Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Speicherplatz verringert sich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.08.2006, 13:27   #1
vincewega
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



Hallo,
bei mir verringert sich der Speicherplatz ausschließlich auf Laufwerk C ganz immens. Aufgefallen ist mir dies nach einem Windows Update. Ob die Verringerung damit zu tun hat, keine Ahnung??? Ich habe mal das hijackthis.log beigefügt. Wäre nett, wenn jemand darüber schauen könnte....

Danke!

Logfile of HijackThis v1.99.1
Scan saved at 14:01:30, on 13.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\baywotch3\bayWotch.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Dokumente und Einstellungen\SRO\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E4BEDEA-DBD7-4253-82B7-5F7B240821BF} - C:\WINDOWS\system32\psnpqagn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LBTServ - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc .exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

Alt 13.08.2006, 13:30   #2
Mellosun
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



Zitat:

Prüfe ausserdem folgende Datei bei Jotti und Virustotal. Link in meiner SIG. Ergebnis im neuen Thread mitteilen:

C:\WINDOWS\system32\psnpqagn.dll


Gruß Mellosun
__________________

__________________

Alt 13.08.2006, 13:36   #3
vincewega
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



Hi Mellosun,

anbei das Ergebnis von Jottis. Bezieht sich das nur auf die hochgeladene Datei oder war das jetzt ein gesamter System Scan?

Dienst
Datei: psnpqagn.dll
Auslastung:
0% 100%
Status:
INFIZIERT/MALWARE
Entdeckte Packprogramme:
UPX

AntiVir
Adware-Spyware/Stud.A.1 adware gefunden
ArcaVir
Keine Viren gefunden
Avast
Win32:Spyware-gen. gefunden
AVG Antivirus
Generic.LRH gefunden
BitDefender
Trojan.Downloader.Agent.RG gefunden
ClamAV
Keine Viren gefunden
Dr.Web
Trojan.DownLoader.6588 gefunden
F-Prot Antivirus
Keine Viren gefunden
Fortinet
W32/Small.CGU!tr gefunden
Kaspersky Anti-Virus
not-a-virus:AdWare.Win32.Stud.a gefunden
NOD32
Win32/Adware.BHO.AA application gefunden
Norman Virus Control
W32/Stud.B gefunden
UNA
Adware.Stud gefunden
VirusBuster
Keine Viren gefunden
VBA32
Trojan-Downloader.Agent.49 gefunden (mögliche Variante)
__________________

Alt 13.08.2006, 13:37   #4
Rene-gad
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



Zitat:
Zitat von Mellosun
Ergebnis im neuen Thread mitteilen
Warum?
@vincewega
Bitte Ergebnisse hier und nirgendwo anders posten . Du kannst noch ein neues Tool ausprobieren. Folge dem Link AVZ4.19 in meiner Signatur. Da bin ich echt gespannt .

Alt 13.08.2006, 13:40   #5
vincewega
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



das Ergebnis von "Virus Total"

Complete scanning result of "psnpqagn.dll", received in VirusTotal at 08.13.2006, 14:30:13 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 08.13.2006 ADSPY/Stud.A.1
Authentium 4.93.8 08.13.2006 no virus found
Avast 4.7.844.0 08.10.2006 Win32:Spyware-gen.
AVG 386 08.11.2006 Adware Generic.LRH
BitDefender 7.2 08.13.2006 Trojan.Downloader.Agent.RG
CAT-QuickHeal 8.00 08.12.2006 no virus found
ClamAV devel-20060426 08.13.2006 no virus found
DrWeb 4.33 08.13.2006 Trojan.DownLoader.6588
eTrust-InoculateIT 23.72.94 08.12.2006 no virus found
eTrust-Vet 30.3.3016 08.13.2006 no virus found
Ewido 4.0 08.13.2006 Downloader.Small.cgu
Fortinet 2.77.0.0 08.12.2006 W32/Small.CGU!tr
F-Prot 3.16f 08.13.2006 no virus found
F-Prot4 4.2.1.29 08.13.2006 no virus found
Ikarus 0.2.65.0 08.11.2006 AdWare.Stud.A
Kaspersky 4.0.2.24 08.13.2006 not-a-virus:AdWare.Win32.Stud.a
McAfee 4827 08.11.2006 potentially unwanted program Adware-KeenValue
Microsoft 1.1508 08.04.2006 no virus found
NOD32v2 1.1704 08.11.2006 Win32/Adware.BHO.AA
Norman 5.90.23 08.11.2006 W32/Stud.B
Panda 9.0.0.4 08.13.2006 Adware/KeenValue
Sophos 4.08.0 08.13.2006 no virus found
Symantec 8.0 08.13.2006 no virus found
TheHacker 5.9.8.191 08.13.2006 Adware/Stud.a
UNA 1.83 08.11.2006 Adware.Stud.326A
VBA32 3.11.0 08.13.2006 suspected of Trojan-Downloader.Agent.49
VirusBuster 4.3.7:9 08.12.2006 no virus found

