Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How to delte red button "Your computer is infected [RESOLVED]


  • This topic is locked This topic is locked

#1
Gatirxx2k

Gatirxx2k

    New Member

  • Member
  • Pip
  • 4 posts
Hi there,
At the beginning I want to apologize for my english. I know it is not very well. But there is no other forum as good like this for my problem.
I also have the red butten that says: "Your computer is infected!" and it wants me to download antivirus gold. Can you please help me to remove it.

Hijack This gave me this list:

Logfile of HijackThis v1.99.1
Scan saved at 12:21:37, on 15.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msole32.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\HHVcdV5Sys\VC5Play.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hookdump.exe
C:\Programme\Virtual CD v5\System\VC5Tray.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\HHVcdV5Sys\VC5SecS.exe
C:\Programme\Avant Browser\iexplore.exe
C:\Dokumente und Einstellungen\Gatrixx2k\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - C:\Programme\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Hervorheben - C:\Programme\Avant Browser\Highlight.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Suchen - C:\Programme\Avant Browser\Search.htm
O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - C:\Programme\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - C:\Programme\Avant Browser\OpenAllLinks.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Preispiraten 2.1.3 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq....yssey_web11.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/d...ionale_ver4.CAB
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://tamaltv.intru...ayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF1AC7C-10DB-4CAF-9EC0-A4544EE22839}: NameServer = 217.237.149.161,192.168.10.1
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Programme\HHVcdV5Sys\VC5SecS.exe
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:

O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe

O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe

O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/d...ionale_ver4.CAB


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.

Regards,
  • 0

#3
Gatirxx2k

Gatirxx2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you so much!
It is gone!
I love this forum.

The logs now:

Panda:


Incident Status Location

Adware:adware/popuper No disinfected C:\DOKUMENTE UND EINSTELLUNGEN\GATRIXX2K\FAVORITEN\Black Jack Online.url
Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Virus:Trj/Downloader.BQB Disinfected Persnliche Ordner\Gelschte Objekte\Kontostand\spiel.zip[spiel.exe]


Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 19:28:44, on 15.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\HHVcdV5Sys\VC5Play.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Virtual CD v5\System\VC5Tray.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Avant Browser\iexplore.exe
C:\Dokumente und Einstellungen\Gatrixx2k\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - C:\Programme\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Hervorheben - C:\Programme\Avant Browser\Highlight.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Suchen - C:\Programme\Avant Browser\Search.htm
O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - C:\Programme\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - C:\Programme\Avant Browser\OpenAllLinks.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Preispiraten 2.1.3 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq....yssey_web11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://tamaltv.intru...ayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF1AC7C-10DB-4CAF-9EC0-A4544EE22839}: NameServer = 217.237.149.161,192.168.10.1
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Programme\HHVcdV5Sys\VC5SecS.exe

smitfiles:



Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

hookdump.exe
ole32vbs.exe
msole32.exe
hp***.tmp
intmon.exe
hhk.dll
logfiles


~~~ Windows directory ~~~

screen.html
sites.ini
popuper.exe


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN!


Ewido:

+ Erstellt am: 16:28:21, 15.07.2005
+ Report-Checksumme: F5E2E6A3

+ Scanergebnis:

HKLM\SOFTWARE\Classes\Interface\{12E919BC-C70F-432B-B831-1180DE734505} -> Dialer.Generic : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25} -> Dialer.Generic : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\TypeLib\{795EB484-BD6D-4125-93DB-D6FF015325E9} -> Dialer.Generic : Gesäubert mit Backup
:mozilla.7:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup
:mozilla.10:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup
:mozilla.15:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup
:mozilla.18:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
:mozilla.27:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
:mozilla.28:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
:mozilla.29:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
:mozilla.30:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
:mozilla.31:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
:mozilla.34:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Pointroll : Gesäubert mit Backup
:mozilla.35:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Pointroll : Gesäubert mit Backup
:mozilla.36:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Pointroll : Gesäubert mit Backup
:mozilla.37:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Adtech : Gesäubert mit Backup
:mozilla.38:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Adtech : Gesäubert mit Backup
:mozilla.39:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Adtech : Gesäubert mit Backup
:mozilla.40:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Adtech : Gesäubert mit Backup
:mozilla.41:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Adtech : Gesäubert mit Backup
:mozilla.42:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Adtech : Gesäubert mit Backup
:mozilla.103:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Valuead : Gesäubert mit Backup
:mozilla.104:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Valuead : Gesäubert mit Backup
:mozilla.105:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Valuead : Gesäubert mit Backup
:mozilla.106:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Valuead : Gesäubert mit Backup
:mozilla.107:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Valuead : Gesäubert mit Backup
:mozilla.114:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.115:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.116:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.117:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.127:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Gesäubert mit Backup
:mozilla.128:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Gesäubert mit Backup
:mozilla.141:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Adserver : Gesäubert mit Backup
:mozilla.162:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.163:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.164:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.166:C:\Dokumente und Einstellungen\Gatrixx2k\Anwendungsdaten\Mozilla\Firefox\Profiles\oyoilzvw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Gatrixx2k\Cookies\gatrixx2k@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\Programme\Atari\Act of War - Direct Action\ACT.OF.WAR.DA.V1.0.ENG.RELOADED.NOCD.ZIP/ACTOFWAR.EXE -> Heuristic.Win32.Backdoor.IrcBot : Gesäubert mit Backup
C:\Programme\Atari\Act of War - Direct Action\ACTOFWAR.EXE -> Heuristic.Win32.Backdoor.IrcBot : Gesäubert mit Backup
D:\Dateien\Downloads\spiele\ACT.OF.WAR.DA.V1.0.ENG.RELOADED.NOCD.ZIP/ACTOFWAR.EXE -> Heuristic.Win32.Backdoor.IrcBot : Gesäubert mit Backup
D:\Dateien\Jörg\Pressewart\5-2-27-55.exe -> Heuristic.Win32.Dialer : Gesäubert mit Backup


::Report Ende
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Good job.

Panda found something interesting:
http://securityrespo...rchpounder.html

Copy the part in bold below into notepad and save it as searchporem.reg
Set Filetype to "all files"

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Monitor for Windows 98/NT/XP/2000/2003_is1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InetCtls.Inet]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InetCtls.Inet.1]



Doubleclick that file and confirm you want to merge it with the registry.

Then in IE click Tools > Internet Options > on the General Tab click Delete Files and put a checkmark in the Include Offline Content box.

Then you will need to remove the unwanted entries in your favorites.

Reboot when you are done and post a new HijackThis log.

Regards,
  • 0

#5
Gatirxx2k

Gatirxx2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 20:59:05, on 15.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\HHVcdV5Sys\VC5Play.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Virtual CD v5\System\VC5Tray.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\HHVcdV5Sys\VC5SecS.exe
C:\Dokumente und Einstellungen\Gatrixx2k\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - C:\Programme\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Hervorheben - C:\Programme\Avant Browser\Highlight.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Suchen - C:\Programme\Avant Browser\Search.htm
O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - C:\Programme\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - C:\Programme\Avant Browser\OpenAllLinks.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Preispiraten 2.1.3 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq....yssey_web11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://tamaltv.intru...ayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF1AC7C-10DB-4CAF-9EC0-A4544EE22839}: NameServer = 217.237.149.161,192.168.10.1
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Programme\HHVcdV5Sys\VC5SecS.exe
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Excellent. :tazz:

That is a clean log. Is your computer behaving as it should?

Please do have a look at my site about removing and preventing spyware.

Regards,
  • 0

#7
Gatirxx2k

Gatirxx2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Yes it is all fine.
Thank you again.
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Gruß,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP