinternals/Security/RootkitRevealer.mspx

Beispiel: 
HKLM\SOFTWARE\Classes\CLSID\{7CD14DA3-6483-4677-B4F7-D8889FC8E73D}\ 
HKLM\SOFTWARE\Classes\CLSID\{7CD14DA3-6483-4677-B4F7-D8889FC8E73D}\ProgID\ 5/19/2005 
HKLM\SOFTWARE\Classes\CLSID\{9AC4614D-B649-433B-AD7E-D82CE8F0332C}\ 3/20/2005 1:31 
HKLM\SOFTWARE\Classes\rtg.breakawaycasino\CLSID\ 3/20/2005 1:31 AM 39 bytes 
HKLM\SOFTWARE\Classes\webcal\URL Protocol 2/10/2005 2:25 AM 13 bytes Data
HKLM\SOFTWARE\CrTR8AB8Yj79 10/22/2005 2:57 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCILOOKUP 2/8/2005 11:54 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIUDFS 10/15/2005 4:43 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\PCIIde 1/22/2005 9:05 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\PCIUdfs 10/15/2005 4:43 PM 0 bytes Hidden from Windows API.

C:\Program Files\Aolports 10/15/2005 4:43 PM 0 bytes Hidden from Windows API.
C:\Program Files\Aolports\ACE.DLL 10/15/2005 4:43 PM 568.00 KB Hidden from Windows API.
C:\Program Files\Aolports\AI_18-10-2005.log 10/18/2005 11:37 AM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\AI_19-10-2005.log 10/20/2005 10:26 AM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\AI_20-10-2005.log 10/21/2005 10:59 AM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\AI_21-10-2005.log 10/22/2005 10:20 AM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\AI_22-10-2005.log 10/22/2005 2:15 PM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\AI_23-10-2005.log 10/23/2005 7:09 AM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\AI_24-10-2005.log 10/24/2005 1:53 PM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\Cache 10/15/2005 4:43 PM 0 bytes Hidden from Windows API.
C:\Program Files\Aolports\Cache\00000029_435135d0_000dd40a 10/15/2005 6:01 PM 6 bytes 
C:\Program Files\Aolports\Cache\DNS 10/15/2005 6:01 PM 815 bytes Hidden from Windows API.
C:\Program Files\Aolports\Cache\INDEX 10/15/2005 6:01 PM 172 bytes Hidden from Windows API.
C:\Program Files\Aolports\CLUC32GT.EXE 10/15/2005 4:43 PM 160.00 KB Hidden from Windows API.
C:\Program Files\Aolports\DATA.BIN 10/15/2005 4:43 PM 114.14 KB Hidden from Windows API.
C:\Program Files\Aolports\SOFEDB40.EXE 10/15/2005 4:43 PM 912.00 KB Hidden from Windows API.
C:\Program Files\Aolports\WinGenerics.dll 10/15/2005 4:43 PM 576.00 KB Hidden from Windows API.
C:\WINNT\SYSTEM32\DRIVERS\PORASPTI.SYS 10/15/2005 4:43 PM 12.00 KB Hidden from Windows API.
C:\WINNT\SYSTEM32\TMLAGENT.EXE 10/15/2005 4:43 PM 460.00 KB Hidden from Windows API.


f-secure - Rootkit detection f-secure - Rootkit Detection and Elimination Tool
http://www.f-secure.com/security_center/

doppelklick: fsbl.exe
nach dem Check klicke -- next
nun findet man eine Log-Datei(txt) auf dem Desktop

Dann starte blacklight nochmal und lasse alle Dateien, die es anzeigt umbenennen (ausser C:\WINDOWS\system32\wbem\wbemtest.exe)

scan --> next none auf rename ändern

Dann lass Blacklight den Rechner neu starten.

Beispiel: 
10/25/05 09:45:25 [Info]: Hidden process: C:\PROGRAM FILES\AOLPORTS\SOFEDB40.EXE
10/25/05 09:45:25 [Info]: Hidden process: C:\WINNT\SYSTEM32\TMLAGENT.EXE
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\WinGenerics.dll
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\ACE.DLL
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\DATA.BIN
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\CLUC32GT.EXE
10/25/05 09:45:26 [Info]: Hidden file: C:\PROGRAM FILES\AOLPORTS\SOFEDB40.EXE
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\Cache\DNS
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\Cache\00000029_435135d0_000dd40a
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\Cache\INDEX
10/25/05 09:45:38 [Info]: Hidden file: C:\WINNT\SYSTEM32\TMLAGENT.EXE
10/25/05 09:45:43 [Info]: Hidden file: C:\WINNT\SYSTEM32\DRIVERS\PORASPTI.SYS



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.60.169.22:80

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable 0*00000000(0)


virus-protect.org Valid HTML 4.0 Ranking-Hits