Warning! Your PC is infected with spywareThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
14.12.2005, 20:50
...neu hier
Beiträge: 7 |
||
|
||
15.12.2005, 17:13
Ehrenmitglied
Beiträge: 29434 |
#17
Kuchen
wende cleanup an (genau wie auf der seite erklaert) http://virus-protect.org/cleanup.html kopiere die 4 textdatein http://virus-protect.org/datfindbat.html (ich kann erst morgen wieder nachsehen) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.12.2005, 18:35
...neu hier
Beiträge: 7 |
#18
Hallo mal wieder. Hat lange gedauert, da es sich um den PC meines Pa´s handelt und wir nicht so oft einen Termin finden an dem wir beide können ^^
Hier die Daten: Verzeichnis von C:\WINDOWS\system32 21.12.2005 08:38 2.206 wpa.dbl 21.12.2005 08:38 237.552 FNTCACHE.DAT 14.12.2005 19:32 492.544 WRLogonNtf.dll 14.12.2005 19:32 8.192 ssiefr.EXE 14.12.2005 19:32 17.920 wrlzma.dll 12.12.2005 17:12 2.158 ssmute.ini 11.12.2005 08:21 41.472 msctl32.dll 11.12.2005 08:21 4 winsub.xml 11.12.2005 08:21 58 svcp.csv 11.12.2005 08:20 3.625 scmt16.exe 09.12.2005 01:21 2.723.680 MRT.exe 04.12.2005 19:18 2.550 Uninstall.ico 04.12.2005 19:18 1.406 Help.ico 04.12.2005 19:18 1.718 Open.ico 04.12.2005 19:18 5.350 IE.ico 04.12.2005 19:18 9.470 Desktop.ico 04.12.2005 19:18 1.718 Quick.ico 04.12.2005 18:45 0 asfiles.txt 01.12.2005 04:31 1.492.480 shdocvw.dll 24.11.2005 00:58 3.013.632 mshtml.dll 24.11.2005 00:58 1.022.464 browseui.dll 05.11.2005 04:16 606.208 urlmon.dll 05.11.2005 04:16 1.056.256 danim.dll 03.11.2005 08:34 311.740 perfh009.dat 03.11.2005 08:34 40.128 perfc009.dat 03.11.2005 08:34 48.354 perfc007.dat 03.11.2005 08:34 316.924 perfh007.dat 03.11.2005 08:34 723.744 PerfStringBackup.INI 02.11.2005 00:44 127.574 tsuninst.exe 21.10.2005 04:40 664.064 wininet.dll 21.10.2005 04:40 474.112 shlwapi.dll 21.10.2005 04:40 146.432 msrating.dll 21.10.2005 04:40 530.944 mstime.dll 21.10.2005 04:40 448.512 mshtmled.dll 21.10.2005 04:40 39.424 pngfilt.dll 21.10.2005 04:40 96.768 inseng.dll 21.10.2005 04:40 152.064 cdfview.dll 21.10.2005 04:40 55.808 extmgr.dll 21.10.2005 04:40 205.312 dxtrans.dll 21.10.2005 04:40 251.392 iepeers.dll 20.10.2005 23:25 1.094.144 esent.dll 13.10.2005 00:11 15.584 spmsg.dll 09.10.2005 16:10 196.608 avisynth.dll 09.10.2005 16:10 301.568 l3codeca.acm 09.10.2005 16:10 33.280 HUFFYUV.DLL 07.10.2005 12:50 483.328 actskn45.ocx 06.10.2005 04:18 280.064 gdi32.dll 06.10.2005 04:08 1.839.616 win32k.sys 28.09.2005 15:50 24 sysmwwod.dll 23.09.2005 04:06 8.491.520 shell32.dll 10.09.2005 02:54 2.067.968 cdosys.dll 01.09.2005 02:44 292.352 winsrv.dll 01.09.2005 02:44 19.968 linkinfo.dll Verzeichnis von C:\DOKUME~1\Wilfwo\LOKALE~1\Temp 21.12.2005 18:24 220 jusched.log 1 Datei(en) 220 Bytes 0 Verzeichnis(se), 41.884.295.168 Bytes frei Verzeichnis von C:\WINDOWS 21.12.2005 18:25 0 0.log 21.12.2005 18:24 1.388.627 WindowsUpdate.log 21.12.2005 18:24 2.048 bootstat.dat 21.12.2005 18:23 32.090 SchedLgU.Txt 20.12.2005 18:23 50 wiaservc.log 20.12.2005 18:23 216 wiadebug.log 20.12.2005 18:17 120 emule.INI 15.12.2005 08:43 788.139 iis6.log 15.12.2005 