malware spyware problem |
||
|---|---|---|
| #0
| ||
|
26.06.2006, 20:15
...neu hier
Beiträge: 5 |
||
 
|
|
|
|
26.06.2006, 23:47
Ehrenmitglied
 Beiträge: 29434 |
#47
Del Spooner
0. echo.zip entpacken--> klicke echo.bat --> der Texteditor wird sich öffnen--> Text abkopieren http://virus-protect.org/bat/echo.zip ------------------------------------------------------------------------- 1. spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen 2. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das Log vom Avenger, was erscheint 3. öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - G:\WINDOWS\system32\hp101.tmpPC neustarten 4. smitfraudfix genau nach anleitung abarbeiten ! http://virus-protect.org/artikel/tools/smitfrautfix.html 5. Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren) 6. Dr.Web http://virus-protect.org/cureit.html Poste bitte das, was drweb gefunden hat. Dazu unter Start - Ausfuehren %userprofile%\doctorweb\cureit.log eingeben und enter druecken. Den Inhalt der Dinge, die Drweb gefunden hat bitte posten. oder: Unter Menüpunkt Ansicht bei Dr. Web kann der Prüfbericht gespeichert werden als .txt Datei ablegen und dann abkopieren. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.06.2006, 16:06
...neu hier
Beiträge: 5 |
#48
Also es scheitert schon bei Schritt 0.
echo.bat hat verknüpfungen zu Laufwerk C: mein Betriebssystem ist aber auf G: durch einen dummen Zufall gekommen. Kann man die verknüpfungen ändern? Avenger funktioniert auch nicht richtig wenn ich die Dateinamen reinkopiere sagt er immer Fehler 1813 und noch viele andere Meldungen. Wie soll ich jetzt verfahren? MfG Del |
|
|
|
|
|
|
27.06.2006, 16:13
Ehrenmitglied
Beiträge: 29434 |
#49
statt des avengers:
Pocket KillBox http://virus-protect.org/killbox.html Options: "Delete on Reboot" und "Single File"--> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: ..... G:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url G:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url G:\WINDOWS\system32\simpole.tlb G:\WINDOWS\system32\ot.ico G:\WINDOWS\system32\dxole32.exe G:\WINDOWS\system32\ts.ico G:\WINDOWS\system32\stdole3.tlb G:\WINDOWS\system32\atmclk.exe G:\WINDOWS\system32\dcomcfg.exe G:\WINDOWS\system32\hvcycg.dll G:\WINDOWS\system32\wnscpsv.exe G:\WINDOWS\system32\khfgfca.dll G:\WINDOWS\System32\bsyzkoo.exe G:\WINDOWS\system32\658b867f.exe G:\Dokumente und Einstellungen\Name\Lokale Einstellungen\Anwendungsdaten\658b867f.exe G:\Dokumente und Einstellungen\Name\Lokale Einstellungen\Anwendungsdaten\bsyzkoo.exe G:\WINDOWS\system32\regperf.exe PC neustarten arbeite alles andere ab, wie angewiesen (ohne die echo.bat) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
28.06.2006, 18:03
...neu hier
Beiträge: 5 |
#50
Ha habe alles nach den von dir niedergeschriebenen Schritten gemacht,
das Kästchen in der Taskleiste iist endlich weg und es wird nicht mehr angezeigt, dass mein PC infiziert ist. Vielen vielen Dank für alle Hilfe. Sabrina woher hast du eigentlich so viel Know How --> machst du das Beruflich? MfG Del PS: ist das mormal das der Rechner nach Smitfreudfix erstmal nach dem reboot sehr langsam läuft. Noch mal vielen Dank!!!! |
|
|
|
|
|
|
28.06.2006, 21:44
Ehrenmitglied
Beiträge: 29434 |
#51
1.
Dr.Web http://virus-protect.org/cureit.html Poste bitte das, was drweb gefunden hat. Dazu unter Start - Ausfuehren %userprofile%\doctorweb\cureit.log eingeben und enter druecken. Den Inhalt der Dinge, die Drweb gefunden hat bitte posten. oder: Unter Menüpunkt Ansicht bei Dr. Web kann der Prüfbericht gespeichert werden als .txt Datei ablegen und dann abkopieren.-> hier 2. mache bitte einen Onlinscan mit Panda und poste den report http://virus-protect.org/l2mfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
30.06.2006, 20:58
...neu hier
Beiträge: 5 |
#52
Ha stimmt ihrgentwie muss ich mach hijack vergessen haben noch den webdoc zu machen.
Danke für den Hinweiß habe das aus den Augeb verlohren, da ich immer vom PC meines Bruders hin und herrennen musste um die Anweisungen zu lesen. Bin Montag bzw. Sonntag Abend wieder zu Hause werde mich dann darum kümmern. MfG Del |
|
|
|
|
|
|
08.07.2006, 20:38
...neu hier
Beiträge: 9 |
#53
guten abend ich habe mir diesen trojaner
auch durch dummheit zugezogen und auch versucht selbständig zu entfernen aber all meine versuche scheiterten nun würde ich mich sehr über hilfe freuen sabina du bist da echt ein crack kannst du mir eventuel bei meinem problem helfen da die meisten mit der log von hijackthis anfangen poste ich meine auch mal Logfile of HijackThis v1.99.1 Scan saved at 10:51:24, on 08/07/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\System32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe D:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe D:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe D:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe D:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\System32\atmclk.exe D:\Programme\SlySoft\CloneCD\CloneCDTray.exe D:\Programme\DAEMON Tools\daemon.exe D:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe D:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe D:\Programme\Gemeinsame Dateien\{F85573EE-08DF-3081-0603-02020805002c}\Update.exe D:\Programme\Messenger\msmsgs.exe D:\PROGRA~1\DOBE~1\winlogon.exe D:\Programme\AutoMate 5\AutoMate5Svc.exe D:\Programme\Kaneva\Platform\bin\KEPController.exe D:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe D:\Programme\Norton AntiVirus\navapsvc.exe D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe D:\WINDOWS\System32\svchost.exe D:\Programme\VMware\VMware Player\vmware-authd.exe D:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe D:\WINDOWS\System32\vmnat.exe D:\WINDOWS\System32\vmnetdhcp.exe D:\WINDOWS\System32\dcomcfg.exe D:\Programme\mozilla.org\Mozilla\mozilla.exe D:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE D:\Programme\Internet Explorer\iexplore.exe C:\hijackthis\HijackThis.exe R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - D:\Programme\Power Translator\Applications\LEC IE Translation Extension.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CloneCDTray] "D:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ccApp] "D:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] "D:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe" O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Oona] "D:\PROGRA~1\DOBE~1\winlogon.exe" -vt yazr O4 - Startup: Ubisoft register.lnk.disabled O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled O4 - Global Startup: InterVideo WinScheduler.lnk.disabled O4 - Global Startup: Microsoft Office.lnk.disabled O8 - Extra context menu item: &Clean Traces - D:\Programme\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\Programme\DAP\dapextie.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Download &all with DAP - D:\Programme\DAP\dapextie2.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://de.errorsafe.com/pages/scanner_de/ErrorSafeScannerInstallDE.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{331145BE-E1FE-4396-9660-AF29080193F1}: NameServer = 172.16.0.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{A28EA69A-7C7A-4898-AAB6-409294A263ED}: NameServer = 172.16.0.253 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - D:\Dokumente und Einstellungen\Veantur\Anwendungsdaten\Microsoft\Proof.dll O23 - Service: Adobe LM Service - Unknown owner - D:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: AutoMate 5 (AutoMate5) - Unisyn Software, LLC - D:\Programme\AutoMate 5\AutoMate5Svc.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: KEPController - Klaus Entertainment, Inc. - D:\Programme\Kaneva\Platform\bin\KEPController.exe O23 - Service: KEPService - Kaneva, Inc. - D:\Programme\Kaneva\Platform\bin\KEPService.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - D:\Programme\Power Translator\LogoMedia TranslateDotNet Server.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - D:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Programme\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\System32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\System32\vmnat.exe Dieser Beitrag wurde am 08.07.2006 um 20:54 Uhr von Veantur editiert.
