Unterstützung zur Beseitigung von Spyquake benötigt!Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
23.09.2006, 15:45
Ehrenmitglied
Beiträge: 29434 |
||
|
||
23.09.2006, 15:48
Member
Themenstarter Beiträge: 17 |
#17
Sabina in den TCP/IP einstellungen ist angeklickt IP und DNS automatisch beziehen oder suche ich am falschen ort?
fürs hijack O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Programme\X Password Manager\iesplugin.dll (file missing) O4 - HKLM\..\Run: [oeuai] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\tofareraci\systvmrs.exe O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll nicht mehr vorhanden jedenfalls eben nciht aber ich mach deinen edit jetzt! Dieser Beitrag wurde am 23.09.2006 um 15:53 Uhr von Rene09 editiert.
|
|
|
||
23.09.2006, 15:53
Ehrenmitglied
Beiträge: 29434 |
#18
Zitat TCP/IP einstellungen ist angeklickt IP und DNS automatisch beziehenja, das ist korrekt so, wenn du dann das neue Log vom HijackThis postest, sehe ich, ob die falsche Verbindung raus ist. poste auch das log vom avenger, nach dem neustart __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.09.2006, 16:06
Member
Themenstarter Beiträge: 17 |
#19
Virenscanner läuft hat auch shcon was gefunden hoffe er kanns auch beheben
hijacklog kommt gleich, avanger auch! |
|
|
||
23.09.2006, 16:07
Ehrenmitglied
Beiträge: 29434 |
#20
o.k. poste dann alles, also HijackThis-Log, Avenger-Log nach der Anwendung, und den report vom Virenscanner
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.09.2006, 16:46
Member
Themenstarter Beiträge: 17 |
#21
is gleich fertig sabina
er hängt bei Processing... (68 / 70) Currently cleaning: Adware.WeirWeb Action: Disinfect & Submit nochmal durchlaufen lassen? hier mal alle 3 logs Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\yhurmpqi ******************* Script file located at: \??\C:\apmbqfiv.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Programme\Internet Explorer\winbrume.dat not found! Deletion of file C:\Programme\Internet Explorer\winbrume.dat failed! Could not process line: C:\Programme\Internet Explorer\winbrume.dat Status: 0xc0000034 File C:\WINDOWS\system32\dmxlg.exe not found! Deletion of file C:\WINDOWS\system32\dmxlg.exe failed! Could not process line: C:\WINDOWS\system32\dmxlg.exe Status: 0xc0000034 File C:\WINDOWS\system32\stera.job not found! Deletion of file C:\WINDOWS\system32\stera.job failed! Could not process line: C:\WINDOWS\system32\stera.job Status: 0xc0000034 File C:\WINDOWS\system32\stera.log not found! Deletion of file C:\WINDOWS\system32\stera.log failed! Could not process line: C:\WINDOWS\system32\stera.log Status: 0xc0000034 File C:\WINDOWS\system32\drivers\vspf5.sys not found! Deletion of file C:\WINDOWS\system32\drivers\vspf5.sys failed! Could not process line: C:\WINDOWS\system32\drivers\vspf5.sys Status: 0xc0000034 File C:\WINDOWS\system32\drivers\vspf_hk5.sys not found! Deletion of file C:\WINDOWS\system32\drivers\vspf_hk5.sys failed! Could not process line: C:\WINDOWS\system32\drivers\vspf_hk5.sys Status: 0xc0000034 File C:\WINDOWS\system32\drivers\fopn.sys not found! Deletion of file C:\WINDOWS\system32\drivers\fopn.sys failed! Could not process line: C:\WINDOWS\system32\drivers\fopn.sys Status: 0xc0000034 File C:\WINDOWS\system32\av.cpl not found! Deletion of file C:\WINDOWS\system32\av.cpl failed! Could not process line: C:\WINDOWS\system32\av.cpl Status: 0xc0000034 Folder C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 not found! Deletion of folder C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 failed! Could not process line: C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinSoftware not found! Deletion of folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinSoftware failed! Could not process line: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinSoftware Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006 not found! Deletion of folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006 failed! Could not process line: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UnSpyPC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UnSpyPC failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpyQuake2.com not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpyQuake2.com failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Error Safe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Error Safe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\dmxlg.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\dmxlg.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\X Password Manager deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee2975b6-e8d5-405e-8448-8fe9590f6cfb} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2595f37-48d0-46a1-9b51-478591a97764} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WAVAutoPlay not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WAVAutoPlay failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Scanning Report Saturday, September 23, 2006 16:05:36 - 16:55:06 Computer name: PRIVAT Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ D:\ -------------------------------------------------------------------------------- Result: 70 malware found Adware.WeirWeb (spyware) System (Submitted) Backdoor.Win32.Hupigon.bxb (virus) C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC943\SPYHUNTERS[1].EXE (Renamed & Submitted) C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC928\FREE-SPYWARE-SCANNER-INSTALL[1].EXE (Renamed & Submitted) Constructor.Perl.Msdds.b (virus) C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC940\NEW[1].HTM (Renamed & Submitted) Exploit.JS.CVE-2005-1790.j (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\30D90774.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\30F35758.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4D4174B8.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\5B6445F1.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\7DA37575.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\7DAD736A.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\7E056109.HTM (Renamed & Submitted) Exploit.JS.CVE-2005-1790.u (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\2ECF31FD.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\2ED25BF9.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4B2C58C5.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4B2F02C1.