Ich kann Spywarequake nicht entfernen

#166 Axpyrus

1.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen

Zitat

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=-
"NoViewContextMenu"=-
"NoActiveDesktop"=-
"ForceActiveDesktopOn"=-
"ClassicShell"=-
"NoThemesTab"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableTaskMgr"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoActiveDesktopChanges"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zango"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Urap"=-

2.
Vindofix anwenden
http://virus-protect.org/artikel/tools/vundofixx.html

3.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcyv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgghffc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbfi32

Files to delete:
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\hgghffc.dll
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\winbfi32.dll

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

4.
scanne und poste den scanreport
http://virus-protect.org/artikel/tools/superantispyware.html
__________
MfG Sabina

rund um die PC-Sicherheit

#167 So hier der Report:

SUPERAntiSpyware Scan Log
Generated 09/01/2006 at 05:19 PM

Core Rules Database Version : 3070
Trace Rules Database Version: 1110

Memory Thread detected : 0
Registry Thread detected : 43
File Thread detected : 26

Adware.Director
[{18BA9D2E-044A-1031-0519-050311180031}] C:\Programme\Gemeinsame Dateien\{18BA9D2E-044A-1031-0519-050311180031}\Update.exe
C:\Programme\Gemeinsame Dateien\{18BA9D2E-044A-1031-0519-050311180031}\Update.exe
C:\WINDOWS\Prefetch\UPDATE.EXE-2B150CA6.pf

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{0BB36B53-F4C6-4DAF-AFB8-3D127B4BCCCE}
HKCR\CLSID\{0BB36B53-F4C6-4DAF-AFB8-3D127B4BCCCE}
HKCR\CLSID\{0BB36B53-F4C6-4DAF-AFB8-3D127B4BCCCE}\InprocServer32
HKCR\CLSID\{0BB36B53-F4C6-4DAF-AFB8-3D127B4BCCCE}\InprocServer32#ThreadingModel
C:\WINDOWS\system32\ddcyv.dll
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\geeda
C:\WINDOWS\system32\geeda.dll
C:\System Volume Information\_restore{CB90538A-FD98-4616-9909-753D9DBFB8A6}\RP112\A0036261.dll
C:\System Volume Information\_restore{CB90538A-FD98-4616-9909-753D9DBFB8A6}\RP112\A0036265.dll

Adware.ToolBar888
HKLM\Software\Classes\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\InprocServer32
HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\InprocServer32#ThreadingModel
HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\ProgID
HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\Programmable
HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\TypeLib
HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\VersionIndependentProgID
C:\Programme\ToolBar888\MyToolBar.dll
C:\Programme\Toolbar888\Activate.exe
C:\Programme\Toolbar888\Uninst.exe
C:\Programme\Toolbar888
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#UninstallString
HKCR\MyToolBar.MyToolBarObj
HKCR\MyToolBar.MyToolBarObj\CLSID
HKCR\MyToolBar.MyToolBarObj\CurVer
HKCR\MyToolBar.MyToolBarObj.1
HKCR\MyToolBar.MyToolBarObj.1\CLSID
HKLM\Software\Classes\MyToolBar.MyToolBarObj
HKLM\Software\Classes\MyToolBar.MyToolBarObj\CLSID
HKLM\Software\Classes\MyToolBar.MyToolBarObj\CurVer
HKLM\Software\Classes\MyToolBar.MyToolBarObj.1
HKLM\Software\Classes\MyToolBar.MyToolBarObj.1\CLSID
HKU\S-1-5-21-1659004503-1682526488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}
C:\System Volume Information\_restore{CB90538A-FD98-4616-9909-753D9DBFB8A6}\RP112\A0036272.dll
C:\WINDOWS\Prefetch\ACTIVATE.EXE-1B736224.pf

Adware.Zango
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038}

Browser Hijacker.BestSafetyGuide
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4}

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
C:\Dokumente und Einstellungen\Axpyrus\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3YLRUBR4\l11[1].exe
C:\Programme\Gemeinsame Dateien\{18BA9D2E-044A-1031-0519-050311180031}\services.dll

BearShare File Sharing Client
C:\d\BearShare\BearShare.exe
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BearShare.lnk

Trojan.Freeprod
C:\Dokumente und Einstellungen\Axpyrus\Lokale Einstellungen\Temporary Internet Files\Content.IE5\31PSZN5B\wlzip32[1].exe

Unclassified.Unknown Origin/System
C:\Dokumente und Einstellungen\Axpyrus\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3YLRUBR4\wlzip32[1].exe
C:\System Volume Information\_restore{CB90538A-FD98-4616-9909-753D9DBFB8A6}\RP112\A0036269.exe
C:\System Volume Information\_restore{CB90538A-FD98-4616-9909-753D9DBFB8A6}\RP112\A0036270.exe
C:\WINDOWS\Temp\win42.tmp.exe
C:\WINDOWS\Prefetch\WIN42.TMP.EXE-18F3A5EB.pf

Adware.Universa
C:\Dokumente und Einstellungen\Axpyrus\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KJZ96UF3\srvneo[1].exe

