winfixer 2005 problemThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
26.10.2005, 22:45
...neu hier
Beiträge: 5 |
||
|
||
26.10.2005, 22:47
Ehrenmitglied
Beiträge: 29434 |
#92
Hallo@papa
nun, wenn es so gut aussieht, dann poste mal bitte das neue Log vom HijackThis und noch mal die datfindbat (die 4 logs) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.10.2005, 22:57
...neu hier
Beiträge: 5 |
#93
Sabina, so nach und nach kommt alles...
Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5C31-D50E Verzeichnis von C:\WINDOWS\system32 26.10.2005 23:10 159.978 nppoq.ini2 26.10.2005 22:41 159.510 nppoq.bak2 26.10.2005 19:00 28.173 wvuur.dll 26.10.2005 13:04 28.173 rqrsq.dll 26.10.2005 10:13 28.173 ddaby.dll 24.10.2005 12:19 5.618 jupdate-1.5.0_05-b05.log 24.10.2005 10:55 141.330 nppoq.ini 24.10.2005 10:36 140.323 nppoq.tmp 24.10.2005 10:25 140.323 nppoq.bak1 24.10.2005 10:25 540.692 qoppn.dll 24.10.2005 10:19 13.646 wpa.dbl 21.10.2005 08:44 163.840 mdiinsrv.exe 21.10.2005 08:44 45.056 tlnadsnw.dll 21.10.2005 08:41 28.173 jkhee.dll 05.10.2005 09:36 2.301.792 MRT.exe 04.10.2005 17:26 3.013.120 mshtml.dll 23.09.2005 05:06 8.491.520 shell32.dll 10.09.2005 03:54 2.067.968 cdosys.dll 03.09.2005 01:53 664.064 wininet.dll 03.09.2005 01:53 474.112 shlwapi.dll 03.09.2005 01:53 1.484.288 shdocvw.dll 03.09.2005 01:53 605.696 urlmon.dll 03.09.2005 01:53 55.808 extmgr.dll 03.09.2005 01:53 530.432 mstime.dll 03.09.2005 01:53 146.432 msrating.dll 03.09.2005 01:53 96.768 inseng.dll 03.09.2005 01:53 448.512 mshtmled.dll 03.09.2005 01:53 251.392 iepeers.dll 03.09.2005 01:53 39.424 pngfilt.dll 03.09.2005 01:53 205.312 dxtrans.dll 03.09.2005 01:53 1.055.744 danim.dll 03.09.2005 01:53 152.064 cdfview.dll 03.09.2005 01:53 1.019.904 browseui.dll 01.09.2005 03:44 292.352 winsrv.dll 01.09.2005 03:44 19.968 linkinfo.dll 30.08.2005 05:55 1.292.800 quartz.dll 26.08.2005 18:14 127.078 javaws.exe 26.08.2005 18:14 49.265 jpicpl32.cpl 26.08.2005 15:55 49.250 javaw.exe 26.08.2005 15:55 49.248 java.exe Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5C31-D50E Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp 26.10.2005 22:41 206 jusched.log 1 Datei(en) 206 Bytes 0 Verzeichnis(se), 32.358.326.272 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5C31-D50E Verzeichnis von C:\WINDOWS 26.10.2005 23:12 24 puJqc 26.10.2005 22:41 159 wiadebug.log 26.10.2005 22:41 1.768.230 WindowsUpdate.log 26.10.2005 22:40 50 wiaservc.log 26.10.2005 22:40 0 0.log 26.10.2005 22:40 2.048 bootstat.dat 26.10.2005 22:39 32.540 SchedLgU.Txt 20.06.2005 16:35 49 NeroDigital.ini Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5C31-D50E Verzeichnis von C:\ 26.10.2005 23:13 0 sys.txt 26.10.2005 23:12 3.427 system.txt 26.10.2005 23:12 295 systemtemp.txt 26.10.2005 23:10 99.557 system32.txt 26.10.2005 22:40 536.399.872 hiberfil.sys 26.10.2005 22:40 1.610.612.736 pagefile.sys 22.04.2005 19:58 5.655 data Logfile of HijackThis v1.99.1 Scan saved at 23:04:39, on 26.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Dokumente und Einstellungen\Administrator\Desktop\security suite\ewidoctrl.exe C:\Dokumente und Einstellungen\Administrator\Desktop\security suite\ewidoguard.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\atiptaxx.exe C:\WINDOWS\soundman.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\Programme\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Internet Explorer\iexplore.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis_199[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\ddaby.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\qoppn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O20 - Winlogon Notify: ddaby - C:\WINDOWS\SYSTEM32\ddaby.dll O20 - Winlogon Notify: qoppn - C:\WINDOWS\system32\qoppn.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ewido security suite control - ewido networks - C:\Dokumente und Einstellungen\Administrator\Desktop\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Dokumente und Einstellungen\Administrator\Desktop\security suite\ewidoguard.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe --------------------------------------------------------- ewido security suite - Scan Report --------------------------------------------------------- + Erstellt am: 23:38:27, 26.10.2005 + Report-Checksumme: EF8351AB + Scanergebnis: C:\WINDOWS\system32\qoppn.dll -> Spyware.Virtumonde : Gesäubert mit Backup ::Report Ende Dieser Beitrag wurde am 26.10.2005 um 23:38 Uhr von papa editiert.