|
|
|
|
|
|
|
09.07.2006, 13:14
Ehrenmitglied
Beiträge: 29434 |
#54
Veantur
1. stelle den CleanUp genauso ein, wie hier angegeben: + PC neustarten http://virus-protect.org/cleanup.html 2. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 3. Start > Ausfuehren --> reinschreiben --> cmd.exe und ok. kopiere rein und poste alles, was im Texteditor erscheint Zitat dir /s /a "d:\winlogon*.*" > d:\find.txt & start notepad c:\find.txt4. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\+ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.07.2006, 15:14
Ehrenmitglied
Beiträge: 29434 |
#55
du musst die datfindbat auf D:\ entpacken und anwenden.
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.07.2006, 15:32
...neu hier
Beiträge: 9 |
#56
log 1
Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: F855-73EE Verzeichnis von D:\WINDOWS\system32 09/07/2006 15:26 588,403 orutv.ini 08/07/2006 21:03 588,507 orutv.bak2 08/07/2006 11:52 100 LuResult.txt 08/07/2006 11:52 2 wnsintcc.exe 08/07/2006 10:51 4,952 stdole3.tlb 08/07/2006 10:46 61,456 ld101.tmp 08/07/2006 10:38 4,286 ts.ico 08/07/2006 10:36 39,437 ddccyaw.dll 08/07/2006 09:03 623,709 orutv.bak1 08/07/2006 09:01 569,396 vturo.dll 06/07/2006 17:17 156,672 oins.exe 06/07/2006 17:16 39,437 jkkihhi.dll 06/07/2006 17:16 18,432 winqre32.dll 05/07/2006 10:55 2,184 wpa.dbl 13/06/2006 20:46 133,280 FNTCACHE.DAT 09/05/2006 14:41 1 SI.bin log 2 Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: F855-73EE Verzeichnis von D:\DOKUME~1\Veantur\LOKALE~1\Temp 09/07/2006 14:50 16,384 Perflib_Perfdata_468.dat log 3 Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: F855-73EE Verzeichnis von D:\WINDOWS 09/07/2006 14:37 0 0.log 09/07/2006 14:35 159 wiadebug.log 09/07/2006 14:35 49 wiaservc.log 09/07/2006 14:34 2,048 bootstat.dat 09/07/2006 14:33 32,552 SchedLgU.Txt 08/07/2006 11:06 393,194 ntbtlog.txt 07/07/2006 16:28 651 win.ini 06/07/2006 21:28 23 BlendSettings.ini 06/07/2006 17:17 39,424 YAXUninst.exe 06/07/2006 17:16 139,900 setupapi.log 17/06/2006 18:44 390 wincmd.ini 17/06/2006 17:06 101,045 wmsetup.log 13/06/2006 20:41 71,068 iis6.log 13/06/2006 20:41 21,945 comsetup.log 13/06/2006 20:41 11,547 ntdtcsetup.log 13/06/2006 20:41 18,602 tsoc.log 13/06/2006 20:41 1,374 imsins.log 13/06/2006 20:41 4,396 KB842773.log 13/06/2006 20:41 1,701 ocmsn.log 13/06/2006 20:41 20,257 ocgen.log 13/06/2006 20:41 1,742 msgsocm.log 13/06/2006 20:41 30,085 FaxSetup.log 13/06/2006 20:41 15,686 msmqinst.log 13/06/2006 20:41 178,048 setupact.log 13/06/2006 20:40 406,454 DirectX.log 20/05/2006 14:32 921,767 War Plan Orange Uninstall Log.txt 15/04/2006 22:45 2,250,054 Mozilla Wallpaper.bmp log 4 Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: F855-73EE Verzeichnis von D:\ 09/07/2006 15:29 0 sys.txt 09/07/2006 15:29 7,829 system.txt 09/07/2006 15:29 498 systemtemp.txt 09/07/2006 15:26 112,658 system32.txt 09/07/2006 14:34 805,306,368 pagefile.sys 29/06/2006 17:32 2,045,202 boogie.mp3 29/06/2006 17:31 2,713,936 smack.mp3 29/06/2006 17:30 2,694,620 laggy.mp3 29/06/2006 17:26 2,329,009 50ways.mp3 23/06/2006 19:35 19,510 Wi1_Ph_Uebungen_KV.pdf 20/06/2006 22:13 402 lexgeograph.ica 13/06/2006 10:08 17,682,707 F Der Rittersche Schnitt.asf 13/06/2006 10:05 656,745 vox.zip 11/06/2006 17:18 26,245 g6.JPG 11/06/2006 10:40 643,711 XviD-1.1.0-30122005.exe 10/06/2006 19:42 49,643 g5.JPG 10/06/2006 14:31 13,535,987 francoise10.mpg edit: schritt drei folgendes erscheint auf dem bildschirm Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: F855-73EE schritt 4 Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: F855-73EE Verzeichnis von D:\WINDOWS\Downloaded Program Files 09/08/2001 10:32 303,104 idrop.ocx 19/12/2003 17:02 126,976 popcaploader.dll 19/12/2003 15:43 241 popcaploader.inf 08/12/2003 13:58 3,759 swflash.inf 29/08/2003 15:55 2,136 WMAVAX.inf 10/11/2005 14:41 2,088 YazzleActiveX.inf 06/06/2006 11:52 249,856 YazzleActiveX.ocx 7 Datei(en) 688,160 Bytes 0 Verzeichnis(se), 4,603,146,240 Bytes frei Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: F855-73EE Verzeichnis von D:\Dokumente und Einstellungen\Veantur\Lokale Einstellungen\Temp 09/07/2006 15:36 <DIR> . 