Home » Viren, Trojaner & Malware Forum » Grafikkartentreiber-Fehlermeldung, danach alles etwas suspekt... » Themenansicht

Grafikkartentreiber-Fehlermeldung, danach alles etwas suspekt...

Thema ist geschlossen!
Thema ist geschlossen!
#0
17.09.2006, 12:05
olka
Member

Beiträge: 15
#1 Hallo,
mein Laptop hat gestern angefangen zu spinnen, und da ich nicht weiß woran ich bin, kann ich einen Virus oder ähnliches nicht ausschließen...
Geschehenes: Gestern kam plötzlich ein PopUp, dass ein Grafikkartentreiber nicht richtig arbeiten könne. Bevor ich diese Meldung aber wirklich lesen konnte, ist der Rechner auch schon abgestürzt. Nach Wiederhochfahren war die Bildschirmauflösung auf 800x600 und die Farbqualität auf 8 Bit umgestellt (normalerweise 1024x768; 32 Bit). Das hab ich dann halt wieder umgestellt, beim nächsten Hochfahren war es aber schon wieder auf 800x600; 8 Bit. -> Wieder umgestellt, Rechner ausgemacht, schlafen gegangen.
Heute ist zwar die Auflösung/Farbqualität so wie sie sein soll, allerdings ist alles etwas seltsam jetzt:
-Die Symbole im Infobereich der Taskleiste waren früher immer einfach nebeneinander abgebildet, jetzt sind sie viel kleiner und zweireihig angeordnet.
-Die "Überschriften" in Fenstern sind größer und fetter geschrieben als normalerweise. (->http://i9.tinypic.com/2qxn8qv.jpg)
Ich hoffe, irgendjemand kann mir sagen, was da passiert/los ist und evtl helfen, das alles wieder gradezubiegen, da ich selbst leider nur sehr wenig Ahnung von sowas hab ;)
Ich habe jetzt mal einiges an Programmen laufen lassen, in folgender Reihenfolge: Sophos, Trend, McAfee, HijackThis, CleanUp, Combofix, datfindbat.
Hier die jeweiligen Logs dazu:
Sophos Anti-Virus
Version 4.09.0 [Win32/Intel]
Virus data version 4.09, September 2006
Includes detection for 188041 viruses, trojans and worms
Copyright (c) 1989-2006 Sophos Plc, www.sophos.com

System time 21:30:41, System date 16 September 2006
Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive -opt=ISCabinet


Full Scanning

Could not open c:\WINDOWS\system32\config\system.LOG
Could not open c:\WINDOWS\system32\CatRoot2\tmp.edb
Could not open c:\WINDOWS\system32\CatRoot2\edb.log
Could not open c:\WINDOWS\Temp\Perflib_Perfdata_5bc.dat
>>> Virus 'Troj/Agent-GC' found in file c:\WINDOWS\Downloaded Program Files\retro64_loader.dll
Removal successful
>>> Virus 'Troj/Agent-EL' found in file c:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll
Removal successful
Could not open c:\WINDOWS\SoftwareDistribution\EventCache\{3D2EED50-9FF9-4DA7-8AC7-046E5CE16B5E}.bin
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar.zip\GatorGainInstaller.log
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar1.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar1.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator.zip\GatorUninstaller_cme_u.log
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator1.zip\GatorUninstaller_cme.log
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator1.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator1.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator2.zip\sbRecovery.reg
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator2.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator2.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator3.zip\sbRecovery.reg
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator3.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator3.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iTunes.zip\About iTunes.rtf
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iTunes.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iTunes.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSearchDesktoptoolbar.zip\vvsn.cfg
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSearchDesktoptoolbar.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSearchDesktoptoolbar.zip\comment
Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not check c:\Dokumente und Einstellungen\STEFAN\Eigene Dateien\Studium\Semester 2\Allgemeine_Chemie Skript\Deckblatt.ppt (corrupt)
Could not check c:\Dokumente und Einstellungen\STEFAN\Eigene Dateien\Studium\Semester 3\Thermo\Physikpraktikum\Skript.pdf (corrupt)
Password protected file c:\Dokumente und Einstellungen\STEFAN\Eigene Dateien\Studium\Semester 4\Info\info\programmieren 2005\Uebung3\vwl2
Could not open c:\Dokumente und Einstellungen\STEFAN\Lokale Einstellungen\Temp\~DFF12A.tmp
Could not open c:\Dokumente und Einstellungen\STEFAN\Lokale Einstellungen\Temp\~DFF139.tmp
Could not open c:\Dokumente und Einstellungen\STEFAN\Lokale Einstellungen\Temp\~DFF160.tmp
Could not open c:\Dokumente und Einstellungen\STEFAN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Could not open c:\Dokumente und Einstellungen\STEFAN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not check c:\Programme\Microsoft Office\Templates\1031\Contemporary Memo.dot (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Elegant Fax.dot (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Elegant Letter.dot (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Envelope Wizard.wiz (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Professional Letter.dot (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Resume Wizard.wiz (corrupt)
>>> Virus 'Troj/Zlobun-Gen' found in file c:\System Volume Information\_restore{51F9C49A-3425-45CA-BE58-3070B91C4466}\RP573\A0044804.exe
Removal successful
>>> Virus 'Troj/Zlobie-Gen' found in file c:\System Volume Information\_restore{51F9C49A-3425-45CA-BE58-3070B91C4466}\RP573\A0044807.dll
Removal successful
Could not open c:\hiberfil.sys
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\CONTMEMO.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\ELEGFAX.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\ELEGLTR.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\ENVELOPE.WIZ_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\PROFLTR.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\RESUME.WIZ_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\CONVERT.WIZ_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\MERGELTR.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\PROFMADR.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\PROFMFAX.DOT_1031 (corrupt)
Could not open d:\