|
|
|
||
27.10.2005, 00:34
Ehrenmitglied
Beiträge: 29434 |
#94
Hallo@papa
das muss manuell geloescht werden: nppoq.ini -->mit rechtsklick oeffnen--> waehle Notepad (oder Texteditor) und kopiere ab, was drin steht nppoq.bak2-->mit rechtsklick oeffnen und kopiere ab, was drin steht nppoq.bak1-->mit rechtsklick oeffnen und kopiere ab, was drin steht Verzeichnis von C:\WINDOWS\system32 26.10.2005 23:10 159.978 nppoq.ini2 26.10.2005 22:41 159.510 nppoq.bak2 26.10.2005 19:00 28.173 wvuur.dll 26.10.2005 13:04 28.173 rqrsq.dll 26.10.2005 10:13 28.173 ddaby.dll 24.10.2005 10:55 141.330 nppoq.ini 24.10.2005 10:36 140.323 nppoq.tmp 24.10.2005 10:25 140.323 nppoq.bak1 24.10.2005 10:25 540.692 qoppn.dll 24.10.2005 10:19 13.646 wpa.dbl 21.10.2005 08:44 163.840 mdiinsrv.exe 21.10.2005 08:44 45.056 tlnadsnw.dll 21.10.2005 08:41 28.173 jkhee.dll Verzeichnis von C:\WINDOWS 26.10.2005 23:12 24 puJqc __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.10.2005, 09:12
...neu hier
Beiträge: 4 |
#95
Hallo,
ich gehöre seit kurzem auch zu den Winfixer-Opfern und habe nach allerhand Selbstversuchen keine Idee mehr, wie ich das Ding loswerde :-( Daher bitte ich euch um Hilfe. Hier ist schonmal ein aktuelles HijackThis-Log: Logfile of HijackThis v1.99.1 Scan saved at 09:11:08, on 27.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Programme\IBM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Programme\ThinkPad\Utilities\TpKmapMn.exe C:\Programme\ThinkPad\Utilities\TpKmapMn.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\ThinkPad\Utilities\TpKmapMn.exe C:\Programme\Messenger\msmsgs.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programme\IBM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Microsoft Office\OFFICE11\POWERPNT.EXE C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\WINDOWS\system32\WISPTIS.EXE D:\tmp\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = charon.media-saturn.com:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.media-saturn.com;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\awvtu.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [ControlCenter] "C:\Programme\IBM fingerprint software\ctlcntr.exe" /startup O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UC_Start] C:\Programme\IBM\Updater\\ucstartup.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [QCTRAY] C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [TPKMAPMN] C:\Programme\ThinkPad\Utilities\TpKmapMn.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Startup: TrueCrypt.lnk = C:\Programme\TrueCrypt\TrueCrypt.exe O4 - Startup: Verknüpfung mit OUTLOOK.lnk = C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\IBM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra 'Tools' menuitem: IBM Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124019998890 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cqc-net.de O17 - HKLM\Software\..\Telephony: DomainName = cqc-net.de O17 - HKLM\System\CCS\Services\Tcpip\..\{2386CD39-C6DD-4434-A07B-0D1C1453C438}: NameServer = 192.168.0.1, O17 - HKLM\System\CCS\Services\Tcpip\..\{7B7AE086-3867-44FE-ADD5-F196B998EBE7}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cqc-net.de O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cqc-net.de O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll O20 - Winlogon Notify: psfus - C:\Programme\IBM fingerprint software\psfus.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\IBM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Retrospect Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe Außerdem habe ich gleichzeitig (?) das Problem bekommen, dass mein Notebook nicht mehr in den Ruhezustand fahren will, wenn ich noch angemeldet bin. Gibt es da einen direkten Zusammenhang oder ist das Zufall? Vielen Dank schonmal für eure Bemühungen! Grüße Christian |
|
|
||
27.10.2005, 13:58
...neu hier
Beiträge: 4 |
#96
Hallo,