08:43 130.441 ntdtcsetup.log 15.12.2005 08:43 288.590 tsoc.log 15.12.2005 08:43 15.678 tabletoc.log 15.12.2005 08:43 28.542 ocmsn.log 15.12.2005 08:43 10.904 KB910437.log 15.12.2005 08:43 54.458 netfxocm.log 15.12.2005 08:43 23.113 medctroc.Log 15.12.2005 08:43 31.265 msgsocm.log 15.12.2005 08:43 616.089 FaxSetup.log 15.12.2005 08:43 200.574 msmqinst.log 15.12.2005 08:43 26.732 updspapi.log 15.12.2005 08:43 1.393 imsins.BAK 15.12.2005 08:43 16.713 KB905915.log 14.12.2005 19:32 478.720 WRUninstall.dll 11.12.2005 08:21 2.033 hosts 11.12.2005 08:21 1.024 tool5.exe 11.12.2005 08:21 47.616 tool4.exe 11.12.2005 08:21 8.238 tool3.exe 11.12.2005 08:21 1.024 tool1.exe 11.12.2005 08:21 1.999 desktop.html 11.12.2005 08:20 1.024 country.exe 11.12.2005 08:20 0 uniq 04.12.2005 19:19 32 pavsig.txt 04.12.2005 18:45 771 win.ini 04.12.2005 18:30 304.328 ntbtlog.txt 23.11.2005 13:16 42 lows.dxa 10.11.2005 17:13 11.811 KB896424.log 03.11.2005 08:40 73.216 cadkasdeinst01.exe 15.10.2005 15:06 29.953 KB901017.log 15.10.2005 15:06 32.300 KB902400.log 15.10.2005 15:05 19.447 KB896688.log 15.10.2005 15:05 19.944 KB899589.log 15.10.2005 15:05 20.259 KB905414.log 15.10.2005 15:05 20.038 KB900725.log 15.10.2005 15:04 17.440 KB904706.log 15.10.2005 15:04 18.790 KB905749.log 12.10.2005 16:48 116 homeDVD-Fotos4_dlx.INI 12.10.2005 16:27 107 magix.ini 12.10.2005 15:25 192 winamp.ini 09.10.2005 17:57 116 homeDVD-Fotos3.INI 09.10.2005 17:28 54 TwUI215.INI 09.10.2005 16:56 0 homeDVD-Fotos4_5_dlx.INI 09.10.2005 16:16 12.728 SYMEVENT.LOG 29.09.2005 18:49 1.409 QTFont.for 29.09.2005 18:49 54.156 QTFont.qfn Verzeichnis von C:\ 21.12.2005 18:33 0 sys.txt 21.12.2005 18:32 13.449 system.txt 21.12.2005 18:31 293 systemtemp.txt 21.12.2005 18:26 109.251 system32.txt 21.12.2005 18:24 390.070.272 pagefile.sys 04.12.2005 18:27 1.528 rapport.txt 04.12.2005 18:21 1.114 smitfiles.txt 01.12.2005 14:57 1.120 baseclasses.log 14.11.2005 22:30 1.148 avi_log.txt 09.10.2005 18:30 104 shutdown.log 09.10.2005 17:06 1.681 mxfilerelatedcache.mxc2 Bitte um weitere Anweisungen |
|
|
||
21.12.2005, 21:03
Ehrenmitglied
Beiträge: 29434 |
#19
gehe in die Registry
Start-->Ausfuehren--> regedit reinschreiben) klicke dich durch bis zu: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "Wallpaper" = "C:\WINDOWS\desktop.html" <---loeschen KILLBOX http://virus-protect.org/killbox.html C:\WINDOWS\system32\msctl32.dll C:\WINDOWS\system32\winsub.xml C:\WINDOWS\system32\svcp.csv C:\WINDOWS\system32\scmt16.exe C:\WINDOWS\hosts C:\WINDOWS\tool5.exe C:\WINDOWS\tool4.exe C:\WINDOWS\tool3.exe C:\WINDOWS\tool1.exe C:\WINDOWS\desktop.html C:\WINDOWS\country.exe C:\WINDOWS\uniq C:\WINDOWS\system32\tsuninst.exe PC neustarten Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp707C.tmp (file missing) O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll PC neustarten Silentrunner http://virus-protect.org/silentrunner.html poste den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.01.2006, 18:23
...neu hier
Beiträge: 7 |
#20
Hello again, nun habe ich den Rechner zu Hause und kann täglich handeln.
Konnte ich nicht finden: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"Wallpaper" = "C:\WINDOWS\desktop.html" Unter Policies gab es nur die Ordner "ActiveDesktop" und "Explorer" und darin habe ich auch nichts ähnliches gefunden?! Und hier den Scanreport in der Hoffnung alles richtig gemacht zu haben: "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MsnMsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.Exe" /background" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"] "PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe" [empty string] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" [file not found] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS] "ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"] "RemoteControl" = "C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."] "SunJavaUpdateSched" = "C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe" [null data] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" [file not found] "PrinTray" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [file not found] "IntelliType" = ""C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"" [file not found] "Motive SmartBridge" = "C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [file not found] "Zone Alarm Pro" = "D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe" [file not found] "Screen shot Utility" = "D:\Program Files\ScreenShot Utility\ScreenshotUtility.exe" [file not found] "FreeRAM XP Pro" = "D:\Program Files\FreeRam XP Pro\FreeRAM XP Pro.exe" [file not found] "IPInSightMonitor 01" = ""C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"" [file not found] "IPInSightLAN 01" = ""C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l" [file not found] "Lexmark X73 Button Monitor" = "D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe" [file not found] "Lexmark X73 Button Manager" = "D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe" [file not found] "POINTER" = "C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [file not found] "SpySweeper" = ""C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++} "Flag" = 132 HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{a84c0520-b187-11d0-8ae7-00c04fd28d85}" = "KODAK DC215 Zoomkamera" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Kodak\DC215K~1\Mounter\DC215mnt.dll" ["Eastman Kodak Company"] "{2582A520-4E2C-11D0-944A-00608CB854B7}" = "Micrografx Designer Schnellansicht" -> {CLSID}\InProcServer32\(Default) = "fvds70.dll" ["Micrografx, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Wilfwo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Scheduled Tasks: ------------------------ "06LET_IT_BE" -> launches: "D:\06LET_IT_BE.MP3" [file not found] "201-ozzy_osbourne-ultimate_sin_(live)" -> launches: "F:\201-ozzy_osbourne-ultimate_sin_(live).mp3" [file not found] "202-ozzy_osbourne-never_know_why_(live)" -> launches: "F:\202-ozzy_osbourne-never_know_why_(live).mp3" [file not found] "203-ozzy_osbourne-thank_god_for_the_bomb_(live)" -> launches: "F:\203-ozzy_osbourne-thank_god_for_the_bomb_(live).mp3" [file not found] "204-ozzy_osbourne-crazy_babies" -> launches: "F:\204-ozzy_osbourne-crazy_babies.mp3" [file not found] "205-ozzy_osbourne-breakin_all_the_rules" -> launches: "F:\205-ozzy_osbourne-breakin_all_the_rules.mp3" [file not found] "206-ozzy_osbourne-i_dont_want_to_change_the_world_(demo)" -> launches: "F:\206-ozzy_osbourne-i_dont_want_to_change_the_world_(demo).mp3" [file not found] "207-ozzy_osbourne-mama_im_coming_home_(demo)" -> launches: "F:\207-ozzy_osbourne-mama_im_coming_home_(demo).mp3" [file not found] "208-ozzy_osbourne-desire_(demo)" -> launches: "F:\208-ozzy_osbourne-desire_(demo).mp3" [file not found] "209-ozzy_osbourne-no_more_tears" -> launches: "F:\209-ozzy_osbourne-no_more_tears.mp3" [file not found] "210-ozzy_osbourne-wont_be_coming_home_(s.i.n.)_(demo)" -> launches: "F:\210-ozzy_osbourne-wont_be_coming_home_(s.i.n.)_(demo).mp3" [file not found] "DCP00969" -> launches: "D:\BOPPARD\DCP00969.JPG" [file not found] "DCP00970" -> launches: "D:\BOPPARD\DCP00970.JPG" [file not found] "DCP00971" -> launches: "D:\BOPPARD\DCP00971.JPG" [file not found] "DCP00972" -> launches: "D:\BOPPARD\DCP00972.JPG" [file not found] "DCP00973" -> launches: "D:\BOPPARD\DCP00973.JPG" [file not found] "DCP00974" -> launches: "D:\BOPPARD\DCP00974.JPG" [file not found] "DCP00975" -> launches: "D:\BOPPARD\DCP00975.JPG" [file not found] "DCP00976" -> launches: "D:\BOPPARD\DCP00976.JPG" [file not found] "DCP00977" -> launches: "D:\BOPPARD\DCP00977.JPG" [file not found] "DCP00978" -> launches: "D:\BOPPARD\DCP00978.JPG" [file not found] "DCP00979" -> launches: "D:\BOPPARD\DCP00979.JPG" [file not found] "DCP00980" -> launches: "D:\BOPPARD\DCP00980.JPG" [file not found] "DCP00981" -> launches: "D:\BOPPARD\DCP00981.JPG" [file not found] "DCP00982" -> launches: "D:\BOPPARD\DCP00982.JPG" [file not found] "DCP00983" -> launches: "D:\BOPPARD\DCP00983.JPG" [file not found] "DCP00984" -> launches: "D:\BOPPARD\DCP00984.JPG" [file not found] "DCP00985" -> launches: "D:\BOPPARD\DCP00985.JPG" [file not found] "DCP00986" -> launches: "D:\BOPPARD\DCP00986.JPG" [file not found] "DCP00987" -> launches: "D:\BOPPARD\DCP00987.JPG" [file not found] "DCP00988" -> launches: "D:\BOPPARD\DCP00988.JPG" [file not found] "DCP00989" -> launches: "D:\BOPPARD\DCP00989.JPG" [file not found] "DCP00990" -> launches: "D:\BOPPARD\DCP00990.JPG" [file not found] "DCP00991" -> launches: "D:\BOPPARD\DCP00991.JPG" [file not found] "DCP00992" -> launches: "D:\BOPPARD\DCP00992.JPG" [file not found] "DCP00994" -> launches: "D:\BOPPARD\DCP00994.JPG" [file not found] "DCP00995" -> launches: "D:\BOPPARD\DCP00995.JPG" [file not found] "DCP00996" -> launches: "D:\BOPPARD\DCP00996.JPG" [file not found] "DCP00997" -> launches: "D:\BOPPARD\DCP00997.JPG" [file not found] "DCP00998" -> launches: "D:\BOPPARD\DCP00998.JPG" [file not found] "DCP01000" -> launches: "D:\BOPPARD\DCP01000.JPG" [file not found] "DCP01001" -> launches: "D:\BOPPARD\DCP01001.JPG" [file not found] "Norton AntiVirus - Meinen Computer prüfen - Wilfwo" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] "Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ Missing lines (compared with English-language version): HIJACK WARNING! "MGINavigationCanceled" = (empty string) HIJACK WARNING! "MGIWelcome" = (empty string) HIJACK WARNING! "MGIOfflineInformation" = (empty string) Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Norton AntiVirus Auto-Protect-Dienst, navapsvc, ""C:\Programme\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"] Symantec Core LC, Symantec Core LC, "C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] Symantec SPBBCSvc, SPBBCSvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"] Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ PDF Port\Driver = "C:\WINDOWS\system32\pdfports.dll" ["Adobe Systems Incorporated."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 35 seconds, including 4 seconds for message boxes) |
|
|
||
05.01.2006, 23:54
Ehrenmitglied
Beiträge: 29434 |
#21
gehe in die Registry und loesche:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx "Flag" = 132 ------------------------------------------------------------------------- das gehoert zu MGI PhotoSuite 4...hast du irgendwelche probleme ? Vorherst nicht loeschen... beantworte nur meine frage... HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! "MGINavigationCanceled" = (empty string) HIJACK WARNING! "MGIWelcome" = (empty string) HIJACK WARNING! "MGIOfflineInformation" = (empty string) Zitat C:\Arquivos de programas\MGI\MGI PhotoSuite 4\Internet\NavigationCanceled.html---------------------------------------------------------------------------- Scanne mit kaspersky und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.01.2006, 18:26
...neu hier
Beiträge: 7 |
#22
Eintrag in der Registry ist gelöscht.