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4B4628A8.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4D6F09FB.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\5AF139B5.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\6E7B4BBE.HTM (Renamed & Submitted) Exploit.JS.CVE-2006-1359.b (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0BDB682A.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\28C43E66.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\28E80C3F.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\3D905C0B.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\42CD0597.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\54827E35.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\58D67A50.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\6FBD00D5.HTM (Renamed & Submitted) Exploit.JS.CVE-2006-1359.r (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\14196C7C.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\51EA1157.HTM (Renamed & Submitted) Exploit.VBS.Phel.i (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\2B17115C.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\2B17115C.HTML (Renamed & Submitted) Spyagent (spyware) System Tracking Cookie (spyware) System (Disinfected) System System Trojan-Clicker.HTML.IFrame.g (virus) C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC943\INDEX[8].HTM (Renamed & Submitted) Trojan-Clicker.Win32.Small.kg (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\16F32C4F.EXE (Renamed & Submitted) Trojan-Downloader.JS.Agent.ab (virus) C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC930\MOVIEDAILY4.PORNZONEHOST[1].HTM (Renamed & Submitted) Trojan-Downloader.JS.Small.cr (virus) C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC937\IE0606[1].HTM (Renamed & Submitted) Trojan-Downloader.Win32.Agent.alr (virus) C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC947\ERRORSAFESCANNERINSTALL_DE[1].EXE (Renamed) Trojan-Downloader.Win32.Agent.uj (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34626E05.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Mediket.ce (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\116A2185 (Renamed & Submitted) Trojan.Win32.DNSChanger.ah (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4BE31936 (Renamed & Submitted) Trojan.Win32.DNSChanger.dl (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\59D805DB (Renamed & Submitted) Trojan.Win32.Dialer.on (virus) C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC937\AUTO_164N[1].EXE (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0E9425B0 (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0E974FAD (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0E9A79A9 (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0EA14DA2 (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0EA4779E (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0EA8219B (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\33F7004B (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\33FD5443 (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34017E40 (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34075239 (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\340B7C35 (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\3411502E (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34147A2A (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34182427 (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\341B4E23 (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\3421221C (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34254C18 (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\342B2011 (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\342E4A0E (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\3432740A (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34384803 (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\343C71FF (Renamed & Submitted) Trojan.Win32.Small.fb (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4B6B5EB9.EXE (Renamed & Submitted) not-virus:Hoax.Win32.Renos.dw (virus) C:\WINDOWS\SYSTEM32\MZOEUT.DLL (Submitted) not-virus:Hoax.Win32.Renos.dy (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\1C6A690B.EXE (Submitted) -------------------------------------------------------------------------------- Statistics Scanned: Files: 18528 System: 3274 Not scanned: 9 Actions: Disinfected: 1 Renamed: 63 Deleted: 0 None: 6 Submitted: 65 Files not scanned: C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{1E8EDD76-7608-4D97-B34E-CC2C76D17DD3}.BIN C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\155547844DE2AA39E0CA5CB2059909EC_D880B566-8522-4DCD-A0A6-F4F2ACAFAC47 C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D8A5CDD0D3634C16FE7911E68D3BD56_D880B566-8522-4DCD-A0A6-F4F2ACAFAC47 C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C5CEDAC574380A4935C25E1FB347527_D880B566-8522-4DCD-A0A6-F4F2ACAFAC47 C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\993919816D15B39468666563A0446D67_D880B566-8522-4DCD-A0A6-F4F2ACAFAC47 C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD842C63E733E16F80E79B4D7DFFEC38_D880B566-8522-4DCD-A0A6-F4F2ACAFAC47 C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D063DD4F546BB0315967996E8C219E72_D880B566-8522-4DCD-A0A6-F4F2ACAFAC47 -------------------------------------------------------------------------------- Options Scanning engines: F-Secure AVP: 6.0.171, 2006-09-22 F-Secure Libra: 2.4.1, 2006-09-22 F-Secure Orion: 1.2.37, 2006-09-21 F-Secure Blacklight: 1.0.31, 0000-00-00 F-Secure Pegasus: 1.19.0, 2006-08-14 F-Secure Draco: 1.0.35, 2006-09-19 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX Use Advanced heuristics -------------------------------------------------------------------------------- Copyright © 1998-2006 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. Logfile of HijackThis v1.99.1 Scan saved at 16:56:31, on 23.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\DOKUME~1\Besitzer\LOKALE~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe C:\DOKUME~1\Besitzer\LOKALE~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140015621125 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144775455281 O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe Dieser Beitrag wurde am 23.09.2006 um 16:54 Uhr von Rene09 editiert.