ich hab jetzt echt so viel über den WinFixer gelesen aber ich finde den Fehler nicht. Kann sich bitte mal einer von Euch mein Hijack anschauen und mir sagen, was weg muß ? *entnervtguck* Logfile of HijackThis v1.99.1 Scan saved at 13:54:33, on 27.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\TOSHIBA\PadTouch\PadExe.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\TOSHIBA\Power Management\CePMTray.exe C:\Programme\TOSHIBA\E-KEY\CeEKey.exe C:\Programme\EzButton\EzButton.EXE C:\Programme\TOSHIBA\TouchPad\TPTray.exe C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\RF Wireless Mouse\cm20.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programme\SpeedswitchXP\SpeedswitchXP.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\RAMASST.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\TOSHIBA\Power Management\CeEPwrSvc.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\fxssvc.exe C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\DOKUME~1\Alpha\LOKALE~1\Temp\Temporäres Verzeichnis 9 für hijackthis.zip\HijackThis.exe C:\WINDOWS\notepad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] "C:\Programme\TOSHIBA\PadTouch\PadExe.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Programme\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [EzButton] C:\Programme\EzButton\EzButton.EXE O4 - HKLM\..\Run: [TPNF] C:\Programme\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Start RF Wireless Mouse] C:\Programme\RF Wireless Mouse\cm20.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [SpeedswitchXP] C:\Programme\SpeedswitchXP\SpeedswitchXP.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: eBay - {C61A2E0E-6D7E-4555-ACA0-50DB2CD83D4B} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU) O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103383417781 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programme\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe Welcher Typen des WinFixer ist das denn ? |
|
|
||
27.10.2005, 14:04
Ehrenmitglied
Beiträge: 29434 |
#97
trc007 und CONCEPT71
postet mir das log von Option 1 http://virus-protect.org/l2mfix.html datfindbat--> zwei Monate vom Datum her genuegen und bitte auch die Pfadangaben von jedem der 4 Logs oberhalb mit abkopieren http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.10.2005, 14:55
Member
Beiträge: 16 |
#98
Hi Sabina,
hmm, ich hab wirklich alles genau so gemacht, wie du es beschrieben hast (den letzten Schritt sogar mehrmals, um sicherzugehen), aber das Problem ist nach wie vor da..."ewido security site" meldet sofort nach dem reboot die gelöschten Dateien als wieder anwesend. Ich bin nun schon etwas verzweifelt... achja, bei der Killbox kommt folgendes, wenn ich alles eingeben habe: Pocket killbox Warnung nach Anklicken von “yes” für reboot: PendingFilenameOperations Registry Data has been Removed by External Data => danach musste ich manuell rebooten Hast du noch nen Tipp auf Lager? ich wäre dir sehr dankbar... Ciao und viele Grüße, panther23 |
|
|
||
27.10.2005, 15:14
...neu hier
Beiträge: 4 |
#99
Hallo Sabina,
hier ist mal das Ergebnis von l2mfix (das andere folgt unten): L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awvtu] "Asynchronous"=dword:00000001 "DllName"="C:\\WINDOWS\\system32\\awvtu.dll" "Impersonate"=dword:00000000 "Startup"="SysLogon" "Logoff"="SysLogoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus] "DLLName"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,\ 6d,00,65,00,5c,00,49,00,42,00,4d,00,20,00,66,00,69,00,6e,00,67,00,65,00,72,\ 00,70,00,72,00,69,00,6e,00,74,00,20,00,73,00,6f,00,66,00,74,00,77,00,61,00,\ 72,00,65,00,5c,00,70,00,73,00,66,00,75,00,73,00,2e,00,64,00,6c,00,6c,00,00,\ 00 "Impersonate"=dword:00000000 "Logon"="LogonEvent" "StartShell"="ShellStartEvent" "Asynchronous"=dword:00000000 "Shutdown"="ShutdownEvent" "Startup"="StartupEvent" "Lock"="LockEvent" "Unlock"="UnlockEvent" "Logoff"="LogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina] "DllName"="QConGina.dll" "Logoff"="QConGinaWLEventLogoff" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey] @="" "DllName"="tphklock.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "Startup"="WLEventStartup" "Shutdown"="WLEventShutdown" "Logon"="WLEventLogon" "Logoff"="WLEventLogoff" "Lock"="WLEventLock" "Unlock"="WLEventUnlock" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschaftenseite fr vorherige Versionen" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorherige Versionen" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" @="" "{6af09ec9-b429-11d4-a1fb-0090960218cb}"="My Bluetooth Places" "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt" "{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" "{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}" "{7059DA7A-7E60-11d2-A355-00C04FB9D26E}"="Maxtor Locked Drives" "{40950107-FEA6-4d53-A65F-B2DCBA57DD58}"="Nokia Phone Browser" "{FBFE7864-D495-41f0-B7DC-4BB601CC295E}"="Contact View" "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View" "{9A0FCE34-C7CA-4F8F-A2BD-2265244B280B}"="YDS Icon Overlay