MGI 2 ist auf dem Rechner, das habe ich auch noch auf CD falls ich es sichertshalber entfernen soll?! Was soll ich denn mit kaspersky scannen? -critical areas -my computer -my email -folders -a file Diese selbstverschickenen Emails haben aufgehört nachdem ich Deine letzte Anweisung befolgt habe Und noch zwei Frage: Bevor ich in diesem Forum gepostet habe, habe ich ja schon selbst versucht das ganze zu beheben. Nun habe ich beim Systemstart folgende Fehlermeldung: RUNDLL Fehler beim Laden von c:\windows\system32\Nvcpl.dll Das angegebene Modul wurde nicht gefunden. Hast Du da auch einen Tip für mich? Und Frage Nr 2: Wie kann man in Zukunft diesem ganzen Kram zuvor kommen? Ist "Webroot spy sweeper" geeignet? Mal wieder vielen Dank vorab!!!!!!! |
|
|
||
06.01.2006, 23:47
Ehrenmitglied
Beiträge: 29434 |
#23
du hast eine der nvidia karte zugehoerige dll geloescht.
Nun muesstest du die Software+ Treiber von der karte erst deinstallieren und dann neu laden. mit Kaspersky musst du alles scannen, wenn moeglich __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.01.2006, 09:27
...neu hier
Beiträge: 7 |
#24
Guten Morgen Sabina,
critical areas: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Saturday, January 07, 2006 18:34:56 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 7/01/2006 Kaspersky Anti-Virus database records: 159397 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - Critical Areas: C:\WINDOWS C:\DOKUME~1\Wilfwo\LOKALE~1\Temp\ Scan Statistics: Total number of scanned objects: 12875 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 735 sec No malware has been detected. The sections that have been scanned are CLEAN. Scan process completed. und my computer: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Saturday, January 07, 2006 19:19:27 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 7/01/2006 Kaspersky Anti-Virus database records: 159397 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 36912 Number of viruses found: 25 Number of infected objects: 50 Number of suspicious objects: 0 Duration of the scan process: 2374 sec Infected Object Name - Virus Name C:\Programme\Norton AntiVirus\Quarantine\7BD41C82.dll Infected: SpamTool.Win32.Mailbot.j C:\Programme\Norton AntiVirus\Quarantine\7C784FCE.exe Infected: Trojan-Downloader.Win32.PassAlert.d C:\Programme\Norton AntiVirus\Quarantine\7CE43958.exe Infected: Packed.Win32.Klone.b C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP554\A0102745.tlb Infected: Trojan.Win32.Puper.bp C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP554\A0102806.tlb Infected: Trojan.Win32.Puper.bp C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP554\A0102851.tlb Infected: Trojan.Win32.Puper.bp C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP554\A0102852.exe Infected: Trojan-Downloader.Win32.Zlob.bw C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP554\A0102882.tlb Infected: Trojan.Win32.Puper.bp C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP554\A0102889.tlb Infected: Trojan.Win32.Puper.bp C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP555\A0103017.tlb Infected: Trojan.Win32.Puper.bp C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP556\A0103026.tlb Infected: Trojan.Win32.Puper.bp C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP556\A0103028.exe Infected: Trojan.Win32.Puper.bp C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP556\A0103035.tlb Infected: Trojan-Downloader.Win32.Zlob.cb C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP556\A0103089.exe Infected: Trojan-Dropper.Win32.Small.aav C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP556\A0103118.exe Infected: not-virus:Hoax.Win32.Renos.b C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP556\A0103123.exe Infected: Trojan-Downloader.Win32.Zlob.by C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP557\A0103238.tlb Infected: Trojan-Downloader.Win32.Zlob.cb C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP557\A0104253.tlb Infected: Trojan-Downloader.Win32.Zlob.cb C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP557\A0104254.exe Infected: Trojan-Downloader.Win32.Zlob.ca C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP557\A0104256.exe Infected: Trojan-Downloader.Win32.Zlob.cb C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP557\A0104257.exe Infected: Trojan-Downloader.Win32.Zlob.bz C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP564\A0106896.exe Infected: Trojan-Downloader.Win32.TSUpdate.p C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP564\A0106897.exe Infected: Trojan-Downloader.Win32.TSUpdate.f C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP564\A0106903.exe Infected: Trojan-Downloader.Win32.TSUpdate.n C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP564\A0106904.exe Infected: Trojan-Downloader.Win32.TSUpdate.l C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP565\A0106985.exe Infected: not-virus:Hoax.Win32.Renos.ae C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP565\A0106986.exe Infected: Trojan.Win32.StartPage.agi C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP569\A0110197.exe Infected: Trojan-Downloader.Win32.VB.ri C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP569\A0110198.exe Infected: Trojan-Downloader.Win32.Small.buy C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP569\A0110200.exe Infected: Trojan-Downloader.Win32.TSUpdate.o C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP569\A0110201.exe Infected: not-virus:Hoax.Win32.Renos.ae C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP569\A0110202.