1 master boot record swept.
56844 files swept in 2 hours, 55 minutes and 18 seconds.
58 errors were encountered.
4 viruses were discovered.
4 files out of 56844 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
24 encrypted files were not checked.
Ending Sophos Anti-Virus.

--------------------------------------------------------

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2006-09-17, 08:49:43, Auto-clean mode specified.
2006-09-17, 08:49:43, Running scanner "c:\AV-CLS\Trend\TSC.BIN"...
2006-09-17, 08:50:01, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running.
2006-09-17, 08:50:01, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : So Sep 17 2006 08:49:43

Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 784) [success]

Complete time : So Sep 17 2006 08:50:01
Execute pattern count(2967), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-09-17, 09:25:35, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/17/2006 08:51:06
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 755 (131746 Patterns) (2006/09/16) (375500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

56530 files have been read.
56530 files have been checked.
50745 files have been scanned.
116097 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/17/2006 09:25:35
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-17, 09:25:35, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/17/2006 08:51:06
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 755 (131746 Patterns) (2006/09/16) (375500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

56530 files have been read.
56530 files have been checked.
50745 files have been scanned.
116097 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/17/2006 09:25:35 34 minutes 29 seconds (2068.67 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-17, 09:25:35, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/17/2006 08:51:06
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 755 (131746 Patterns) (2006/09/16) (375500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

56530 files have been read.
56530 files have been checked.
50745 files have been scanned.
116097 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/17/2006 09:25:35 34 minutes 29 seconds (2068.67 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-17, 09:25:35, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.

-------------------------------------------------------------

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4853 created Sep 15 2006
Scanning for 209180 viruses, trojans and variants.

Virus Scan Results



09/17/2006 09:36:16


Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"

Scanning C: []
Scanning C:\*.*
C:\Programme\ICQToolbar\toolbaru.inf ... Found potentially unwanted program Adware-Softomate.
The file or process has been deleted.
C:\System Volume Information\_restore{51F9C49A-3425-45CA-BE58-3070B91C4466}\RP577\A0045315.inf ... Found potentially unwanted program Adware-Softomate.
The file or process has been deleted.
C:\System Volume Information\_restore{51F9C49A-3425-45CA-BE58-3070B91C4466}\RP573\A0044779.exe ... Found potentially unwanted program PrcViewer.
The file or process has been deleted.
C:\System Volume Information\_restore{51F9C49A-3425-45CA-BE58-3070B91C4466}\RP574\A0045071.exe ... Found potentially unwanted program PrcViewer.
The file or process has been deleted.