Handler" "{4469E55B-EF37-4E08-A39B-5774F91DB50B}"="YDS Icon Handler" "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"="OpenOffice.org Column Handler" "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}"="OpenOffice.org Infotip Handler" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice.org Property Sheet Handler" "{3B092F0C-7696-40E3-A80F-68D74DA84210}"="OpenOffice.org Thumbnail Viewer" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ asycfilt.dll Wed 3 Aug 2005 7:00:00 A.... 65.024 63,50 K awvtu.dll Sat 22 Oct 2005 8:22:26 ..SH. 540.692 528,02 K browseui.dll Sat 3 Sep 2005 1:53:54 A.... 1.019.904 996,00 K cdfview.dll Sat 3 Sep 2005 1:53:54 A.... 152.064 148,50 K cdosys.dll Sat 10 Sep 2005 3:54:28 A.... 2.067.968 1,97 M comcat.dll Wed 3 Aug 2005 7:00:00 A.... 3.584 3,50 K danim.dll Sat 3 Sep 2005 1:53:54 A.... 1.055.744 1,00 M dxtrans.dll Sat 3 Sep 2005 1:53:54 A.... 205.312 200,50 K extmgr.dll Sat 3 Sep 2005 1:53:54 A.... 55.808 54,50 K iepeers.dll Sat 3 Sep 2005 1:53:56 A.... 251.904 246,00 K inseng.dll Sat 3 Sep 2005 1:53:56 A.... 96.768 94,50 K legitc~1.dll Wed 3 Aug 2005 10:33:42 A.... 520.456 508,26 K linkinfo.dll Thu 1 Sep 2005 3:46:10 A.... 19.968 19,50 K mljgg.dll Fri 21 Oct 2005 8:22:52 ..SH. 28.173 27,51 K mshtml.dll Wed 5 Oct 2005 2:52:08 A.... 3.015.680 2,88 M mshtmled.dll Sat 3 Sep 2005 1:53:56 A.... 448.512 438,00 K msrating.dll Sat 3 Sep 2005 1:53:56 A.... 146.432 143,00 K mstime.dll Sat 3 Sep 2005 1:53:56 A.... 530.432 518,00 K msvbvm50.dll Wed 3 Aug 2005 7:00:00 A.... 1.355.776 1,29 M netman.dll Mon 22 Aug 2005 20:31:48 A.... 197.632 193,00 K nwwks.dll Thu 11 Aug 2005 17:11:34 A.... 65.024 63,50 K pdfmon.dll Tue 16 Aug 2005 14:21:10 A.... 46.648 45,55 K pdfmona.dll Tue 16 Aug 2005 14:21:10 A.... 114.738 112,05 K pngfilt.dll Sat 3 Sep 2005 1:53:56 A.... 39.424 38,50 K quartz.dll Tue 30 Aug 2005 5:55:36 A.... 1.292.800 1,23 M shdocvw.dll Sat 3 Sep 2005 1:53:56 A.... 1.485.824 1,41 M shell32.dll Fri 23 Sep 2005 5:24:06 A.... 8.493.568 8,10 M shlwapi.dll Sat 3 Sep 2005 1:53:56 A.... 474.624 463,50 K ssqrs.dll Fri 21 Oct 2005 12:33:10 ..SH. 28.173 27,51 K sstqo.dll Fri 21 Oct 2005 18:12:46 ..SH. 28.173 27,51 K umpnpmgr.dll Tue 23 Aug 2005 5:39:58 A.... 124.416 121,50 K urlmon.dll Sat 3 Sep 2005 1:53:56 A.... 606.208 592,00 K vb5db.dll Wed 3 Aug 2005 7:00:00 A.... 89.360 87,27 K vb5de.dll Wed 3 Aug 2005 7:00:00 A.... 99.866 97,52 K wininet.dll Sat 3 Sep 2005 1:53:56 A.... 666.112 650,50 K winsrv.dll Thu 1 Sep 2005 3:46:12 A.... 292.352 285,50 K xpsp3res.dll Tue 27 Sep 2005 2:47:42 A.... 24.064 23,50 K 37 items found: 37 files (4 H/S), 0 directories. Total of file sizes: 25.749.207 bytes 24,55 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ mcrh.tmp Wed 26 Oct 2005 13:56:10 A.... 142 0,14 K utvwa.tmp Thu 27 Oct 2005 10:58:36 ..SH. 203.508 198,74 K 2 items found: 2 files (1 H/S), 0 directories. Total of file sizes: 203.650 bytes 198,88 K ********************************************************************************** Directory Listing of system files: Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 2486-3258 Verzeichnis von C:\WINDOWS\System32 27.10.2005 15:08 163.739 utvwa.ini2 27.10.2005 15:04 165.150 utvwa.bak2 27.10.2005 10:58 203.508 utvwa.tmp 27.10.2005 08:38 202.369 utvwa.ini 22.10.2005 08:22 140.323 utvwa.bak1 22.10.2005 08:22 540.692 awvtu.dll 21.10.2005 18:12 28.173 sstqo.dll 21.10.2005 12:33 28.173 ssqrs.dll 21.10.2005 08:22 28.173 mljgg.dll 06.10.2005 10:13 <DIR> dllcache 10.08.2004 13:34 <DIR> Microsoft 9 Datei(en) 1.500.300 Bytes 2 Verzeichnis(se), 24.082.112.512 Bytes frei ... und hier jetzt das von datfindbat: Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 2486-3258 Verzeichnis von C:\WINDOWS\system32 27.10.2005 15:11 164.047 utvwa.ini2 27.10.2005 15:06 62.592 TPAPSLOG.LOG 27.10.2005 15:04 165.150 utvwa.bak2 27.10.2005 15:03 90.112 TPHDLOG0.LOG 27.10.2005 10:58 203.508 utvwa.tmp 27.10.2005 08:38 202.369 utvwa.ini 26.10.2005 13:56 142 mcrh.tmp 26.10.2005 09:07 12.598 wpa.dbl 22.10.2005 08:35 199.344 FNTCACHE.DAT 22.10.2005 08:22 140.323 utvwa.bak1 22.10.2005 08:22 540.692 awvtu.dll 21.10.2005 18:12 28.173 sstqo.dll 21.10.2005 12:33 28.173 ssqrs.dll 21.10.2005 08:22 28.173 mljgg.dll 05.10.2005 04:09 2.301.792 MRT.exe 05.10.2005 02:52 3.015.680 mshtml.dll Was ich noch nicht verstanden habe ist, welche Pfadangaben Du noch benötigst. Oder reicht das schon so? Danke schonmal! Grüße Christian Dieser Beitrag wurde am 27.10.2005 um 15:18 Uhr von trc007 editiert.