Trojan.Downlaoder-WINRNT32
C:\System Volume Information\_restore{CB90538A-FD98-4616-9909-753D9DBFB8A6}\RP112\A0036264.dll

Malware.Notifier
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\Prefetch\ISMON.EXE-2F715B97.pf


Dann hab ich es nochmal im abgesicherten Modus durchlaufen lassen.
Der Report:

SUPERAntiSpyware Scan Log
Generated 09/02/2006 at 11:27 AM

Core Rules Database Version : 3070
Trace Rules Database Version: 1110

Memory Thread detected : 0
Registry Thread detected : 2
File Thread detected : 7

Adware.Zango
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038}

Browser Hijacker.BestSafetyGuide
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4}

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Axpyrus\Cookies\axpyrus@2o7[2].txt
C:\Dokumente und Einstellungen\Axpyrus\Cookies\axpyrus@atdmt[2].txt
C:\Dokumente und Einstellungen\Axpyrus\Cookies\axpyrus@rambler[2].txt
C:\Dokumente und Einstellungen\Axpyrus\Cookies\axpyrus@weborama[2].txt
C:\Dokumente und Einstellungen\Axpyrus\Cookies\axpyrus@atwola[1].txt

BearShare File Sharing Client
C:\d\BearShare\BearShare.exe
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BearShare.lnk

#168 Axpyrus

2.
smitfraud.fix abarbeiten - option 1 und 2 (poste beide scanreporte)
http://virus-protect.org/artikel/tools/smitfrautfix.html

2.
poste das neue log vom HijackThis

3.
poste noch mal die 4 logs von datfindbat
__________
MfG Sabina

rund um die PC-Sicherheit

#169 Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 16:19:02, on 02.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre1.5.0_08\bin\jusched.exe
F:\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Messenger\msmsgs.exe
D:\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\VIA\RAID\raid_tool.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Axpyrus\Desktop\HijackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
O2 - BHO: (no name) - {27EF3EBB-F337-4E1A-BAE5-3029978AA658} - (no file)
O2 - BHO: (no name) - {283F7599-C068-442B-B79C-726A28CCEC01} - (no file)
O2 - BHO: (no name) - {2B843679-224B-4C5D-8D09-E99D0FF8A4E9} - (no file)
O2 - BHO: (no name) - {356920C6-F475-4F01-8E2B-DBB02BAC2D3E} - (no file)
O2 - BHO: (no name) - {4C046E3A-BB86-48E4-A442-B2967E9B6154} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56F1D444-11BF-4879-A12B-79CF0177F038} - (no file)
O2 - BHO: (no name) - {668B1E21-4DE0-450A-AB10-121220442EA6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
O2 - BHO: (no name) - {B8265EB8-FC46-426B-8DAC-A2BA7D73033C} - (no file)
O2 - BHO: (no name) - {C762D6BE-5240-4BE2-A8C5-A6A08D5877A1} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: (no name) - {D3002E28-63F5-466C-A9A7-8BEAF049240C} - (no file)
O2 - BHO: (no name) - {D510C4CB-E3C0-4767-B64B-BC6AB3C1D581} - (no file)
O2 - BHO: (no name) - {EB2F31E4-D96D-400E-8802-12247AE40D14} - (no file)
O2 - BHO: (no name) - {F6CEEC79-0156-4432-A9C3-48D195DA7F7A} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "F:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = D:\MRU-Blaster\scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programme\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Download All by Gigaget - d:\DownloadManager\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - d:\DownloadManager\Gigaget\geturl.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\
O20 - Winlogon Notify: hgghffc - C:\WINDOWS\
O20 - Winlogon Notify: khfecyy - C:\WINDOWS\
O20 - Winlogon Notify: SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Letzen Monate von dafindbat

Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 18BA-9D2E

Verzeichnis von C:\WINDOWS\system32

02.09.2006 16:17 13.646 wpa.dbl
02.09.2006 16:17 48.882 vsconfig.xml
01.09.2006 20:35 867.569 adeeg.ini
01.09.2006 17:53 867.569 adeeg.bak1
01.09.2006 16:40 360 vycdd.ini
01.09.2006 16:39 40.973 khfecyy.dll
01.09.2006 15:50 9.216 VundoFixSVC.exe
29.08.2006 18:05 40.973 hgghffc.dll
20.08.2006 23:17 13.646 wpa.bak
20.08.2006 21:20 4.212 zllictbl.dat
20.08.2006 11:32 380.350 perfh009.dat
20.08.2006 11:32 52.764 perfc009.dat
20.08.2006 11:32 391.000 perfh007.dat
20.08.2006 11:32 63.580 perfc007.dat
20.08.2006 11:32 897.954 PerfStringBackup.INI
20.08.2006 02:25 8.891 jupdate-1.5.0_08-b03.log
20.08.2006 00:34 92.680 FNTCACHE.DAT
20.08.2006 00:07 90 spupdwxp.log
09.08.2006 12:03 8.325.544 MRT.exe
06.08.2006 20:41 7.006 jupdate-1.5.0_06-b05.log
06.08.2006 17:07 34.064 lhacm.acm
06.08.2006 16:56 0 h323log.txt
06.08.2006 16:05 25.065 wmpscheme.xml
06.08.2006 16:03 261 $winnt$.inf
06.08.2006 16:00 2.951 CONFIG.NT
06.08.2006 15:59 488 logonui.exe.manifest
06.08.2006 15:59 488 WindowsLogon.manifest
06.08.2006 15:59 749 cdplayer.exe.manifest
06.08.2006 15:59 749 sapi.cpl.manifest
06.08.2006 15:59 749 wuaucpl.cpl.manifest
06.08.2006 15:59 749 nwc.cpl.manifest
06.08.2006 15:59 749 ncpa.cpl.manifest
06.08.2006 15:58 21.740 emptyregdb.dat
28.07.2006 13:30 3.079.168 mshtml.dll
27.07.2006 15:25 679.424 inetcomm.dll
27.07.2006 04:05 3.596.288 qt-dx331.dll
27.07.2006 04:05 108.544 pxcpyi64.exe
27.07.2006 04:05 109.568 pxinsi64.exe
27.07.2006 04:05 73.728 dpl100.dll
27.07.2006 04:05 192.512 dtu100.dll
26.07.2006 03:03 127.078 javaws.exe
26.07.2006 03:03 49.265 jpicpl32.cpl

#170 Axpyrus

also pass auf: datfindbat enthaelt 4 logs, poste noch die restlichen drei........

Zitat

1. Doppel-klick DATFINDBAT

2. Es öffnet sich der Texteditor. Speichern als system32.txt - oder (rechter Mausklick --> Text markieren --> kopieren --> in den Thread einfügen) - (3 Monate vom Datum her, mehr ist nicht notwendig)

3. auf das Command Fenster klicken und beliebige Taste druecken

4. Es öffnet sich der Texteditor. Speichern als temp.txt - oder (rechter Mausklick --> Text markieren --> kopieren --> in den Thread einfügen) - (3 Monate vom Datum her, mehr ist nicht notwendig)

5. Wiederhole Schritt 3 und speichere als windows.txt - oder (rechter Mausklick --> Text markieren --> kopieren --> in den Thread einfügen) - (3 Monate vom Datum her, mehr ist nicht notwendig)

6. Wiederhole Schritt 3 und speichere als c.txt - oder (rechter Mausklick --> Text markieren --> kopieren --> in den Thread einfügen) - (3 Monate vom Datum her, mehr ist nicht notwendig)

7. Poste ALLE Logs (3 Monate vom Datum her, mehr ist nicht notwendig)

__________
MfG Sabina

rund um die PC-Sicherheit

#171 Ohh sry. Ich wusste doch da war noch was ^^.

Log 1:

Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 18BA-9D2E

Verzeichnis von C:\WINDOWS\system32

03.09.2006 08:59 13.646 wpa.dbl
03.09.2006 08:59 48.882 vsconfig.xml
01.09.2006 20:35 867.569 adeeg.ini
01.09.2006 17:53 867.569 adeeg.bak1
01.09.2006 16:40 360 vycdd.ini
01.09.2006 16:39 40.973 khfecyy.dll
01.09.2006 15:50 9.216 VundoFixSVC.exe
29.08.2006 18:05 40.973 hgghffc.dll
20.08.2006 23:17 13.646 wpa.bak
20.08.2006 21:20 4.212 zllictbl.dat
20.08.2006 11:32 380.350 perfh009.dat
20.08.2006 11:32 52.764 perfc009.dat
20.08.2006 11:32 391.000 perfh007.dat
20.08.2006 11:32 63.580 perfc007.dat

Log 2
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 18BA-9D2E

Verzeichnis von C:\DOKUME~1\Axpyrus\LOKALE~1\Temp

03.09.2006 09:11 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}17269.html
03.09.2006 09:11 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}10233.html
03.09.2006 09:11 16.384 ~DF92E8.tmp
03.09.2006 09:11 16.384 ~DF8E72.tmp
03.09.2006 09:11 512 ~DF8E83.tmp
03.09.2006 09:04 346 jusched.log
17.02.2006 16:55 143.360 SSUPDATE.EXE
7 Datei(en) 178.947 Bytes
0 Verzeichnis(se), 7.036.956.672 Bytes frei

Log 3 (is ein bissel komisch irgendwie..

03.09.2006 08:59 0 0.log
03.09.2006 08:59 572.688 WindowsUpdate.log
03.09.2006 08:59 2.048 bootstat.dat
02.09.2006 18:02 15.768 SchedLgU.Txt
02.09.2006 16:14 181.178 setupact.log
02.09.2006 16:12 381.430 ntbtlog.txt
01.09.2006 15:54 1.102 fesoeoia.txt
31.08.2006 22:01 35.833 wmsetup.log
30.08.2006 19:02 1.538 vixhliir.txt
29.08.2006 07:13 725.199 setupapi.log
27.08.2006 15:53 213 wiadebug.log
27.08.2006 14:43 176.054 DirectX.log
27.08.2006 11:05 50 wiaservc.log
20.08.2006 23:17 759.826 setuplog.txt
20.08.2006 11:33 4.682 WgaNotify.log
20.08.2006 11:30 30.806 spupdsvc.log
20.08.2006 03:04 1.374 imsins.log

Log 4

03.09.2006 09:17 0 sys.txt
03.09.2006 09:16 9.443 system.txt
03.09.2006 09:16 680 systemtemp.txt
03.09.2006 09:16 92.422 system32.txt
03.09.2006 08:58 805.306.368 pagefile.sys
02.09.2006 18:01 268 sqmdata10.sqm
02.09.2006 18:01 244 sqmnoopt10.sqm
02.09.2006 16:15 896 rapport.txt
02.09.2006 16:10 268 sqmdata09.sqm
02.09.2006 16:10 244 sqmnoopt09.sqm
02.09.2006 13:24 268 sqmdata08.sqm
02.09.2006 13:24 244 sqmnoopt08.sqm
01.09.2006 21:22 244 sqmnoopt07.sqm
01.09.2006 21:22 268 sqmdata07.sqm
01.09.2006 16:40 268 sqmdata06.sqm
01.09.2006 16:40 244 sqmnoopt06.sqm
01.09.2006 15:54 268 sqmdata05.sqm
01.09.2006 15:54 244 sqmnoopt05.sqm
01.09.2006 15:50 1.828 VundoFix.txt
31.08.2006 23:21 268 sqmdata04.sqm
31.08.2006 23:21 244 sqmnoopt04.sqm
30.08.2006 22:43 268 sqmdata03.sqm
30.08.2006 22:43 244 sqmnoopt03.sqm
30.08.2006 19:10 33.807 ComboFix.txt
30.08.2006 19:07 120 ComboFix2.txt
30.08.2006 19:04 268 sqmdata02.sqm
30.08.2006 19:04 244 sqmnoopt02.sqm
29.08.2006 19:24 268 sqmdata01.sqm
29.08.2006 19:24 244 sqmnoopt01.sqm
29.08.2006 18:06 268 sqmdata00.sqm
29.08.2006 18:06 244 sqmnoopt00.sqm
29.08.2006 18:05 2.108 smitfiles.txt
29.08.2006 17:50 268 sqmdata19.sqm
29.08.2006 17:50 244 sqmnoopt19.sqm
29.08.2006 17:28 32.722 ComboFixII.txt
29.08.2006 17:27 32.722 ComboFix3.txt
28.08.2006 23:08 268 sqmdata18.sqm
28.08.2006 23:08 244 sqmnoopt18.sqm
27.08.2006 19:25 268 sqmdata17.sqm
27.08.2006 19:25 244 sqmnoopt17.sqm
27.08.2006 15:53 232 sqmdata16.sqm
27.08.2006 15:53 244 sqmnoopt16.sqm
27.08.2006 15:53 268 sqmdata15.sqm
27.08.2006 15:53 244 sqmnoopt15.sqm
26.08.2006 20:43 268 sqmdata14.sqm
26.08.2006 20:43 244 sqmnoopt14.sqm
26.08.2006 20:32 268 sqmdata13.sqm
26.08.2006 20:32 244 sqmnoopt13.sqm
26.08.2006 20:25 268 sqmdata12.sqm
26.08.2006 20:25 244 sqmnoopt12.sqm
26.08.2006 16:10 268 sqmdata11.sqm
26.08.2006 16:10 244 sqmnoopt11.sqm
20.08.2006 00:02 211 boot.ini.SAB
20.08.2006 00:02 211 boot.ini
19.08.2006 23:52 47.564 NTDETECT.COM
19.08.2006 23:52 251.184 ntldr
06.08.2006 16:00 0 AUTOEXEC.BAT
06.08.2006 16:00 0 MSDOS.SYS
06.08.2006 16:00 0 CONFIG.SYS
06.08.2006 16:00 0 IO.SYS
02.04.2003 14:00 4.952 bootfont.bin
61 Datei(en) 805.827.442 Bytes
0 Verzeichnis(se), 7.035.633.664 Bytes frei


Ich hoffe jetzt ist es richtig..

Mfg
Axpyrus
[/b]

#172 Axpyrus

1.
Avenger

Zitat

Files to delete:
C:\WINDOWS\System32\gigagetbho_v10.dll
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\khfecyy.dll
C:\WINDOWS\system32\hgghffc.dll

2.
poste den report vom avenger + noch mal (nur das erste ) Log von datfindbat

3.
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
O2 - BHO: (no name) - {27EF3EBB-F337-4E1A-BAE5-3029978AA658} - (no file)
O2 - BHO: (no name) - {283F7599-C068-442B-B79C-726A28CCEC01} - (no file)
O2 - BHO: (no name) - {2B843679-224B-4C5D-8D09-E99D0FF8A4E9} - (no file)
O2 - BHO: (no name) - {356920C6-F475-4F01-8E2B-DBB02BAC2D3E} - (no file)
O2 - BHO: (no name) - {4C046E3A-BB86-48E4-A442-B2967E9B6154} - (no file)