|
|
|
||
23.09.2006, 17:16
Ehrenmitglied
Beiträge: 29434 |
#22
1.
leere den Papierkorb 2. scanne und poste den report http://virus-protect.org/artikel/tools/superantispyware.html 3. scanne mit panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.09.2006, 18:16
Member
Themenstarter Beiträge: 17 |
#23
SUPERAntiSpyware Scan Log
Generated 09/23/2006 at 05:42 PM Core Rules Database Version : 3090 Trace Rules Database Version: 1119 Memory Thread detected : 0 Registry Thread detected : 56 File Thread detected : 5 Adware.Tracking Cookie C:\Dokumente und Einstellungen\Besitzer\Cookies\besitzer@msnportal.112.2o7[1].txt Trojan.WinAntiSpyware/WinAntiVirus 2006 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000\LogConf HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000\LogConf HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000\Control HKLM\SYSTEM\CurrentControlSet\Services\vspf HKLM\SYSTEM\CurrentControlSet\Services\vspf#Type HKLM\SYSTEM\CurrentControlSet\Services\vspf#Start HKLM\SYSTEM\CurrentControlSet\Services\vspf#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\vspf#Tag HKLM\SYSTEM\CurrentControlSet\Services\vspf#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\vspf#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\vspf#Group HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnService HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnGroup HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#NextInstance HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#INITSTARTFAILED HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Type HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Start HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Tag HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Group HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#NextInstance HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#INITSTARTFAILED Adware.MovieLand/MediaPipe C:\Programme\fsupport\notifier.exe Dialer.Yes Limited C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\Dc941\close[1].exe Trojan.ErrorSafe C:\WINDOWS\system32\ErrorSafeSetup.exe Trojan.SpyFalcon C:\WINDOWS\system32\mzoeut.dll Incident Status Location Adware:adware/intcodec Not disinfected Windows Registry Dialer:dialer.min Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF} Potentially unwanted tool:application/seekmo Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} Adware:adware/vog Not disinfected Windows Registry Potentially unwanted tool:application/mediapipe Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3E19860-0CD5-4991-A066-4FCA2704DE59} Adware:adware/sbsoft Not disinfected Windows Registry Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Programme\Common Files\Companion Wizard\WapCHK.dll Adware:Adware/SpywareQuake Not disinfected C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\Dc1385.tmp Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\Dc947\ERRORSAFESCANNERINSTALL_DE[1].0XE Potentially unwanted tool:Application/Processor Not disinfected C:\Verseuchungsbehebung\SmitfraudFix.zip[SmitfraudFix/Process.exe] Potentially unwanted tool:Application/Processor Not disinfected E:\SmitfraudFix.zip[SmitfraudFix/Process.exe] hier nochmal nur die locations vom panda scan: A Windows Registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} Windows Registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3E19860-0CD5-4991-A066-4FCA2704DE59} Windows Registry C:\Programme\Common Files\Companion Wizard\WapCHK.dll C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\Dc1385.tmp C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\Dc947\ERRORSAFESCANNERINSTALL_DE[1].0XE C:\Verseuchungsbehebung\SmitfraudFix.zip[SmitfraudFix/Process.exe] E:\SmitfraudFix.zip[SmitfraudFix/Process.exe] |
|
|
||
23.09.2006, 18:59
Ehrenmitglied
Beiträge: 29434 |
#24
1.