|
|
|
||
27.10.2005, 15:39
Ehrenmitglied
Beiträge: 29434 |
#100
trc007
Download: VundoFix.exe (in der mittte vom Thread) Quelle: http://www.geekstogo.com/forum/Winfixer-removal-problem Lade und auf dem Desktop entpacken * boote in den abgesicherten Modus (F8 druecken, wenn er PC hochfaehrt * Double-click VundoFix.exe * Klicke KillVundo.bat * gebe nun ein: C:\WINDOWS\system32\awvtu.dll # Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. # Next you will see: Please type in the second filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix. gib ein: C:\WINDOWS\system32\utvwa.* # Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. # The fix will run then HijackThis will open. # In HijackThis, please place a check next to the following items and click FIX CHECKED: O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\awvtu.dll O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll # After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer. # Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry! # Once your machine reboots please continue with the instructions below. After the reboot, delete these files if found: CCleaner (loesche alle temporaeren Dateien) http://virus-protect.org/temp.html C:\WINDOWS\system32\sstqo.dll C:\WINDOWS\system32\ssqrs.dll C:\WINDOWS\system32\mljgg.dll dann poste noch mal das erste Log von Datfindbat.+ das neue Log vom HijackThis Zitat Verzeichnis von C:\WINDOWS\system32 Zitat Verzeichnis von C:\WINDOWS\System32 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.10.2005, 15:50
Ehrenmitglied
Beiträge: 29434 |
#101
panther23
das Problem: es sind zwei dll und ich weiss nicht, wie der Vundo.fix darauf reagiert.... Download: VundoFix.exe (in der mittte vom Thread) Quelle: http://www.geekstogo.com/forum/Winfixer-removal-problem Lade und auf dem Desktop entpacken * boote in den abgesicherten Modus (F8 druecken, wenn er PC hochfaehrt * Double-click VundoFix.exe * Klicke KillVundo.bat * gebe nun ein: C:\WINDOWS\system32\byxwt.dll # Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. # Next you will see: Please type in the second filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix. gib ein: C:\WINDOWS\system32\twxyb.* # Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. # The fix will run then HijackThis will open. # In HijackThis, please place a check next to the following items and click FIX CHECKED: O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\tuvur.dll O2 - BHO: (no name) - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\byxwt.dll O20 - Winlogon Notify: byxwt - C:\WINDOWS\system32\byxwt.dll O20 - Winlogon Notify: tuvur - C:\WINDOWS\SYSTEM32\tuvur.dll # After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer. # Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry! # Once your machine reboots please continue with the instructions below. CCleaner (loesche alle temporaeren Dateien) http://virus-protect.org/temp.html After the reboot, delete these files if found: C:\WINDOWS\SYSTEM32\xxyay.dll C:\WINDOWS\SYSTEM32\geeda.dll C:\WINDOWS\SYSTEM32\tuvur.dll Zitat 26.10.2005 13:49 188.110 twxyb.ini2 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.10.2005, 16:14
...neu hier
Beiträge: 4 |
#102
Hallo Sabrina, meinst du det hier ?
L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{2458202D-5B30-11D4-A67E-BBC48E7D834A}"="CellinkMouse Property Sheet" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{B7056B8E-4F99-44f8-8CBD-282390FE5428}"="VirtualCloneDrive" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universelle Plug & Play-Ger„te" "{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1" "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: Locate .tmp files: Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: AC99-2E21 Verzeichnis von C:\WINDOWS\System32 26.10.2005 08:20 <DIR> dllcache 19.08.2004 12:09 <DIR> Microsoft 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 11.829.919.744 Bytes frei Und hier das andere. Da steht was unter dem 26.10. aber ich hab das Ding doch schon länger als seit gestern drauf ! Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: AC99-2E21 Verzeichnis von C:\DOKUME~1\Alpha\LOKALE~1\Temp 27.10.2005 14:05 512 ~DF2261.tmp 27.10.2005 14:05 512 ~DF1E52.tmp 27.10.2005 13:32 16.384 ~WRF2165.tmp 27.10.2005 10:47 620.956 ~WRS0280.tmp 27.10.2005 07:00 512 ~DF5E28.tmp 27.10.2005 06:39 512 ~DF9971.tmp 27.10.2005 06:39 16.384 ~DF922E.tmp 27.10.2005 06:39 512 ~DF86ED.tmp 26.10.2005 17:35 3.468 TWAIN.LOG 26.10.2005 17:35 4 Twain001.Mtx 26.10.2005 17:35 156 Twunk001.MTX 26.10.2005 17:31 64 Mein Katalog-pju.ldb 26.10.2005 11:00 1.409 FOR48.tmp 26.10.2005 11:00 4.712 ZTR47.tmp 26.10.2005 11:00 1.409 FOR46.tmp 26.10.2005 11:00 23.516 ZTR45.tmp 26.10.2005 11:00 18.728 ZTR43.tmp 26.10.2005 11:00 1.409 FOR44.tmp 26.10.2005 08:07 16.384 ~DF7635.tmp 26.10.2005 07:13 2.375.816 ~WinFixer2005ScannerSetup.exe 25.10.2005 16:38 650 tmp53.tmp 25.10.2005 16:19 500 tmp4D.tmp 25.10.2005 09:18 642 tmp39.tmp 24.10.2005 21:18 10.474 h2r9D.tmp 21.10.2005 13:59 500 tmp35.tmp 20.10.2005 16:06 546 dw.log 20.10.2005 14:27 1.166 ~WRD0004.doc 20.10.2005 13:40 520 tmp2E.tmp 20.10.2005 13:40 16.384 ~WRF2130.tmp 20.10.2005 10:33 512 ~DF8BF3.tmp 20.10.2005 09:45 234.496 ~WRS0005.tmp 20.10.2005 09:07 512 ~DF540A.tmp 20.10.2005 08:43 512 ~DFE77D.tmp 20.10.2005 08:19 32.768 ~DF5D65.tmp 20.10.2005 08:19 32.768 ~DF5217.tmp 20.10.2005 08:19 512 ~DF4F19.tmp 20.10.2005 07:45 512 ~DFABC5.tmp 20.10.2005 07:24 512 ~DF2E99.tmp 20.10.2005 07:24 16.384 ~DF288D.tmp 20.10.2005 07:24 512 ~DF2137.tmp 19.10.2005 16:48 45.096 _VWUPSRV.EXE 19.10.2005 10:07 512 ~DFC7AD.tmp 19.10.2005 09:52 23.679 ~WRD0001.doc 19.10.2005 09:52 32.400 ~WRS0004.tmp 19.10.2005 09:47 512 ~DF1149.tmp 19.10.2005 09:47 16.384 ~DFAAD.tmp 19.10.2005 09:47 512 ~DF3F8.tmp 16.10.2005 18:46 97 ram9.ram 16.10.2005 18:46 717 control.xml 15.10.2005 11:29 555 EPS_PicLookup.dat 15.10.2005 11:22 0 EPSLog.txt 13.10.2005 09:54 1.770 18030.mht 13.10.2005 09:53 0 mer2E.tmp 13.10.2005 09:53 74.537 kyf2D.tmp 13.10.2005 09:53 29.480 18026.mht 13.10.2005 09:49 621.056 Del2F.tmp 13.10.2005 07:52 16.384 ~DF6EF1.tmp 10.10.2005 13:28 642 tmp62.tmp 10.10.2005 13:13 16.384 ~DF737A.tmp 10.10.2005 13:12 614 tmp4E.tmp 10.10.2005 13:12 614 tmp49.tmp 10.10.2005 13:10 614 tmp40.tmp 10.10.2005 13:10 614 tmp3B.tmp 10.10.2005 12:46 612 tmp25.tmp 10.10.2005 12:46 612 tmp20.tmp 09.10.2005 13:17 512 ~DF5D5B.tmp 09.10.2005 13:05 512 ~DFD5D0.tmp 09.10.2005 13:05 16.384 ~DFD145.tmp 09.10.2005 13:05 512 ~DFC4FC.tmp 07.10.2005 11:49 16.384 ~DF3FB7.tmp 06.10.2005 12:02 648 tmp1E.tmp 05.10.2005 08:08 16.384 ~DF314E.tmp 04.10.2005 20:35 16.384 ~DF7319.tmp 29.09.2005 07:13 16.384 ~DF9BCC.tmp 28.09.2005 11:14 620 tmp33.tmp 28.09.2005 08:01 16.384 ~DF82EE.tmp 27.09.2005 09:22 644 tmp29.tmp 27.09.2005 09:16 598 tmp22.tmp 27.09.2005 09:13 598 tmp1B.tmp 26.09.2005 13:56 11.264 ~WRS0003.tmp 26.09.2005 11:56 56.657 TFR73.tmp 26.09.2005 11:25 67.560 TFR51.tmp 26.09.2005 11:25 21.122 TFR50.tmp 26.09.2005 11:25 23.427 TFR4F.tmp 26.09.2005 11:25 71.682 TFR4E.tmp 26.09.2005 11:25 10.225 TFR4C.tmp 26.09.2005 11:25 35.574 TFR49.tmp 26.09.2005 11:25 32.204 TFR48.tmp 26.09.2005 11:25 27.777 TFR47.tmp 26.09.2005 09:48 32.768 ~DFDF79.tmp 26.09.2005 09:48 32.768 ~DFD0FF.tmp 26.09.2005 09:48 512 ~DFCE19.tmp 26.09.2005 08:14 512 ~DFD2ED.tmp 26.09.2005 08:04 512 ~DF2F3B.tmp 26.09.2005 08:04 16.384 ~DF1B0B.tmp 26.09.2005 08:04 512 ~DF1080.tmp 25.09.2005 11:28 16.384 Perflib_Perfdata_66c.dat 23.09.2005 08:23 648 tmp10.tmp 23.09.2005 08:23 16.384 ~WRF0009.tmp 23.09.2005 08:15 16.384 ~DF167F.tmp 22.09.2005 07:42 16.384 ~DF52AF.tmp 21.09.2005 09:20 624 tmp21.tmp 21.09.2005 08:06 16.384 ~DFA431.tmp 17.09.2005 15:21 24 ~SBlue23_4 14.09.2005 13:35 512 ~DFF79A.tmp 14.09.2005 13:21 512 ~DF4166.tmp 14.09.2005 13:21 6.830 ~WRS0002.tmp 14.09.2005 13:01 512 ~DF495B.tmp 14.09.2005 13:01 16.384 ~DF420E.tmp 14.09.2005 13:01 512 ~DF3DF5.tmp 13.09.2005 16:31 514 MSI437eb.LOG 13.09.2005 10:06 628 tmp1A.tmp 13.09.2005 10:05 624 tmp15.tmp 12.09.2005 