O2 - BHO: (no name) - {56F1D444-11BF-4879-A12B-79CF0177F038} - (no file)
O2 - BHO: (no name) - {668B1E21-4DE0-450A-AB10-121220442EA6} - (no file)

O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
O2 - BHO: (no name) - {B8265EB8-FC46-426B-8DAC-A2BA7D73033C} - (no file)
O2 - BHO: (no name) - {C762D6BE-5240-4BE2-A8C5-A6A08D5877A1} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: (no name) - {D3002E28-63F5-466C-A9A7-8BEAF049240C} - (no file)
O2 - BHO: (no name) - {D510C4CB-E3C0-4767-B64B-BC6AB3C1D581} - (no file)
O2 - BHO: (no name) - {EB2F31E4-D96D-400E-8802-12247AE40D14} - (no file)
O2 - BHO: (no name) - {F6CEEC79-0156-4432-A9C3-48D195DA7F7A} - (no file)

O20 - Winlogon Notify: ddcyv - C:\WINDOWS\
O20 - Winlogon Notify: hgghffc - C:\WINDOWS\
O20 - Winlogon Notify: khfecyy - C:\WINDOWS\
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\

PC neustarten

4.
http://virus-protect.org/multiavtool.html
* klicke "2" , nun beginnt der Scan von Trend Micro
poste den scanreport
__________
MfG Sabina

rund um die PC-Sicherheit

#173 Avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bcahfclc

*******************

Script file located at: \??\C:\WINDOWS\rfgjycng.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\System32\gigagetbho_v10.dll not found!
Deletion of file C:\WINDOWS\System32\gigagetbho_v10.dll failed!

Could not process line:
C:\WINDOWS\System32\gigagetbho_v10.dll
Status: 0xc0000034



File C:\WINDOWS\system32\adeeg.ini not found!
Deletion of file C:\WINDOWS\system32\adeeg.ini failed!

Could not process line:
C:\WINDOWS\system32\adeeg.ini
Status: 0xc0000034



File C:\WINDOWS\system32\adeeg.bak1 not found!
Deletion of file C:\WINDOWS\system32\adeeg.bak1 failed!

Could not process line:
C:\WINDOWS\system32\adeeg.bak1
Status: 0xc0000034



File C:\WINDOWS\system32\vycdd.ini not found!
Deletion of file C:\WINDOWS\system32\vycdd.ini failed!

Could not process line:
C:\WINDOWS\system32\vycdd.ini
Status: 0xc0000034



File C:\WINDOWS\system32\khfecyy.dll not found!
Deletion of file C:\WINDOWS\system32\khfecyy.dll failed!

Could not process line:
C:\WINDOWS\system32\khfecyy.dll
Status: 0xc0000034



File C:\WINDOWS\system32\hgghffc.dll not found!
Deletion of file C:\WINDOWS\system32\hgghffc.dll failed!

Could not process line:
C:\WINDOWS\system32\hgghffc.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


dafind

Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 18BA-9D2E

Verzeichnis von C:\WINDOWS\system32

03.09.2006 21:14 13.646 wpa.dbl
03.09.2006 21:13 48.882 vsconfig.xml
03.09.2006 21:07 436 yisiyvqg.txt
01.09.2006 15:50 9.216 VundoFixSVC.exe
20.08.2006 23:17 13.646 wpa.bak
20.08.2006 21:20 4.212 zllictbl.dat
20.08.2006 11:32 380.350 perfh009.dat
20.08.2006 11:32 52.764 perfc009.dat
20.08.2006 11:32 391.000 perfh007.dat
20.08.2006 11:32 63.580 perfc007.dat
20.08.2006 11:32 897.954 PerfStringBackup.INI
20.08.2006 02:25 8.891 jupdate-1.5.0_08-b03.log
20.08.2006 00:34 92.680 FNTCACHE.DAT
20.08.2006 00:07 90 spupdwxp.log
09.08.2006 12:03 8.325.544 MRT.exe
06.08.2006 20:41 7.006 jupdate-1.5.0_06-b05.log
06.08.2006 17:07 34.064 lhacm.acm
06.08.2006 16:56 0 h323log.txt
06.08.2006 16:05 25.065 wmpscheme.xml
06.08.2006 16:03 261 $winnt$.inf
06.08.2006 16:00 2.951 config.bak
06.08.2006 16:00 2.951 CONFIG.NT
06.08.2006 15:59 488 logonui.exe.manifest
06.08.2006 15:59 488 WindowsLogon.manifest
06.08.2006 15:59 749 cdplayer.exe.manifest
06.08.2006 15:59 749 sapi.cpl.manifest
06.08.2006 15:59 749 nwc.cpl.manifest
06.08.2006 15:59 749 wuaucpl.cpl.manifest
06.08.2006 15:59 749 ncpa.cpl.manifest
06.08.2006 15:58 21.740 emptyregdb.dat
28.07.2006 13:30 3.079.168 mshtml.dll
27.07.2006 15:25 679.424 inetcomm.dll
27.07.2006 04:05 3.596.288 qt-dx331.dll
27.07.2006 04:05 108.544 pxcpyi64.exe
27.07.2006 04:05 109.568 pxinsi64.exe
27.07.2006 04:05 73.728 dpl100.dll
27.07.2006 04:05 192.512 dtu100.dll
26.07.2006 03:03 127.078 javaws.exe
26.07.2006 03:03 49.265 jpicpl32.cpl
26.07.2006 01:26 53.346 javaw.exe
26.07.2006 01:25 49.248 java.exe
25.07.2006 22:42 617.472 urlmon.dll
21.07.2006 10:29 72.704 hlink.dll
14.07.2006 17:41 336.896 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
13.07.2006 15:34 8.494.592 shell32.dll
05.07.2006 12:55 1.057.792 kernel32.dll
03.07.2006 23:40 778.240 divx_xx07.dll
03.07.2006 23:40 778.240 divx_xx0c.dll

Trend Micro



/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2006-09-03, 19:19:56, Auto-clean mode specified.
2006-09-03, 19:19:56, Running scanner "c:\AV-CLS\Trend\TSC.BIN"...
2006-09-03, 19:20:02, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running.
2006-09-03, 19:20:02, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : So Sep 03 2006 19:19:56

Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 780) [success]

Complete time : So Sep 03 2006 19:20:02
Execute pattern count(2953), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-09-03, 19:20:27, An error was detected on "C:\QooBox\Purity\Dokumente und Einstellungen\Axpyrus\Anwendungsdaten\SMBOLS~1\s?mbols\*.*": Die Syntax für den Dateinamen, Verzeichnisnamen oder die Datenträgerbezeichnung ist falsch.
2006-09-03, 19:20:27, An error was detected on "C:\System Volume Information\*.*": Zugriff verweigert
2006-09-03, 19:20:44, An error was detected on "D:\System Volume Information\*.*": Zugriff verweigert
2006-09-03, 19:20:45, An error was detected on "E:\System Volume Information\*.*": Zugriff verweigert
2006-09-03, 19:21:18, An error was detected on "F:\System Volume Information\*.*": Zugriff verweigert
2006-09-03, 19:39:19, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/3/2006 19:21:36
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

34470 files have been read.
34470 files have been checked.
32498 files have been scanned.
81948 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/3/2006 19:39:18
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-03, 19:39:19, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/3/2006 19:21:36
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

34470 files have been read.
34470 files have been checked.
32498 files have been scanned.
81948 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/3/2006 19:39:18 17 minutes 41 seconds (1060.80 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-03, 19:39:19, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/3/2006 19:21:36
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

34470 files have been read.
34470 files have been checked.
32498 files have been scanned.
81948 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/3/2006 19:39:18 17 minutes 41 seconds (1060.80 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-03, 19:39:19, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.
2006-09-03, 19:49:08, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/3/2006 19:39:20
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend

7666 files have been read.
7666 files have been checked.
6846 files have been scanned.
24536 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/3/2006 19:49:07
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-03, 19:49:08, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/3/2006 19:39:20
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend

7666 files have been read.
7666 files have been checked.
6846 files have been scanned.
24536 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/3/2006 19:49:07 9 minutes 46 seconds (585.42 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-03, 19:49:08, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/3/2006 19:39:20
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend

7666 files have been read.
7666 files have been checked.
6846 files have been scanned.
24536 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/3/2006 19:49:07 9 minutes 46 seconds (585.42 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-03, 19:49:08, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.
2006-09-03, 19:49:15, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/3/2006 19:49:09
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend

332 files have been read.
332 files have been checked.
306 files have been scanned.
306 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/3/2006 19:49:15
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-03, 19:49:15, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/3/2006 19:49:09
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend

332 files have been read.
332 files have been checked.
306 files have been scanned.
306 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/3/2006 19:49:15 5 seconds (4.66 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-03, 19:49:15, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/3/2006 19:49:09
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend

332 files have been read.
332 files have been checked.
306 files have been scanned.
306 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/3/2006 19:49:15 5 seconds (4.66 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-03, 19:49:15, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.
2006-09-03, 20:17:29, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/3/2006 19:49:15
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=c:\AV-CLS\Trend

25009 files have been read.
25009 files have been checked.
18240 files have been scanned.
20383 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/3/2006 20:17:28
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-03, 20:17:29, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/3/2006 19:49:15
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=c:\AV-CLS\Trend

25009 files have been read.
25009 files have been checked.
18240 files have been scanned.
20383 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/3/2006 20:17:28 28 minutes 12 seconds (1692.33 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-03, 20:17:29, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/3/2006 19:49:15
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 721 (130517 Patterns) (2006/09/02) (372100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=c:\AV-CLS\Trend

25009 files have been read.
25009 files have been checked.
18240 files have been scanned.
20383 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/3/2006 20:17:28 28 minutes 12 seconds (1692.33 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-03, 20:17:29, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.