09/07/2006 15:36 <DIR> .. 09/07/2006 14:51 <DIR> Asee 28/01/2006 16:44 5,244,416 Emden- Archangelsk-Pr?senation.ppt 29/01/2006 13:05 28,160 JLU Gie?enhandout.doc 09/07/2006 14:50 16,384 Perflib_Perfdata_468.dat 09/07/2006 15:36 16,384 Perflib_Perfdata_bc.dat 29/01/2006 14:59 3,409,421 ?? - ????????? ???.mp3 5 Datei(en) 8,714,765 Bytes 3 Verzeichnis(se), 4,603,142,144 Bytes frei Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: F855-73EE Verzeichnis von D:\WINDOWS\Temp 09/07/2006 15:38 <DIR> . 09/07/2006 15:38 <DIR> .. 09/07/2006 14:35 16,384 Perflib_Perfdata_39c.dat 09/07/2006 14:35 85 vmware-vmount.log 09/07/2006 14:34 0 win1.tmp 09/07/2006 14:40 0 win10.tmp 09/07/2006 14:42 0 win11.tmp 09/07/2006 14:42 0 win12.tmp 09/07/2006 14:42 0 win13.tmp 09/07/2006 14:42 0 win14.tmp 09/07/2006 14:42 0 win15.tmp 09/07/2006 14:44 0 win16.tmp 09/07/2006 14:44 0 win17.tmp 09/07/2006 14:44 0 win18.tmp 09/07/2006 14:44 0 win19.tmp 09/07/2006 14:44 0 win1A.tmp 09/07/2006 14:46 0 win1B.tmp 09/07/2006 14:46 0 win1C.tmp 09/07/2006 14:46 0 win1D.tmp 09/07/2006 14:46 0 win1E.tmp 09/07/2006 14:46 0 win1F.tmp 09/07/2006 14:34 0 win2.tmp 09/07/2006 14:48 0 win20.tmp 09/07/2006 14:48 0 win21.tmp 09/07/2006 14:48 0 win22.tmp 09/07/2006 14:48 0 win23.tmp 09/07/2006 14:48 0 win24.tmp 09/07/2006 14:50 0 win25.tmp 09/07/2006 14:50 0 win26.tmp 09/07/2006 14:50 0 win27.tmp 09/07/2006 14:50 0 win28.tmp 09/07/2006 14:50 0 win29.tmp 09/07/2006 14:34 0 win3.tmp 09/07/2006 14:34 0 win4.tmp 09/07/2006 14:36 0 win5.tmp 09/07/2006 14:36 0 win6.tmp 09/07/2006 14:52 0 win64.tmp 09/07/2006 14:52 0 win65.tmp 09/07/2006 14:52 0 win66.tmp 09/07/2006 14:52 0 win67.tmp 09/07/2006 14:54 0 win68.tmp 09/07/2006 14:54 0 win69.tmp 09/07/2006 14:54 0 win6A.tmp 09/07/2006 14:54 0 win6B.tmp 09/07/2006 14:56 0 win6C.tmp 09/07/2006 14:56 0 win6D.tmp 09/07/2006 14:56 0 win6E.tmp 09/07/2006 14:56 0 win6F.tmp 09/07/2006 14:36 0 win7.tmp 09/07/2006 14:58 0 win70.tmp 09/07/2006 14:58 0 win71.tmp 09/07/2006 14:58 0 win72.tmp 09/07/2006 14:58 0 win73.tmp 09/07/2006 15:00 0 win74.tmp 09/07/2006 15:00 0 win75.tmp 09/07/2006 15:00 0 win76.tmp 09/07/2006 15:00 0 win77.tmp 09/07/2006 15:02 0 win78.tmp 09/07/2006 15:02 0 win79.tmp 09/07/2006 15:02 0 win7A.tmp 09/07/2006 15:02 0 win7B.tmp 09/07/2006 15:04 0 win7C.tmp 09/07/2006 15:04 0 win7D.tmp 09/07/2006 15:04 0 win7E.tmp 09/07/2006 15:04 0 win7F.tmp 09/07/2006 14:36 0 win8.tmp 09/07/2006 15:06 0 win80.tmp 09/07/2006 15:06 0 win81.tmp 09/07/2006 15:06 0 win82.tmp 09/07/2006 15:06 0 win83.tmp 09/07/2006 15:08 0 win84.tmp 09/07/2006 15:08 0 win85.tmp 09/07/2006 15:08 0 win86.tmp 09/07/2006 15:08 0 win87.tmp 09/07/2006 15:10 0 win88.tmp 09/07/2006 15:10 0 win89.tmp 09/07/2006 15:10 0 win8A.tmp 09/07/2006 15:10 0 win8B.tmp 09/07/2006 15:10 0 win8C.tmp 09/07/2006 15:12 0 win8D.tmp 09/07/2006 15:12 0 win8E.tmp 09/07/2006 15:12 0 win8F.tmp 09/07/2006 14:38 0 win9.tmp 09/07/2006 15:12 0 win90.tmp 09/07/2006 15:14 0 win91.tmp 09/07/2006 15:14 0 win92.tmp 09/07/2006 15:14 0 win93.tmp 09/07/2006 15:14 0 win94.tmp 09/07/2006 15:16 0 win95.tmp 09/07/2006 15:16 0 win96.tmp 09/07/2006 15:16 0 win97.tmp 09/07/2006 15:16 0 win98.tmp 09/07/2006 15:18 0 win99.tmp 09/07/2006 15:18 0 win9A.tmp 09/07/2006 15:18 0 win9B.tmp 09/07/2006 15:18 0 win9C.tmp 09/07/2006 15:20 0 win9D.tmp 09/07/2006 15:20 0 win9E.tmp 09/07/2006 15:20 0 win9F.tmp 09/07/2006 14:38 0 winA.tmp 09/07/2006 15:20 0 winA0.tmp 09/07/2006 15:22 0 winA1.tmp 09/07/2006 15:22 0 