19:49 514 MSIf9d4a.LOG 12.09.2005 19:49 514 MSIf9d49.LOG 09.09.2005 14:26 624 tmpA9.tmp 09.09.2005 12:36 598 tmp90.tmp 09.09.2005 12:26 600 tmp8B.tmp 09.09.2005 10:57 624 tmp65.tmp 09.09.2005 10:33 126 ~SRed23_4 09.09.2005 09:39 620 tmp28.tmp 07.09.2005 19:27 0 flaA.tmp 07.09.2005 19:27 0 fla9.tmp 07.09.2005 19:26 0 fla8.tmp 07.09.2005 19:26 0 fla7.tmp 07.09.2005 15:03 11.967 BCG3A.tmp 07.09.2005 15:03 11.967 BCG3B.tmp 07.09.2005 14:54 512 ~DF1989.tmp 07.09.2005 14:54 16.384 ~DF150E.tmp 07.09.2005 14:54 512 ~DF1045.tmp 07.09.2005 14:54 65.536 ~WRF2222.tmp 07.09.2005 14:54 16.384 ~DFD0A2.tmp 07.09.2005 13:38 16.384 ~DFAA0E.tmp 07.09.2005 13:05 1.096 alpha004.html 07.09.2005 13:05 40.844.933 alpha004.swf 07.09.2005 12:53 1.096 alpha003.html 07.09.2005 12:53 40.844.826 alpha003.swf 07.09.2005 12:09 77.918.208 ~PST4822.tmp 07.09.2005 11:16 11.967 BCG2B.tmp 07.09.2005 11:16 11.967 BCG2A.tmp 07.09.2005 11:15 11.967 BCG28.tmp 07.09.2005 11:15 11.967 BCG29.tmp 07.09.2005 10:11 512 ~DF2E72.tmp 07.09.2005 10:01 512 ~DF7A0F.tmp 07.09.2005 10:00 512 ~DF6367.tmp 07.09.2005 10:00 16.384 ~DF5AE4.tmp 07.09.2005 10:00 512 ~DF527D.tmp 06.09.2005 09:35 16.384 ~DF916A.tmp 05.09.2005 20:09 1.096 alpha002.html 05.09.2005 20:09 65.974 alpha002.swf 05.09.2005 19:36 1.096 alpha001.html 05.09.2005 19:36 33.675 alpha001.swf 01.09.2005 14:26 624 tmp2C.tmp 01.09.2005 13:42 624 tmp1F.tmp 30.08.2005 12:55 815.104 res12.tmp 26.08.2005 11:06 65.536 ~DF3FE9.tmp 26.08.2005 08:16 3.668 cnvA.tmp 25.08.2005 04:54 3.668 cnv93.tmp 20.08.2005 19:51 514 MSI1794.LOG 20.08.2005 19:49 514 MSI1793.LOG 20.08.2005 19:20 292.209 Babylon_Assistance_Glossary.BGL 17.08.2005 08:20 3.668 cnvF.tmp 16.08.2005 19:17 1.108 comphoto001.html 16.08.2005 19:17 147.270 comphoto001.swf 16.08.2005 11:12 1.084 Film1.html 16.08.2005 11:12 28.463 Film1.swf 13.08.2005 21:40 1.108 comphoto003.html 13.08.2005 21:40 30.396 comphoto003.swf 11.08.2005 12:01 16.384 ~DF28E8.tmp 10.08.2005 21:33 1.104 Filmaudi22.html 10.08.2005 21:33 65.737 Filmaudi22.swf 10.08.2005 19:00 514 MSI1e01c.LOG 10.08.2005 18:59 514 MSI1e01b.LOG 10.08.2005 18:59 514 MSI1e01a.LOG 10.08.2005 12:53 514 MSI20121.LOG 10.08.2005 12:53 514 MSI20120.LOG 10.08.2005 09:14 796 PrePict.htm 02.08.2005 13:50 28 ~SRed2 01.08.2005 14:47 16.384 Perflib_Perfdata_5fc.dat Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: AC99-2E21 Verzeichnis von C:\ 27.10.2005 16:38 0 sys.txt 27.10.2005 16:38 10.392 system.txt 27.10.2005 16:35 21.385 systemtemp.txt 27.10.2005 16:34 102.600 system32.txt 27.10.2005 06:39 535.351.296 hiberfil.sys 27.10.2005 06:39 805.306.368 pagefile.sys 14.10.2005 18:10 13.312 dvb.GRF 17.06.2005 11:27 1.120 INSTALL.LOG 12.05.2005 10:49 22 backup.log Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: AC99-2E21 Verzeichnis von C:\WINDOWS\system32 26.10.2005 08:22 1.158 wpa.dbl 05.10.2005 04:09 2.301.792 MRT.exe 04.10.2005 17:26 3.013.120 mshtml.dll 23.09.2005 05:06 8.491.520 shell32.dll 10.09.2005 03:54 2.067.968 cdosys.dll 03.09.2005 01:53 664.064 wininet.dll 03.09.2005 01:53 448.512 mshtmled.dll 03.09.2005 01:53 205.312 dxtrans.dll 03.09.2005 01:53 146.432 msrating.dll 03.09.2005 01:53 1.484.288 shdocvw.dll 03.09.2005 01:53 55.808 extmgr.dll 03.09.2005 01:53 530.432 mstime.dll 03.09.2005 01:53 39.424 pngfilt.dll 03.09.2005 01:53 251.392 iepeers.dll 03.09.2005 01:53 96.768 inseng.dll 03.09.2005 01:53 474.112 shlwapi.dll 03.09.2005 01:53 605.696 urlmon.dll 03.09.2005 01:53 1.055.744 danim.dll 03.09.2005 01:53 152.064 cdfview.dll 03.09.2005 01:53 1.019.904 browseui.dll 01.09.2005 03:44 292.352 winsrv.dll 01.09.2005 03:44 19.968 linkinfo.dll 30.08.2005 05:55 1.292.800 quartz.dll 23.08.2005 05:39 124.416 umpnpmgr.dll 22.08.2005 20:31 197.632 netman.dll 10.08.2005 12:37 35.128 SpoonUninstall-dBpowerAMP Music Converter.dat 10.08.2005 12:37 130.048 SpoonUninstall.exe 10.08.2005 12:36 33.846 SpoonUninstall-dBpowerAMP Music Converter.bmp 01.08.2005 17:49 3.920 esnecil.ind Dieser Beitrag wurde am 27.10.2005 um 16:42 Uhr von CONCEPT71 editiert.