#174 Axpyrus

poste das neue log vom HijackThis
+
scanne und poste den scanreport (Panda)
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#175 Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 13:44:02, on 04.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Messenger\msmsgs.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
D:\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Steganos Internet Anonym 2006\SIA2006.exe
C:\Programme\VIA\RAID\raid_tool.exe
F:\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Axpyrus\Desktop\HijackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - (no file)
O2 - BHO: (no name) - {27EF3EBB-F337-4E1A-BAE5-3029978AA658} - (no file)
O2 - BHO: (no name) - {283F7599-C068-442B-B79C-726A28CCEC01} - (no file)
O2 - BHO: (no name) - {2B843679-224B-4C5D-8D09-E99D0FF8A4E9} - (no file)
O2 - BHO: (no name) - {356920C6-F475-4F01-8E2B-DBB02BAC2D3E} - (no file)
O2 - BHO: (no name) - {4C046E3A-BB86-48E4-A442-B2967E9B6154} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56F1D444-11BF-4879-A12B-79CF0177F038} - (no file)
O2 - BHO: (no name) - {668B1E21-4DE0-450A-AB10-121220442EA6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
O2 - BHO: (no name) - {B8265EB8-FC46-426B-8DAC-A2BA7D73033C} - (no file)
O2 - BHO: (no name) - {C762D6BE-5240-4BE2-A8C5-A6A08D5877A1} - (no file)
O2 - BHO: (no name) - {D3002E28-63F5-466C-A9A7-8BEAF049240C} - (no file)
O2 - BHO: (no name) - {D510C4CB-E3C0-4767-B64B-BC6AB3C1D581} - (no file)
O2 - BHO: (no name) - {EB2F31E4-D96D-400E-8802-12247AE40D14} - (no file)
O2 - BHO: (no name) - {F6CEEC79-0156-4432-A9C3-48D195DA7F7A} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "F:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SIA2006] "C:\Programme\Steganos Internet Anonym 2006\SIA2006.exe" -boot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = D:\MRU-Blaster\scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programme\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Download All by Gigaget - d:\DownloadManager\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - d:\DownloadManager\Gigaget\geturl.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\
O20 - Winlogon Notify: hgghffc - C:\WINDOWS\
O20 - Winlogon Notify: khfecyy - C:\WINDOWS\
O20 - Winlogon Notify: SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Panda Log
Local Disk


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\avenger\backup-03.09.2006-19.04.49,70.zip[avenger/hgghffc.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\avenger\backup-03.09.2006-19.04.49,70.zip[avenger/khfecyy.dll]
Spyware:Cookie/Tribalfusion Not disinfected C:\Dokumente und Einstellungen\Axpyrus\Anwendungsdaten\Mozilla\Firefox\Profiles\mii5nbny.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Dokumente und Einstellungen\Axpyrus\Anwendungsdaten\Mozilla\Firefox\Profiles\mii5nbny.default\cookies.txt[.hitbox.com/]

My Computer


Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected c:\programme\MyGlobalSearch
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/systemdoctor Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038}
Spyware:Spyware/Virtumonde Not disinfected C:\avenger\backup-03.09.2006-19.04.49,70.zip[avenger/hgghffc.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\avenger\backup-03.09.2006-19.04.49,70.zip[avenger/khfecyy.dll]
Spyware:Cookie/Tribalfusion Not disinfected C:\Dokumente und Einstellungen\Axpyrus\Anwendungsdaten\Mozilla\Firefox\Profiles\mii5nbny.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Dokumente und

edit

#176 fixe noch mal - PC neustarten
- poste das neue log vom hijackthis
__________
MfG Sabina

rund um die PC-Sicherheit

#177 Hallo Sabrina,
ich hatte am 15.8. das Problem mit dem Spywarequke. Da hast du mir super geholfen (Seite 8)
Jetzt habe ich das sch… Ding wieder eingefangen und versucht, all deine Anweisungen von damals noch eonmal zu machen. Ohne Erfolg.
Kannst du mir bitte noch einmal mit deinem fachlichen Rat helfen?
Bei den Logs habe ich alles äler 15.8. gelöscht

1. Log
Datentr„ger in Laufwerk C: ist Root
Volumeseriennummer: A4D9-8B0C

Verzeichnis von C:\

06.09.2006 21:46 0 sys.txt
06.09.2006 21:46 9.260 system.txt
06.09.2006 21:46 655 systemtemp.txt
06.09.2006 21:46 102.764 system32.txt
06.09.2006 20:11 0 avenger.txt
06.09.2006 20:09 2.145.386.496 pagefile.sys
06.09.2006 20:04 37.369 files.txt
06.09.2006 19:40 1.723 rapport2.txt
06.09.2006 19:40 1.723 rapport.txt
06.09.2006 19:37 1.746 dlcc.log
06.09.2006 17:58 2.435 3system.txt
04.09.2006 15:54 11.126 dlccscan.log
22.05.2006 22:05 0 IO.SYS
22.05.2006 22:05 0 AUTOEXEC.BAT
22.05.2006 22:05 0 CONFIG.SYS
22.05.2006 22:05 0 MSDOS.SYS
22.05.2006 21:56 317 boot.ini
10.08.2004 14:00 251.184 ntldr
10.08.2004 14:00 47.564 NTDETECT.COM
10.08.2004 14:00 4.952 bootfont.bin
20 Datei(en) 2.145.859.314 Bytes
0 Verzeichnis(se), 22.768.758.784 Bytes frei