Summary report on C:\*.*
File(s)
Total files: ........... 167483
Clean: ................. 167438
Possibly Infected: ..... 0
Cleaned: ............... 0
Deleted: ............... 4
Non-critical Error(s): 2
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0

Time: 01:07.57

--------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:00:44, on 17.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Protecus\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.campus-braunschweig.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.tu-bs.de;*.tu-braunschweig.de;<local>
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB002" /M "Stylus CX6600"
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5245C85-AC99-4C6A-B8F4-2E90271FE2BD}: NameServer = 134.169.168.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--------------------------------------------------------------

STEFAN - 06-09-17 11:19:17.34 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Protecus

((((((((((((((((((((((((((((((( Files Created from 2006-08-17 to 2006-09-17 ))))))))))))))))))))))))))))))))))


2006-09-11 11:18 1,080 --a------ C:\oxfkwtyo.bat
2006-09-11 10:54 1,080 --a------ C:\bjhtmoqi.bat
2006-09-08 13:58 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2006-09-08 13:58 73,216 --a------ C:\WINDOWS\ADE.DLL
2006-09-08 13:57 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2006-09-08 13:57 413,696 --a------ C:\WINDOWS\system32\PICSDK.dll
2006-09-08 13:57 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2006-09-08 13:56 79,654 --a------ C:\WINDOWS\system32\E_FLM9EE.DLL
2006-09-08 13:56 64,000 --a------ C:\WINDOWS\system32\E_FBCB9EE.DLL
2006-09-08 13:56 34,304 --a------ C:\WINDOWS\system32\E_FBCH9EE.DLL
2006-09-08 13:56 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2006-09-08 13:38 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2006-09-08 13:38 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2006-09-08 13:38 22,528 --a------ C:\WINDOWS\system32\esccmd.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-12 14:03 -------- d-------- C:\Programme\CleanUp!
2006-09-11 15:32 60416 --a------ C:\WINDOWS\system32\drivers\vrofdcbl.sys
2006-09-11 15:31 60416 --a------ C:\WINDOWS\system32\drivers\uuabkuqi.sys
2006-09-11 14:57 60416 --a------ C:\WINDOWS\system32\drivers\uiuowhvq.sys
2006-09-11 11:18 60416 --a------ C:\WINDOWS\system32\drivers\npdmonrk.sys
2006-09-11 10:54 60416 --a------ C:\WINDOWS\system32\drivers\aallywds.sys
2006-09-04 16:59 -------- d-------- C:\Programme\Executive Software
2006-09-04 16:28 -------- d-------- C:\Dokumente und Einstellungen\STEFAN\Anwendungsdaten\TuneUp Software
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-02 09:25 -------- d-------- C:\Dokumente und Einstellungen\STEFAN\Anwendungsdaten\Sun
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-25 14:54 668938 --a------ C:\WINDOWS\unins000.exe
2006-06-22 07:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 07:06 1441792 --a------ C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SENS Keyboard V4 Launcher"="\"C:\\Programme\\SAMSUNG\\SENS Keyboard V4 Launcher\\SENSKBD.EXE\""
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"KAVPersonal50"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize"
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"DiskeeperSystray"="\"C:\\Programme\\Executive Software\\Diskeeper\\DkIcon.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"EPSON Stylus CX6600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EE.EXE /P26 \"EPSON Stylus CX6600 Series\" /O6 \"USB002\" /M \"Stylus CX6600\""
"BO1HelperStartUp"="C:\\PROGRA~1\\BUTTER~1\\BO1HEL~1.EXE /partner BO1"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job

Completion time: 06-09-17 11:20:13.10
ComboFix.txt

-------------------------------------------------------------

datfindbat:

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 58A2-41F8

Verzeichnis von C:\WINDOWS\system32

06-09-17 11:14 1,158 wpa.dbl
06-09-17 08:38 231,984 FNTCACHE.DAT
06-09-11 19:37 8,960,936 MRT.exe
06-09-11 15:32 468 cbvlvydx.txt
06-08-21 14:26 16,896 fltlib.dll
06-08-21 11:14 23,040 fltmc.exe
06-08-02 09:23 7,006 jupdate-1.5.0_06-b05.log
06-07-28 13:28 3,075,072 mshtml.dll
06-07-27 15:25 679,424 inetcomm.dll
06-07-25 22:33 615,936 urlmon.dll
06-07-21 10:29 72,704 hlink.dll
06-07-14 17:38 332,288 netapi32.dll
06-07-14 17:25 546,304 hhctrl.ocx
06-07-13 15:34 8,494,592 shell32.dll
06-07-12 13:18 64,994 perfc007.dat
06-07-12 13:18 395,074 perfh007.dat
06-07-12 13:18 383,588 perfh009.dat
06-07-12 13:18 53,942 perfc009.dat
06-07-12 13:18 906,376 PerfStringBackup.INI
06-07-05 12:55 1,057,792 kernel32.dll
06-06-26 19:40 148,480 dnsapi.dll
06-06-26 19:40 8,192 rasadhlp.dll
06-06-23 13:10 146,432 msrating.dll
06-06-23 13:10 474,624 shlwapi.dll
06-06-23 13:10 39,424 pngfilt.dll
06-06-23 13:10 532,480 mstime.dll
06-06-23 13:10 448,512 mshtmled.dll
06-06-23 13:10 664,576 wininet.dll
06-06-23 13:10 1,494,016 shdocvw.dll
06-06-23 13:10 205,312 dxtrans.dll
06-06-23 13:10 1,056,256 danim.dll
06-06-23 13:10 1,022,976 browseui.dll
06-06-23 13:10 357,888 dxtmsft.dll
06-06-23 13:10 152,064 cdfview.dll
06-06-23 13:10 55,808 extmgr.dll
06-06-23 13:10 251,392 iepeers.dll
06-06-23 13:10 16,384 jsproxy.dll
06-06-23 13:10 96,768 inseng.dll
06-06-23 10:53 27,136 xpsp3res.dll
06-06-22 07:06 1,441,792 query.dll
06-06-22 07:06 69,120 ciodm.dll
06-06-19 16:20 702,768 WgaLogon.dll
06-06-19 16:19 571,184 LegitCheckControl.dll
06-06-19 16:19 304,944 WgaTray.exe
06-06-16 14:34 48,936 sirenacm.dll
06-06-01 20:47 27,648 jgpl400.dll
06-06-01 20:47 163,840 jgdw400.dll
06-05-19 15:09 112,128 dhcpcsvc.dll

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 58A2-41F8

Verzeichnis von C:\DOKUME~1\STEFAN\LOKALE~1\Temp

06-09-17 11:15 512 ~DF9CB3.tmp
06-09-17 11:15 49,152 ~DF9C65.tmp
2 Datei(en) 49,664 Bytes
0 Verzeichnis(se), 11,300,077,568 Bytes frei

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 58A2-41F8

Verzeichnis von C:\WINDOWS

06-09-17 11:13 0 0.log
06-09-17 11:13 159 wiadebug.log
06-09-17 11:12 2,048 bootstat.dat
06-09-17 11:12 1,653,082 WindowsUpdate.log
06-09-17 11:12 50 wiaservc.log
06-09-17 11:12 32,626 SchedLgU.Txt
06-09-17 11:12 12 bthservsdp.dat
06-09-17 09:19 329 System.ini
06-09-16 21:09 10,810 setupapi.log
06-09-16 17:57 54,156 QTFont.qfn
06-09-16 03:53 218,655 wmsetup.log
06-09-15 13:21 690,949 FaxSetup.log
06-09-15 13:21 35,157 msgsocm.log
06-09-15 13:21 109,433 iis6.log
06-09-15 13:21 352,017 ocgen.log
06-09-15 13:21 272,822 tsoc.log
06-09-15 13:21 145,797 ntdtcsetup.log
06-09-15 13:21 1,374 imsins.log
06-09-15 13:21 35,633 ocmsn.log
06-09-15 13:21 241,295 comsetup.log
06-09-15 13:21 12,194 KB920685.log
06-09-15 13:21 37,199 updspapi.log
06-09-15 13:21 13,028 KB920872.log
06-09-15 13:21 1,374 imsins.BAK
06-09-15 13:21 11,527 KB919007.log
06-09-15 13:21 7,770 KB922582.log
06-09-11 15:31 468 kxjmepnw.txt
06-09-11 15:24 218,009 setupact.log
06-09-11 15:23 141,212 ntbtlog.txt
06-09-11 10:54 1,466 jrofncdq.txt
06-09-08 14:04 12,862 EPISMG00.SWB
06-09-08 13:57 1,496,919 EPSTPLOG.TXT
06-09-08 13:56 1,051,947 setupapi.log.1.old
06-09-08 13:53 31 EPSMTL32.TXT
06-09-08 13:52 25 CDE CX6600FGD.ini
06-09-08 13:51 1,559 epsswt_log.txt
06-09-08 00:56 7,888 WgaNotify.log
06-09-07 01:57 1,409 QTFont.for
06-09-04 18:13 15,519 KB920214.log
06-09-04 18:13 15,511 KB922616.log
06-09-04 18:13 15,979 KB921398.log
06-09-04 18:12 19,287 KB918899.log
06-09-04 18:11 11,898 KB920670.log
06-09-04 18:11 12,055 KB917422.log
06-09-04 18:11 12,402 KB920683.log
06-08-09 14:02 11,168 KB921883.log
06-07-12 11:16 11,829 KB917159.log
06-07-12 11:15 12,342 KB914388.log
06-07-12 11:15 10,401 KB916595.log
06-06-25 14:54 1,212 unins000.dat
06-06-25 14:54 668,938 unins000.exe
06-06-17 20:01 3,040 mozver.dat
06-06-14 13:11 31,896 spupdsvc.log
06-06-14 11:20 11,907 KB917734.log
06-06-14 11:19 14,249 KB918439.log
06-06-14 11:18 14,605 KB917344.log
06-06-14 11:18 14,379 KB917953.log
06-06-14 11:18 14,359 KB911280.log
06-06-14 11:18 17,701 KB916281.log
06-06-14 11:17 11,610 KB914389.log
06-06-14 08:50 0 nsreg.dat
06-05-19 11:43 82,944 npigl.dll