|
|
|
||
27.10.2005, 16:54
Member
Beiträge: 16 |
#103
Hi Sabina,
ich hab die Dinge nun ausgeführt...ich habe C:\WINDOWS\SYSTEM32\xxyay.dll C:\WINDOWS\SYSTEM32\geeda.dll nach dem ccleaner-Ausführen manuell löschen können, aber C:\WINDOWS\SYSTEM32\tuvur.dll ließ sich nicht löschen...das Problem besteht weiterhin (popups)... hätte ich bei dem Neustart nach Hijackthis vielleicht auch im abgesicherten Modus booten sollen? Ciao, panther23 |
|
|
||
27.10.2005, 17:14
...neu hier
Beiträge: 4 |
#104
Hi Sabina,
bislang hat alles gut funktioniert. Hier der erste Teil vom datfindbat.-Log: Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 2486-3258 Verzeichnis von C:\WINDOWS\system32 27.10.2005 16:46 90.752 TPHDLOG0.LOG 27.10.2005 16:46 12.598 wpa.dbl 27.10.2005 16:19 62.720 TPAPSLOG.LOG 26.10.2005 13:56 142 mcrh.tmp 22.10.2005 08:35 199.344 FNTCACHE.DAT 05.10.2005 04:09 2.301.792 MRT.exe 05.10.2005 02:52 3.015.680 mshtml.dll 04.10.2005 11:16 30 brss01a.ini 04.10.2005 11:16 184 brsvc01a.bsi 04.10.2005 11:15 50 BRIDF04A.dat 30.09.2005 08:04 383.588 perfh009.dat 30.09.2005 08:04 53.942 perfc009.dat 30.09.2005 08:04 395.074 perfh007.dat 30.09.2005 08:04 64.994 perfc007.dat 30.09.2005 08:04 900.594 PerfStringBackup.INI 27.09.2005 02:47 24.064 xpsp3res.dll 23.09.2005 05:24 8.493.568 shell32.dll 10.09.2005 03:54 2.067.968 cdosys.dll 03.09.2005 01:53 251.904 iepeers.dll 03.09.2005 01:53 96.768 inseng.dll 03.09.2005 01:53 474.624 shlwapi.dll 03.09.2005 01:53 448.512 mshtmled.dll 03.09.2005 01:53 1.485.824 shdocvw.dll 03.09.2005 01:53 606.208 urlmon.dll 03.09.2005 01:53 146.432 msrating.dll 03.09.2005 01:53 666.112 wininet.dll 03.09.2005 01:53 530.432 mstime.dll 03.09.2005 01:53 39.424 pngfilt.dll 03.09.2005 01:53 152.064 cdfview.dll 03.09.2005 01:53 205.312 dxtrans.dll 03.09.2005 01:53 1.019.904 browseui.dll 03.09.2005 01:53 55.808 extmgr.dll 03.09.2005 01:53 1.055.744 danim.dll 01.09.2005 03:46 292.352 winsrv.dll 01.09.2005 03:46 19.968 linkinfo.dll 30.08.2005 05:55 1.292.800 quartz.dll ... und das neue hijackthis-Log: Logfile of HijackThis v1.99.1 Scan saved at 17:00:01, on 27.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Programme\IBM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Programme\ThinkPad\Utilities\TpKmapMn.exe C:\Programme\ThinkPad\Utilities\TpKmapMn.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\ThinkPad\Utilities\TpKmapMn.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\IBM\Bluetooth Software\BTTray.exe C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = charon.media-saturn.com:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.media-saturn.com;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [ControlCenter] "C:\Programme\IBM fingerprint software\ctlcntr.exe" /startup O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UC_Start] C:\Programme\IBM\Updater\\ucstartup.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [QCTRAY] C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [TPKMAPMN] C:\Programme\ThinkPad\Utilities\TpKmapMn.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Startup: TrueCrypt.lnk = C:\Programme\TrueCrypt\TrueCrypt.exe O4 - Startup: Verknüpfung mit OUTLOOK.lnk = C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\IBM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra 'Tools' menuitem: IBM Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124019998890 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cqc-net.de O17 - HKLM\Software\..\Telephony: DomainName = cqc-net.de O17 - HKLM\System\CCS\Services\Tcpip\..\{2386CD39-C6DD-4434-A07B-0D1C1453C438}: NameServer = 192.168.0.1, O17 - HKLM\System\CCS\Services\Tcpip\..\{7B7AE086-3867-44FE-ADD5-F196B998EBE7}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cqc-net.de O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cqc-net.de O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: psfus - C:\Programme\IBM fingerprint software\psfus.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\IBM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Retrospect Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe Im Moment sieht alles gut aus, auch der Ruhezustand funktioniert wieder. Vielen Dank bis hierhin! Christian |
|
|
||
27.10.2005, 18:14
Ehrenmitglied
Beiträge: 29434 |
#105
Zitat Panther23 posteteja, versuche es im abgesicherten modus, manuell oder mit der killbox __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Sieht bisher ganz gut aus... Großes Dankeschön jedenfalls schon mal