winA2.tmp 09/07/2006 15:22 0 winA3.tmp 09/07/2006 15:22 0 winA4.tmp 09/07/2006 15:24 0 winA5.tmp 09/07/2006 15:24 0 winA6.tmp 09/07/2006 15:24 0 winA7.tmp 09/07/2006 15:24 0 winA8.tmp 09/07/2006 15:26 0 winA9.tmp 09/07/2006 15:26 0 winAA.tmp 09/07/2006 15:26 0 winAB.tmp 09/07/2006 15:26 0 winAC.tmp 09/07/2006 15:28 0 winAD.tmp 09/07/2006 15:28 0 winAE.tmp 09/07/2006 15:28 0 winAF.tmp 09/07/2006 14:38 0 winB.tmp 09/07/2006 15:28 0 winB0.tmp 09/07/2006 15:30 0 winB1.tmp 09/07/2006 15:30 0 winB2.tmp 09/07/2006 15:30 0 winB3.tmp 09/07/2006 15:30 0 winB4.tmp 09/07/2006 15:30 0 winB5.tmp 09/07/2006 15:32 0 winB6.tmp 09/07/2006 15:32 0 winB7.tmp 09/07/2006 15:32 0 winB8.tmp 09/07/2006 15:32 0 winB9.tmp 09/07/2006 15:34 0 winBA.tmp 09/07/2006 15:34 0 winBB.tmp 09/07/2006 15:34 0 winBC.tmp 09/07/2006 15:34 0 winBD.tmp 09/07/2006 15:36 0 winBE.tmp 09/07/2006 15:36 0 winBF.tmp 09/07/2006 14:38 0 winC.tmp 09/07/2006 15:36 0 winC0.tmp 09/07/2006 15:36 0 winC1.tmp 09/07/2006 15:38 0 winC2.tmp 09/07/2006 15:38 0 winC3.tmp 09/07/2006 15:38 0 winC4.tmp 09/07/2006 15:38 0 winC5.tmp 09/07/2006 14:40 0 winD.tmp 09/07/2006 14:40 0 winE.tmp 09/07/2006 14:40 0 winF.tmp 141 Datei(en) 16,469 Bytes 2 Verzeichnis(se), 4,603,129,856 Bytes frei Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: F855-73EE Verzeichnis von D:\Temp 09/07/2006 15:26 <DIR> . 09/07/2006 15:26 <DIR> .. 23/01/2006 15:36 429 datFind.bat 1 Datei(en) 429 Bytes 2 Verzeichnis(se), 4,603,133,952 Bytes frei Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: F855-73EE Verzeichnis von D:\Programme 09/07/2006 14:32 <DIR> . 09/07/2006 14:32 <DIR> .. 05/06/2005 12:20 <DIR> Adobe 18/04/2006 15:03 <DIR> Ahead 28/10/2005 08:55 <DIR> Alcohol Soft 18/01/2006 10:58 <DIR> Aspyr Media, Inc 30/10/2005 22:47 <DIR> ATI Technologies 12/10/2005 16:30 <DIR> AutoMate 5 10/12/2005 08:44 <DIR> BitTorrent 05/06/2005 18:13 <DIR> Brigades 05/04/2005 12:21 <DIR> Buhl finance 09/07/2006 13:36 <DIR> CleanUp! 16/02/2006 16:26 <DIR> Common~1 29/03/2005 12:00 <DIR> ComPlus Applications 08/07/2006 10:36 <DIR> Cowabanga 16/02/2006 21:08 <DIR> DAEMON Tools 05/02/2006 14:08 <DIR> DAP 28/07/2005 12:29 <DIR> directx 06/07/2005 17:47 <DIR> DivX 22/09/2005 20:44 <DIR> Download Express 30/04/2006 10:15 <DIR> EA GAMES 07/02/2006 11:56 <DIR> EarthView 31/10/2005 00:22 <DIR> Firaxis Games 06/07/2005 13:24 <DIR> GameShadow 08/07/2006 10:36 <DIR> Gemeinsame Dateien 27/01/2006 17:49 <DIR> GIMP-2.0 18/05/2006 12:41 <DIR> Google 14/03/2006 18:34 <DIR> HTTP-Tunnel 26/09/2005 17:03 <DIR> ICQLite 28/09/2005 13:04 <DIR> ICQToolbar 24/10/2005 21:09 <DIR> id Software 15/01/2006 16:19 <DIR> IDM Computer Solutions 29/03/2005 12:04 <DIR> Internet Explorer 21/03/2006 16:08 <DIR> InterVideo 24/10/2005 19:22 <DIR> Jasc Software Inc 15/09/2005 19:57 <DIR> Java 05/12/2005 16:56 <DIR> K-Lite Codec Pack 01/07/2005 12:01 <DIR> Kaneva 16/12/2005 10:54 <DIR> Lavalys 25/11/2005 13:36 <DIR> Lionhead Studios Ltd 18/10/2005 10:14 <DIR> Medieval Conquest 29/03/2005 12:14 <DIR> Messenger 12/01/2006 21:03 <DIR> Microsoft eMbedded C++ 4.0 29/03/2005 12:06 <DIR> microsoft frontpage 15/01/2006 20:46 <DIR> Microsoft Office 19/01/2006 19:34 <DIR> Microsoft Visual Studio 03/01/2006 13:56 <DIR> Microsoft.NET 26/10/2005 11:44 <DIR> MindArk 24/10/2005 19:18 <DIR> Monte Cristo 20/05/2006 14:26 <DIR> Mount&Blade 29/03/2005 12:02 <DIR> Movie Maker 15/04/2005 12:14 <DIR> mozilla.org 29/03/2005 12:00 <DIR> MSN 30/01/2006 00:22 <DIR> MSN Apps 29/03/2005 12:00 <DIR> MSN Gaming Zone 30/01/2006 00:20 <DIR> MSN Messenger 16/12/2005 15:08 <DIR> MultiRes 29/03/2005 12:01 <DIR> NetMeeting 28/01/2006 12:26 <DIR> Nival Interactive 08/07/2006 12:06 <DIR> Norton AntiVirus 11/09/2005 00:31 <DIR> NumLock 27/01/2006 00:33 <DIR> Nvu 29/03/2005 12:00 <DIR> Online Services 29/03/2005 12:04 <DIR> Online-Dienste 