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110371.exe Infected: Trojan.Win32.Agent.mo C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110372.exe Infected: Trojan-Downloader.Win32.VB.ri C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110373.exe Infected: Trojan-Downloader.Win32.Small.byf C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110374.exe Infected: Trojan-Downloader.Win32.Small.byf C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110375.exe Infected: Trojan-Downloader.Win32.Small.byf C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110376.exe Infected: Trojan-Downloader.Win32.Small.byf C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110377.exe Infected: Trojan-Downloader.Win32.Small.byf C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110378.exe Infected: Packed.Win32.Klone.b C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110379.exe Infected: Trojan-Downloader.Win32.Small.buy C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110381.exe Infected: Trojan-Downloader.Win32.TSUpdate.o C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110382.exe Infected: not-virus:Hoax.Win32.Renos.ae C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110383.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP574\A0110421.exe Infected: Trojan-Downloader.Win32.PassAlert.d C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP574\A0110422.exe Infected: Packed.Win32.Klone.b C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP578\A0110512.dll Infected: SpamTool.Win32.Mailbot.j C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP585\A0110653.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP585\A0110659.dll Infected: SpamTool.Win32.Mailbot.q C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP586\A0110712.sys Infected: SpamTool.Win32.Mailbot.b Scan process completed. |
|
|
||
08.01.2006, 15:05
Ehrenmitglied
Beiträge: 29434 |
#25
Kuchen
deaktiviere die Systemwiederherstellung, scanne noch mal mit kaspersky, dann aktiviere sie wieder http://virus-protect.org/systemwiederherstellung.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.01.2006, 22:53
...neu hier
Beiträge: 7 |
#26
Critical:
------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, January 11, 2006 21:17:39 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 11/01/2006 Kaspersky Anti-Virus database records: 160228 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - Critical Areas: C:\WINDOWS C:\DOKUME~1\Wilfwo\LOKALE~1\Temp\ Scan Statistics: Total number of scanned objects: 12940 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 739 sec No malware has been detected. The sections that have been scanned are CLEAN. Scan process completed. my computer: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, January 11, 2006 22:52:25 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 11/01/2006 Kaspersky Anti-Virus database records: 160228 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 25921 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 1312 sec No malware has been detected. The sections that have been scanned are CLEAN. Scan process completed. Sieht gut aus, oder? |
|
|
||
11.01.2006, 23:14
Ehrenmitglied
Beiträge: 29434 |
#27
na fein alles Gute fuer dich+ PC
-------------- http://virus-protect.org/firefox.html http://virus-protect.org/administrator.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.01.2006, 23:34
...neu hier
Beiträge: 7 |
#28
Ja dann vielen lieben Dank!!!
|
|
|
||
ich hatte diverse Fehlermeldungen betreffend Spyware. Durch diverse Foren habe ich mich schon durchgearbeitet und auch schon versucht einiges zu löschen oder selbst zu beheben. Ein Teil hat geklappt, aber nun verzweifel ich. Eine Fehlermeldung beim Start habe ich nicht mehr, auch den bekannten Fehler mit dem Hintergrund auf dem Desktop konnte ich abschalten. Wenn ich aber ins Internet gehe, dann meldet die E-Mail Prüfung vom Northen AntiVirus ständig, das irgendwelche E-Mails nicht gesendet werden können. Ich bin ein totaler Laie, wenn Ihr mir helfen könnt, dann bitte so einfach und ausführlich wie möglich beschreiben.
Mein HiJackThis Log sieht wie folgt aus:
Logfile of HijackThis v1.99.1
Scan saved at 20:49:39, on 14.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Norton AntiVirus\OPScan.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Wilfwo\LOKALE~1\Temp\Rar$EX00.343\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp707C.tmp (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Zone Alarm Pro] D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [Screen shot Utility] D:\Program Files\ScreenShot Utility\ScreenshotUtility.exe
O4 - HKLM\..\Run: [FreeRAM XP Pro] D:\Program Files\FreeRam XP Pro\FreeRAM XP Pro.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED2FD1A7-8DA7-4EF0-9014-524E56571207}: NameServer = 195.50.140.250 195.50.140.114
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\V2lsbGk\command.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
Vielen Dank im vorraus
Kuchen