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 58A2-41F8

Verzeichnis von C:\

06-09-17 11:24 0 sys.txt
06-09-17 11:23 12,912 system.txt
06-09-17 11:22 338 systemtemp.txt
06-09-17 11:22 95,487 system32.txt
06-09-17 11:12 526,897,152 hiberfil.sys
06-09-17 11:12 390,070,272 pagefile.sys
06-09-11 14:57 468 iqncsrsu.txt
06-09-11 11:18 1,080 oxfkwtyo.bat
06-09-11 10:54 1,080 bjhtmoqi.bat
Seitenanfang Seitenende
17.09.2006, 14:06
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Files to delete:
C:\WINDOWS\system32\cbvlvydx.txt
C:\WINDOWS\system32\drivers\vrofdcbl.sys
C:\WINDOWS\system32\drivers\uuabkuqi.sys
C:\WINDOWS\system32\drivers\uiuowhvq.sys
C:\WINDOWS\system32\drivers\npdmonrk.sys
C:\WINDOWS\system32\drivers\aallywds.sys
C:\iqncsrsu.txt
C:\oxfkwtyo.bat
C:\bjhtmoqi.bat
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

poste den report vom avenger, nach neustart

**
fixe mit dem HijackThis:

Zitat

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

O16 - DPF: RaptisoftGameLoader -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.09.2006, 14:20
olka
Member

Themenstarter

Beiträge: 15
#3 Hallo Sabina, Danke für die fixe Antwort!

Hier der Avenger-Report, das Fixen mit HijackThis hab ich auch gemacht.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\poutcodr

*******************

Script file located at: \??\C:\Program Files\xddhiwdx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\vrofdcbl.sys deleted successfully.
File C:\WINDOWS\system32\drivers\uuabkuqi.sys deleted successfully.
File C:\WINDOWS\system32\drivers\uiuowhvq.sys deleted successfully.
File C:\WINDOWS\system32\drivers\npdmonrk.sys deleted successfully.
File C:\WINDOWS\system32\drivers\aallywds.sys deleted successfully.
File C:\oxfkwtyo.bat deleted successfully.
File C:\bjhtmoqi.bat deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Seitenanfang Seitenende
17.09.2006, 14:25
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 nun stelle die Aufloesung noch mal neu ein und berichte, wie es laeuft
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.09.2006, 14:53
olka
Member

Themenstarter

Beiträge: 15
#5 Jetzt sieht alles wieder normal aus ;)
Danke für die schnelle Hilfe!

Jetzt hätte ich mal noch ne andere Frage:
Und zwar hab ich Spybot S&D bei mir drauf, nun kommt da ja immer mal wieder so eine Abfrage, ob man einen Wert/Änderung zulassen will oder nicht.
Woher weiß ich denn, was ich erlauben sollte und was besser nicht?
Oder muss man generell alles verbieten bzw. alles erlauben?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1