29/03/2005 12:01 <DIR> Outlook Express 03/04/2005 14:31 <DIR> Paradox Interactive 29/03/2005 12:27 <DIR> PCI Audio Applications 28/09/2005 18:03 <DIR> Power Translator 16/12/2005 15:06 <DIR> Radeon Omega Drivers 09/06/2006 20:25 <DIR> Railroad Tycoon II - Platinum 21/03/2006 16:03 <DIR> Samsung 24/11/2005 22:54 <DIR> Sierra 30/06/2005 10:23 <DIR> SlySoft 20/06/2006 00:00 <DIR> SpellForce 07/07/2006 11:42 <DIR> Spybot - Search & Destroy 08/04/2006 09:23 <DIR> Stardock 17/06/2006 16:57 <DIR> StripSaver2 07/07/2006 11:15 <DIR> Symantec 30/04/2005 11:54 <DIR> Teamspeak2_RC2 08/07/2006 10:36 <DIR> ToolBar888 09/05/2006 14:48 <DIR> Ubisoft 20/02/2006 12:53 <DIR> VMware 05/10/2005 15:15 <DIR> WexTech 23/03/2006 17:29 <DIR> Winamp 05/01/2006 17:31 <DIR> Windows CE Tools 25/11/2005 13:49 <DIR> Windows Media Player 29/03/2005 12:00 <DIR> Windows NT 23/11/2005 07:49 <DIR> WinRAR 07/10/2005 21:05 <DIR> WinZip 29/03/2005 12:06 <DIR> xerox 11/06/2006 10:43 <DIR> XviD 08/07/2006 10:36 <DIR> ?dobe 0 Datei(en) 0 Bytes 93 Verzeichnis(se), 4,603,129,856 Bytes frei Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: F855-73EE Verzeichnis von D:\Dokumente und Einstellungen\Veantur\Anwendungsdaten 08/07/2006 11:56 <DIR> . 08/07/2006 11:56 <DIR> .. 12/12/2005 10:07 <DIR> .bittorrent 04/06/2005 10:20 <DIR> Adobe 03/04/2005 21:52 814 AdobeDLM.log 13/04/2005 23:06 <DIR> AdobeUM 22/10/2005 20:09 <DIR> Ahead 16/12/2005 15:16 <DIR> atitray 03/07/2005 12:01 <DIR> Black Sea Studios 07/02/2006 11:49 <DIR> DeskSoft 01/04/2005 19:37 283 dm.ini 30/04/2006 09:46 19,496 GDIPFONTCACHEV1.DAT 25/06/2005 10:57 <DIR> Gearbox Software 18/05/2006 12:41 <DIR> Google 01/04/2005 15:27 <DIR> Help 06/04/2005 10:28 <DIR> ICQLite 29/03/2005 12:14 <DIR> Identities 15/01/2006 16:19 <DIR> IDMComp 28/05/2005 11:51 <DIR> InterVideo 01/07/2005 11:35 <DIR> Irth 27/01/2006 10:27 <DIR> Jasc Software Inc 25/11/2005 13:57 <DIR> Lionhead Studios 15/04/2005 12:16 <DIR> Macromedia 06/07/2005 17:50 <DIR> Media Player Classic 22/09/2005 20:44 <DIR> MetaProducts 15/04/2005 12:14 <DIR> Mozilla 21/06/2005 17:53 <DIR> MSN6 28/10/2005 09:57 <DIR> My Games 14/01/2006 18:22 <DIR> NeroVision 27/01/2006 10:31 <DIR> Nvu 16/02/2006 21:12 <DIR> Petroglyph 15/09/2005 19:58 <DIR> Sun 15/04/2005 12:14 <DIR> Talkback 03/04/2006 17:01 <DIR> teamspeak2 20/02/2006 18:32 <DIR> VMware 16/02/2006 21:08 <DIR> WhenU 22/02/2006 11:32 <DIR> Xfire 3 Datei(en) 20,593 Bytes 34 Verzeichnis(se), 4,603,129,856 Bytes frei Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: F855-73EE Verzeichnis von D:\Programme\Gemeinsame Dateien 08/07/2006 10:36 <DIR> . 08/07/2006 10:36 <DIR> .. 29/01/2006 18:22 <DIR> Adobe 05/06/2005 12:21 <DIR> Adobe Systems Shared 18/04/2006 15:03 <DIR> Ahead 05/10/2005 15:13 <DIR> Autodesk Shared 05/04/2005 12:22 <DIR> BDElster 05/04/2005 12:21 <DIR> Buhl Data Service 15/01/2006 20:48 <DIR> Designer 29/03/2005 12:01 <DIR> Dienste 01/07/2005 11:21 <DIR> DirectX 27/01/2006 17:48 <DIR> GTK 14/04/2005 14:56 <DIR> InstallShield 15/09/2005 19:57 <DIR> Java 05/10/2005 15:15 <DIR> LHSPF 05/04/2005 12:22 <DIR> MapServ 19/01/2006 19:30 <DIR> Microsoft Shared 15/04/2005 12:14 <DIR> mozilla.org 29/03/2005 12:01 <DIR> MSSoap 15/04/2005 17:45 <DIR> NSV 29/03/2005 12:49 <DIR> ODBC 28/09/2005 16:16 <DIR> PocketSoft 29/03/2005 12:49 <DIR> SpeechEngines 24/03/2006 17:42 <DIR> Stardock 08/07/2006 12:06 <DIR> Symantec Shared 15/01/2006 20:46 <DIR> System 17/06/2006 16:57 <DIR> Totem Shared 20/02/2006 12:53 <DIR> VMware 05/10/2005 15:15 <DIR> WexTech Shared 16/02/2006 21:08 <DIR> WhenU 12/10/2005 16:29 <DIR> Wise Installation Wizard 08/07/2006 10:36 <DIR> {F85573EE-08DF-3081-0603-02020805002c} 0 Datei(en) 0 Bytes 32 Verzeichnis(se), 4,603,125,760 Bytes frei Dieser Beitrag wurde am 09.07.2006 um 15:43 Uhr von Veantur editiert.