2. Log
Datentr„ger in Laufwerk C: ist Root
Volumeseriennummer: A4D9-8B0C

Verzeichnis von C:\WINDOWS\system32

06.09.2006 21:19 2.206 wpa.dbl
06.09.2006 21:01 2.550 Uninstall.ico
06.09.2006 21:01 1.406 Help.ico
06.09.2006 21:01 30.590 pavas.ico
06.09.2006 20:07 228 erbidxfy.txt
06.09.2006 17:34 176.128 gtpbx.dll
05.09.2006 09:48 253.472 FNTCACHE.DAT
15.08.2006 15:19 0 asfiles.txt

3. Log
Datentr„ger in Laufwerk C: ist Root
Volumeseriennummer: A4D9-8B0C

Verzeichnis von C:\WINDOWS

06.09.2006 21:01 32 pavsig.txt
06.09.2006 20:19 725.292 setupapi.log
06.09.2006 20:11 5.184.054 BGInfo.bmp
06.09.2006 20:11 4.144 ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
06.09.2006 20:10 0 0.log
06.09.2006 20:09 159 wiadebug.log
06.09.2006 20:09 1.421.541 WindowsUpdate.log
06.09.2006 20:09 50 wiaservc.log
06.09.2006 20:09 2.048 bootstat.dat
06.09.2006 20:08 32.376 SchedLgU.Txt
06.09.2006 19:40 319.030 setupact.log
01.09.2006 18:18 116 NeroDigital.ini
01.09.2006 17:34 151 PhotoSnapViewer.INI
01.09.2006 10:47 18.077 wmsetup.log
01.09.2006 10:47 236 wmsetup10.log
01.09.2006 00:01 357 GEARInstall.log
17.08.2006 21:29 9.544 WgaNotify.log
15.08.2006 15:18 632 win.ini
15.08.2006 01:55 492.940 ntbtlog.txt

4. Log
Datentr„ger in Laufwerk C: ist Root
Volumeseriennummer: A4D9-8B0C

Verzeichnis von C:\DOKUME~1\SCHULO\LOKALE~1\Temp

06.09.2006 21:42 512 ~DF9739.tmp
06.09.2006 21:35 16.384 ~DF4FBD.tmp
06.09.2006 21:32 15.360 ~WRS0002.tmp
06.09.2006 21:20 512 ~DFF3F.tmp
06.09.2006 21:20 16.384 Perflib_Perfdata_15b8.dat
06.09.2006 21:20 512 ~DFB35E.tmp
06.09.2006 21:20 512 ~DF9809.tmp
06.09.2006 21:20 16.384 Perflib_Perfdata_15a0.dat
8 Datei(en) 66.560 Bytes
0 Verzeichnis(se), 22.768.766.976 Bytes frei

Hijachthis
Logfile of HijackThis v1.99.1
Scan saved at 21:38:57, on 06.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Dell Photo AIO Printer 924\dlccmon.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
D:\spyware 060906\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programme\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Verknüpfung mit Bginfo.exe.lnk = C:\WINDOWS\Bginfo.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: died - {7fa55359-7223-410f-bc82-efb3e3ded07f} - C:\WINDOWS\system32\gtpbx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

#178 aschulo

virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\dlcccoms.exe

poste den report
http://www.file.net/prozess/dlcccoms.exe.html

-------------------------------------------------------------------------
1.
Gehe in die registry
Start - Ausfuehren - regedit
bearbeiten -suchen - gtpbx.dll

loesche alles was du von gtpbx.dll findest unter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
died - {7fa55359-7223-410f-bc82-efb3e3ded07f} -> loeschen


2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html

Zitat

Files to delete:
C:\WINDOWS\system32\Uninstall.ico
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\system32\pavas.ico
C:\WINDOWS\system32\erbidxfy.txt
C:\WINDOWS\system32\gtpbx.dll

3.
Fixe mit dem hijackThis:

Zitat

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O21 - SSODL: died - {7fa55359-7223-410f-bc82-efb3e3ded07f} - C:\WINDOWS\system32\gtpbx.dll

PC neustarten

** berichte
__________
MfG Sabina

rund um die PC-Sicherheit

#179 Sabina (ich werd besser, jetzt ohne r)

virustotel brachte:
Your file "dlcccoms.exe" is queued in position: 116. Estimated start time is between 27 and 38 minutes.

mit
poste den report
http://www.file.net/prozess/dlcccoms.exe.html
konnte ich nichts anfangen

registry
alles gemacht (im ersten Step schon WINDOWS\system32\gtpbx.dll)

Avencer
erfolgreich

Fixe mit dem hijackThis:
ok? siehe nach_Fixe

nach_Fixe
Logfile of HijackThis v1.99.1
Scan saved at 23:48:02, on 06.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Dell Photo AIO Printer 924\dlccmon.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
D:\spyware 060906\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programme\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Verknüpfung mit Bginfo.exe.lnk = C:\WINDOWS\Bginfo.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

#180 aschulo

problem ist geloest ???
__________
MfG Sabina

rund um die PC-Sicherheit