leere den Papierkorb 2. Avenger Zitat registry keys to delete:poste den report vom avenger __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.09.2006, 09:12
Member
Themenstarter Beiträge: 17 |
#25
//////////////////////////////////////////
Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 1813 Line: HKEY_CURRENT_USER\Software\ErrorSafe Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 1813 Line: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF} Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 1813 Line: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 1813 Line: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3E19860-0CD5-4991-A066-4FCA2704DE59} ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ghrbxikp ******************* Script file located at: \??\C:\WINDOWS\system32\scsualls.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Status: 0xc0000034 File C:\Windows\System32\drivers\erssdd.sys not found! Deletion of file C:\Windows\System32\drivers\erssdd.sys failed! Could not process line: C:\Windows\System32\drivers\erssdd.sys Status: 0xc0000034 Folder C:\Programme\fsupport deleted successfully. Folder C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500 deleted successfully. Folder C:\Programme\Common Files\Companion Wizard deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
25.09.2006, 09:54
Ehrenmitglied
Beiträge: 29434 |
#26
gehe in die Registry
Start - Ausfuehren - regedit bearbeiten - suchen {DB893839-10F0-4AF9-92FA-B23528F530AF} {5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} {B3E19860-0CD5-4991-A066-4FCA2704DE59} loesche diese Eintraege HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3E19860-0CD5-4991-A066-4FCA2704DE59} «« PC neustarten «« loesche das backup vom Avenger unter c:\ Avenger\backup.zip «« scanne noch mal mit panda «« poste das neue Log vom HijackTHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.09.2006, 15:49
Member
Themenstarter Beiträge: 17 |
#27
Incident Status Location
Adware:adware/intcodec Not disinfected Windows Registry Adware:adware/vog Not disinfected Windows Registry Adware:adware/sbsoft Not disinfected Windows Registry Potentially unwanted tool:Application/Processor Not disinfected C:\Verseuchungsbehebung\SmitfraudFix.zip[SmitfraudFix/Process.exe] Logfile of HijackThis v1.99.1 Scan saved at 15:50:36, on 25.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\Programme\Norton AntiVirus\SAVScan.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\DT\Sinus 154 stick\Wifiusb.exe C:\Programme\Messenger\msmsgs.exe C:\DOKUME~1\Besitzer\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [CompanionWizard] "C:\Programme\Common Files\Companion Wizard\compwiz.exe" /silent O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - Global Startup: Sinus 154 stick WLAN Manager.lnk = C:\Programme\DT\Sinus 154 stick\Wifiusb.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140015621125 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144775455281 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O20 - Winlogon Notify: SASWinLogon - C:\Verseuchungsbehebung\SASW\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe |
|
|
||
25.09.2006, 15:51
Ehrenmitglied
Beiträge: 29434 |
#28
Rene09
«« spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen PC neustarten an die anderen Registry-Eintraege komme ich nicht ran, mit denen musst du leben.... «« wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner http://virus-protect.org/reinigungstoolsregistry.html dann sollte alles wieder mehr oder weniger in Ordnung sein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.09.2006, 16:49
Member
Themenstarter Beiträge: 17 |
#29
Gut ok
Ich danke dir recht herzlich! Um deine Arbeit zu belohnen werde ich dir nach Erhalt des Rechunngsbetrages einen Teil davon zukommen lassen! Bist du mit 25€ einverstanden? Frage nebenbei wo lernt man das was du hier machst? Welchen Beruf übst du aus bzw hast du mal gelernt? mfg René |
|
|
||
25.09.2006, 17:42
Ehrenmitglied
Beiträge: 29434 |
#30
ich bin Mod bei Protecus, aber beruflich nicht im IT-Bereich taetig.
was die andere Frage betrifft: klar, einverstanden und freu ------ fixe noch (ich hatte es uebersehen) O4 - HKLM\..\Run: [CompanionWizard] "C:\Programme\Common Files\Companion Wizard\compwiz.exe" /silent ** dann installiere http://virus-protect.org/artikel/tools/sandboxie.html und erklaere dem PC-Besitzer, dass er immer nur ueber die Sandboxie surfen soll __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
__________
MfG Sabina
rund um die PC-Sicherheit