|
|
|
|
|
|
|
09.07.2006, 17:50
Ehrenmitglied
Beiträge: 29434 |
#57
Veantur
Beginn: Versteckte- und Systemdateien sichtbar machen http://virus-protect.org/invisible.html ----------------------------------------------------- 1. Vundofix anwenden http://virus-protect.org/artikel/tools/vundofixx.html 2. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom Avenger, was erscheint ** öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)PC neustarten ** smitfraudfix genau nach Anleitung abarbeiten http://virus-protect.org/artikel/tools/smitfrautfix.html ** D:\Dokumente und Einstellungen\Veantur\Lokale Einstellungen\Temp\Asee -> loeschen ** D:\Programme\Cowabanga -> loeschen D:\Programme\ToolBar888 -> loeschen D:\Dokumente und Einstellungen\Veantur\Anwendungsdaten\WhenU -> loeschen D:\Programme\Gemeinsame Dateien\Totem Shared -> loeschen D:\Programme\Gemeinsame Dateien\WhenU -> loeschen D:\Programme\Gemeinsame Dateien\{F85573EE-08DF-3081-0603-02020805002c} -> loeschen Purityscan loeschen: D:\Programme\ 08/07/2006 10:36 <DIR> .....dobe du musst nach dem Datum suchen und desinstallieren/loeschen ------------------------------------------------------------------------- ** Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. ** scanne mit ewido und poste den scanreport http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.07.2006, 18:13
...neu hier
Beiträge: 9 |
#58
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\xgcqlpcx ******************* Script file located at: \??\D:\WINDOWS\ofaenlix.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at D:\Avenger ******************* Beginning to process script file: File D:\Dokumente und Einstellungen\Veantur\Lokale Einstellungen\Temp\!update.exe not found! Deletion of file D:\Dokumente und Einstellungen\Veantur\Lokale Einstellungen\Temp\!update.exe failed! Could not process line: D:\Dokumente und Einstellungen\Veantur\Lokale Einstellungen\Temp\!update.exe Status: 0xc0000034 File D:\WINDOWS\system32\orutv.ini deleted successfully. File D:\WINDOWS\system32\orutv.bak2 deleted successfully. File D:\WINDOWS\system32\LuResult.txt deleted successfully. File D:\WINDOWS\system32\wnsintcc.exe deleted successfully. File D:\WINDOWS\system32\stdole3.tlb deleted successfully. File D:\WINDOWS\system32\ts.ico deleted successfully. File D:\WINDOWS\system32\ddccyaw.dll deleted successfully. File D:\WINDOWS\system32\orutv.bak1 deleted successfully. File D:\WINDOWS\system32\vturo.dll deleted successfully. File D:\WINDOWS\system32\oins.exe deleted successfully. File D:\WINDOWS\system32\jkkihhi.dll deleted successfully. File D:\WINDOWS\system32\winqre32.dll deleted successfully. File D:\WINDOWS\YAXUninst.exe deleted successfully. File D:\Programme\Gemeinsame Dateien\Y1123OA.exe not found! Deletion of file D:\Programme\Gemeinsame Dateien\Y1123OA.exe failed! Could not process line: D:\Programme\Gemeinsame Dateien\Y1123OA.exe Status: 0xc0000034 File D:\WINDOWS\Downloaded Program Files\popcaploader.dll deleted successfully. File D:\WINDOWS\Downloaded Program Files\popcaploader.inf deleted successfully. File D:\WINDOWS\Downloaded Program Files\YazzleActiveX.inf deleted successfully. File D:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx deleted successfully. File D:\WINDOWS\Temp\win1.tmp deleted successfully. File D:\WINDOWS\Temp\win10.tmp deleted successfully. File D:\WINDOWS\Temp\win11.tmp deleted successfully. File D:\WINDOWS\Temp\win12.tmp deleted successfully. File D:\WINDOWS\Temp\win13.tmp deleted successfully. File D:\WINDOWS\Temp\win14.tmp deleted successfully. File D:\WINDOWS\Temp\win15.tmp deleted successfully. File D:\WINDOWS\Temp\win16.tmp deleted successfully. File D:\WINDOWS\Temp\win17.tmp deleted successfully. File D:\WINDOWS\Temp\win18.tmp deleted successfully. File D:\WINDOWS\Temp\win19.tmp deleted successfully. File D:\WINDOWS\Temp\win1A.tmp deleted successfully. File D:\WINDOWS\Temp\win1B.tmp deleted successfully. File D:\WINDOWS\Temp\win1C.tmp deleted successfully. File D:\WINDOWS\Temp\win1D.tmp deleted successfully. File D:\WINDOWS\Temp\win1E.tmp deleted successfully. File D:\WINDOWS\Temp\win1F.tmp deleted successfully. File D:\WINDOWS\Temp\win2.tmp deleted successfully. File D:\WINDOWS\Temp\win20.tmp deleted successfully. File D:\WINDOWS\Temp\win21.tmp deleted successfully. File D:\WINDOWS\Temp\win22.tmp deleted successfully. File D:\WINDOWS\Temp\win23.tmp deleted successfully. File D:\WINDOWS\Temp\win24.tmp deleted successfully. File D:\WINDOWS\Temp\win25.tmp deleted successfully. File D:\WINDOWS\Temp\win26.tmp deleted successfully. File D:\WINDOWS\Temp\win27.tmp deleted successfully. File D:\WINDOWS\Temp\win28.tmp deleted successfully. File D:\WINDOWS\Temp\win29.tmp deleted successfully. File D:\WINDOWS\Temp\win3.tmp deleted successfully. File D:\WINDOWS\Temp\win4.tmp deleted successfully. File D:\WINDOWS\Temp\win5.tmp deleted successfully. File D:\WINDOWS\Temp\win6.tmp deleted successfully. File D:\WINDOWS\Temp\win64.tmp deleted successfully. File D:\WINDOWS\Temp\win65.tmp deleted successfully. File D:\WINDOWS\Temp\win66.tmp deleted successfully. File D:\WINDOWS\Temp\win67.tmp deleted successfully. File D:\WINDOWS\Temp\win68.tmp deleted successfully. File D:\WINDOWS\Temp\win69.tmp deleted successfully. File D:\WINDOWS\Temp\win6A.tmp deleted successfully. File D:\WINDOWS\Temp\win6B.tmp deleted successfully. File D:\WINDOWS\Temp\win6C.tmp deleted successfully. File D:\WINDOWS\Temp\win6D.tmp deleted successfully. File D:\WINDOWS\Temp\win6E.tmp deleted successfully. File D:\WINDOWS\Temp\win6F.tmp deleted successfully. File D:\WINDOWS\Temp\win7.tmp deleted successfully. File D:\WINDOWS\Temp\win70.tmp deleted successfully. File D:\WINDOWS\Temp\win71.tmp deleted successfully. File D:\WINDOWS\Temp\win72.tmp deleted successfully. File D:\WINDOWS\Temp\win73.tmp deleted successfully. File D:\WINDOWS\Temp\win74.tmp deleted successfully. File D:\WINDOWS\Temp\win75.tmp deleted successfully. File D:\WINDOWS\Temp\win76.tmp deleted successfully. File D:\WINDOWS\Temp\win77.tmp deleted successfully. File D:\WINDOWS\Temp\win78.tmp deleted successfully. File D:\WINDOWS\Temp\win79.tmp deleted successfully. File D:\WINDOWS\Temp\win7A.tmp deleted successfully. File D:\WINDOWS\Temp\win7B.tmp deleted successfully. File D:\WINDOWS\Temp\win7C.tmp deleted successfully. File D:\WINDOWS\Temp\win7D.tmp deleted successfully. File D:\WINDOWS\Temp\win7E.tmp deleted successfully. File D:\WINDOWS\Temp\win7F.tmp deleted successfully. File D:\WINDOWS\Temp\win8.tmp deleted successfully. File D:\WINDOWS\Temp\win80.tmp deleted successfully. File D:\WINDOWS\Temp\win81.tmp deleted successfully. File D:\WINDOWS\Temp\win82.tmp deleted successfully. File D:\WINDOWS\Temp\win83.tmp deleted successfully. File D:\WINDOWS\Temp\win84.tmp deleted successfully. File D:\WINDOWS\Temp\win85.tmp deleted successfully. File D:\WINDOWS\Temp\win86.tmp deleted successfully. File D:\WINDOWS\Temp\win87.tmp deleted successfully. File D:\WINDOWS\Temp\win88.tmp deleted successfully. File D:\WINDOWS\Temp\win89.tmp deleted successfully. File D:\WINDOWS\Temp\win8A.tmp deleted successfully. File D:\WINDOWS\Temp\win8B.tmp deleted successfully. File D:\WINDOWS\Temp\win8C.tmp deleted successfully. File D:\WINDOWS\Temp\win8D.tmp deleted successfully. File D:\WINDOWS\Temp\win8E.tmp deleted successfully. File D:\WINDOWS\Temp\win8F.tmp deleted successfully. File D:\WINDOWS\Temp\win9.tmp deleted successfully. File D:\WINDOWS\Temp\win90.tmp deleted successfully. File D:\WINDOWS\Temp\win91.tmp deleted successfully. File D:\WINDOWS\Temp\win92.tmp deleted successfully. File D:\WINDOWS\Temp\win93.tmp deleted successfully. File D:\WINDOWS\Temp\win94.tmp deleted successfully. File D:\WINDOWS\Temp\win95.tmp deleted successfully. File D:\WINDOWS\Temp\win96.tmp deleted successfully. File D:\WINDOWS\Temp\win97.tmp deleted successfully. File D:\WINDOWS\Temp\win98.tmp deleted successfully. File D:\WINDOWS\Temp\win99.tmp deleted successfully. File D:\WINDOWS\Temp\win9A.tmp deleted successfully. File D:\WINDOWS\Temp\win9B.tmp deleted successfully. File D:\WINDOWS\Temp\win9C.tmp deleted successfully. File D:\WINDOWS\Temp\win9D.tmp deleted successfully. File D:\WINDOWS\Temp\win9E.tmp deleted successfully. File D:\WINDOWS\Temp\win9F.tmp deleted successfully. File D:\WINDOWS\Temp\winA.tmp deleted successfully. File D:\WINDOWS\Temp\winA0.tmp deleted successfully. File D:\WINDOWS\Temp\winA1.tmp deleted successfully. File D:\WINDOWS\Temp\winA2.tmp deleted successfully. File D:\WINDOWS\Temp\winA3.tmp deleted successfully. File D:\WINDOWS\Temp\winA4.tmp deleted successfully. File D:\WINDOWS\Temp\winA5.tmp deleted successfully. File D:\WINDOWS\Temp\winA6.tmp deleted successfully. File D:\WINDOWS\Temp\winA7.tmp deleted successfully. File D:\WINDOWS\Temp\winA8.tmp deleted successfully. File D:\WINDOWS\Temp\winA9.tmp deleted successfully. File D:\WINDOWS\Temp\winAA.tmp deleted successfully. File D:\WINDOWS\Temp\winAB.tmp deleted successfully. File D:\WINDOWS\Temp\winAC.tmp deleted successfully. File D:\WINDOWS\Temp\winAD.tmp deleted successfully. File D:\WINDOWS\Temp\winAE.tmp deleted successfully. File D:\WINDOWS\Temp\winAF.tmp deleted successfully. File D:\WINDOWS\Temp\winB.tmp deleted successfully. File D:\WINDOWS\Temp\winB0.tmp deleted successfully. File D:\WINDOWS\Temp\winB1.tmp deleted successfully. File D:\WINDOWS\Temp\winB2.tmp deleted successfully. File D:\WINDOWS\Temp\winB3.tmp deleted successfully. File D:\WINDOWS\Temp\winB4.tmp deleted successfully. File D:\WINDOWS\Temp\winB5.tmp deleted successfully. File D:\WINDOWS\Temp\winB6.tmp deleted successfully. File D:\WINDOWS\Temp\winB7.tmp deleted successfully. File D:\WINDOWS\Temp\winB8.tmp deleted successfully. File D:\WINDOWS\Temp\winB9.tmp deleted successfully. File D:\WINDOWS\Temp\winBA.tmp deleted successfully. File D:\WINDOWS\Temp\winBB.tmp deleted successfully. File D:\WINDOWS\Temp\winBC.tmp deleted successfully. File D:\WINDOWS\Temp\winBD.tmp deleted successfully. File D:\WINDOWS\Temp\winBE.tmp deleted successfully. File D:\WINDOWS\Temp\winBF.tmp deleted successfully. File D:\WINDOWS\Temp\winC.tmp deleted successfully. File D:\WINDOWS\Temp\winC0.tmp deleted successfully. File D:\WINDOWS\Temp\winC1.tmp deleted successfully. File D:\WINDOWS\Temp\winC2.tmp deleted successfully. File D:\WINDOWS\Temp\winC3.tmp deleted successfully. File D:\WINDOWS\Temp\winC4.tmp deleted successfully. File D:\WINDOWS\Temp\winC5.tmp deleted successfully. File D:\WINDOWS\Temp\winD.tmp deleted successfully. File D:\WINDOWS\Temp\winE.tmp deleted successfully. File D:\WINDOWS\Temp\winF.tmp deleted successfully. File D:\Programme\Cowabanga\Cowabanga.exe deleted successfully. File D:\Programme\Toolbar888\ToolBar888.dll not found! Deletion of file D:\Programme\Toolbar888\ToolBar888.dll failed! Could not process line: D:\Programme\Toolbar888\ToolBar888.dll Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ClickSpring not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\ClickSpring failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyToolBar.MyToolBarObj deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyToolBar.MyToolBarObj.1 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ToolBar888 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
|
|
09.07.2006, 18:51
Ehrenmitglied
Beiträge: 29434 |
#59
Veantur
du hast vundofix nicht angewendet ?' wende es bitte an und poste den scanreport dann arbeite alles weitere ab! __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.07.2006, 19:07
...neu hier
Beiträge: 9 |
#60
habe vundofix angewendet aber es wurde nichts gefunden?!?
alle datein die ewido als infeziert sieht löschen? |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
so noch mal die restlichen logs
Volume in Laufwerk G: hat keine Bezeichnung.
Volumeseriennummer: 60E5-5400
Verzeichnis von G:\
23.06.2006 16:14 0 sys.txt
23.06.2006 16:13 39.423 system.txt
23.06.2006 16:13 339 systemtemp.txt
23.06.2006 16:12 115.592 system32.txt
23.06.2006 16:03 402.653.184 pagefile.sys
Volume in Laufwerk G: hat keine Bezeichnung.
Volumeseriennummer: 60E5-5400
Verzeichnis von G:\DOKUME~1\Name\LOKALE~1\Temp
23.06.2006 16:09 107 STS8F.tmp
23.06.2006 16:08 300.030 hpodvd09.log
2 Datei(en) 300.137 Bytes
0 Verzeichnis(se), 81.736.019.968 Bytes frei
Volume in Laufwerk G: hat keine Bezeichnung.
Volumeseriennummer: 60E5-5400
Verzeichnis von G:\WINDOWS
23.06.2006 16:10 1.751.686 WindowsUpdate.log
23.06.2006 16:04 0 0.log
23.06.2006 16:03 159 wiadebug.log
23.06.2006 16:03 0 wiaservc.log
23.06.2006 16:03 2.048 bootstat.dat
23.06.2006 16:02 32.554 SchedLgU.Txt
23.06.2006 15:54 795.005 setupapi.log
21.06.2006 18:44 54.156 QTFont.qfn
21.06.2006 15:58 1.409 QTFont.for
19.06.2006 19:32 400 ODBC.INI
19.06.2006 19:31 814 win.ini
19.06.2006 19:28 37 vbaddin.ini
16.06.2006 22:08 69 NeroDigital.ini
16.06.2006 20:17 32.146 spupdsvc.log
16.06.2006 20:16 194.325 comsetup.log
16.06.2006 20:16 117.310 ntdtcsetup.log
16.06.2006 20:16 86.035 iis6.log
16.06.2006 20:16 1.374 imsins.log
16.06.2006 20:16 216.760 tsoc.log
16.06.2006 20:16 28.937 ocmsn.log
16.06.2006 20:16 12.243 KB917734.log
16.06.2006 20:16 326.941 wmsetup.log
16.06.2006 20:16 283.295 ocgen.log
16.06.2006 20:16 28.147 msgsocm.log
16.06.2006 20:16 548.698 FaxSetup.log
16.06.2006 20:14 1.374 imsins.BAK
16.06.2006 20:14 14.222 KB918439.log
16.06.2006 20:14 14.579 KB917344.log
16.06.2006 20:14 14.357 KB917953.log
16.06.2006 20:14 14.334 KB911280.log
16.06.2006 20:14 29.973 updspapi.log
16.06.2006 20:14 17.686 KB916281.log
16.06.2006 20:14 17.315 KB914389.log
14.06.2006 14:01 824.181 setuplog.txt
04.06.2006 12:12 227 HP_CounterReport_Update_HPSU.ini
04.06.2006 12:12 214 HP_48BitScanUpdatePatch.ini
04.06.2006 12:04 206 HPGdiPlus.ini
04.06.2006 12:02 221 HP_RedboxHprblog_HPSU.ini
03.06.2006 18:10 113.592 hpoins07.dat
27.05.2006 10:03 6.725 WGA.log
12.05.2006 15:18 11.687 KB913580.log
10.05.2006 19:47 249.856 Setup1.exe
10.05.2006 19:47 73.216 ST6UNST.EXE
26.04.2006 15:13 12.926 KB900485.log
22.04.2006 19:59 129 WININIT.INI
18.04.2006 16:54 14.987 KB908531.log
18.04.2006 16:54 14.234 KB911562.log
18.04.2006 16:54 16.252 KB912812.log
18.04.2006 16:53 17.062 KB911565.log
18.04.2006 16:53 10.682 KB911567.log
15.04.2006 17:20 3.059 u3dedit3.INI
und das log von hijack:
Logfile of HijackThis v1.99.1
Scan saved at 16:40:19, on 23.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\Programme\Windows Defender\MsMpEng.exe
G:\WINDOWS\System32\svchost.exe
G:\Programme\Sygate\SPF\smc.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
G:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\dcomcfg.exe
G:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\PROGRA~1\TCMCOM~1\PS2USBKBDDrv.exe
G:\PROGRA~1\TCMCOM~1\MouseDrv.exe
G:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
G:\WINDOWS\system32\rundll32.exe
G:\Programme\Windows Defender\MSASCui.exe
G:\Programme\HP\HP Software Update\HPWuSchd2.exe
G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
G:\Programme\CyberLink\PowerDVD\PDVDServ.exe
G:\Programme\DAEMON Tools\daemon.exe
G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
G:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
G:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Programme\HP\Digital Imaging\Unload\HpqUnApl.exe
G:\Dokumente und Einstellungen\Name\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.178.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - G:\WINDOWS\system32\hp101.tmp
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - G:\WINDOWS\system32\hp100.tmp
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - G:\WINDOWS\system32\khfgfca.dll
O4 - HKLM\..\Run: [ATIPTA] G:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [System Update] G:\WINDOWS\System32\bsyzkoo.exe
O4 - HKLM\..\Run: [TCMKeyboard ] G:\PROGRA~1\TCMCOM~1\PS2USBKBDDrv.exe
O4 - HKLM\..\Run: [TCMMouse ] G:\PROGRA~1\TCMCOM~1\MouseDrv.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "G:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] G:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UVS10 Preload] G:\Programme\Ulead Systems\Ulead VideoStudio 10.0\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] G:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [658b867f.exe] G:\WINDOWS\system32\658b867f.exe
O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [kav] "G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [658b867f.exe] G:\Dokumente und Einstellungen\Name\Lokale Einstellungen\Anwendungsdaten\658b867f.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - G:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - G:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/ger_nopop.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128017824531
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - G:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: khfgfca - G:\WINDOWS\SYSTEM32\khfgfca.dll
O20 - Winlogon Notify: klogon - G:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WB - G:\Programme\AlienGUIse\fastload.dll
O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - G:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Programme\iPod\bin\iPodService.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - T-Online International AG, Marmiko IT-Solutions GmbH - G:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - G:\Programme\Sygate\SPF\smc.exe
könntet Ihr mir bitte noch mal posten mit welchem Tool ich die Dateien entfernen soll damit soe entgültig in der Kanalisation enden.
Vielen Dank für eure Unterstützung