Aditional Information
File size: 36183 bytes
MD5: c5553d29e900e18a3dd86ea104adeece
SHA1: 89c722d462612b2c6f0e9f80149275491c13d6c0
packers: UPX


Alt 13.08.2006, 13:50   #6
Mellosun
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



@Rene-gad

Zitat:
Zitat von Rene-gad
Warum?
War ein Zitat aus einem anderen Thread....sorry, hätte ich vieleicht ändern sollen!

@vincewega

So, mache mal bitte folgendes:
Lade Dir CCleaner hier und führe es aus.
Lade bitte Ewido hier und führe es aus!

Poste dannach bitte ein neuest Hijacktis LOG und berichte und poste das Log von Ewido!


Gruß Mellosun
__________________
--> Speicherplatz verringert sich

Alt 13.08.2006, 14:23   #7
vincewega
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



Das AVZ Utility läuft noch und ich glaube, da wird was interessantes unter dem schreibgeschützten Ordner C:\System Volume Information\_restore heraus kommen. Ich melde mich, sobald ich das Ergebnis habe...

Alt 13.08.2006, 15:31   #8
vincewega
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



das Tool hat sich irgendwie aufgehangen. Ich weiß jetzt aber, dass sich der verlorene Speicherplatz im Ordner "System Volume Informations" liegt. Kann mir jemand sagen ob ich den Ordner löschen kann?

Alt 13.08.2006, 15:37   #9
Mellosun
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



Nee, den kannste net löschen.
Ist die Systemwiederherstellung.
Diese mal Deaktivieren, PC Neustarten und dann sollte es funzen!


Gruß Mellosun

Alt 13.08.2006, 15:41   #10
vincewega
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



Die Systemwiederherstellung habe ich schon lange deaktiviert....?? Verstehe daher auch nicht weshalb der Ordner so groß ist, werde mal das Ergebnis des neuen Scans abwarten.

Alt 13.08.2006, 21:30   #11
vincewega
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



so, anbei das avt logfile:

Attention !!! The database was last updated 28.07.2006 - it is necessary to update the bases using automatic updates (File/Database update)
Log of the AVZ antivirus utility version 4.19
Scanning started at 13.08.2006 16:27:52
Database loaded 30947 signatures, 2 NN profile, 55 ìèêðîïðîãðàìì cure, AV base from 28.07.2006 16:10
Heuristics microprograms loaded : 359
Digital signatures of system files loaded: 51032
Heuristic analyzer mode Maximum heuristics level
Cure mode: enabled
1. Searching for rootkits and programs that intercept API functions
1.1 Searching for user-mode API hooks
Analysis kernel32.dll, export table found in section .text
Function kernel32.dll:LoadLibraryA (578) intercepted, method ProcAddressHijack.GetProcAddress ->7C882FC4<>7C801D77
Hook kernel32.dll:LoadLibraryA (578) neutralized
>>> Functions LoadLibraryA - vaccination of the process by AVZ against interception by address replacement !!)
Function kernel32.dll:LoadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C882FD3<>7C801D4F
Hook kernel32.dll:LoadLibraryExA (579) neutralized
>>> Functions LoadLibraryExA - vaccination of the process by AVZ against interception by address replacement !!)
Function kernel32.dll:LoadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C882FF1<>7C801AF1
Hook kernel32.dll:LoadLibraryExW (580) neutralized
Function kernel32.dll:LoadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C882FE2<>7C80AE4B
Hook kernel32.dll:LoadLibraryW (581) neutralized
Analysis ntdll.dll, export table found in section .text
Analysis user32.dll, export table found in section .text
Analysis advapi32.dll, export table found in section .text
Analysis ws2_32.dll, export table found in section .text
Analysis wininet.dll, export table found in section .text
Analysis rasapi32.dll, export table found in section .text
Analysis urlmon.dll, export table found in section .text
Analysis netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Error loading the driver - check interrupted [C0000035]
2. Scanning the memory
Processes found: 29
Analyzer - the process is under analysis 2004 C:\WINDOWS\system32\oodag.exe
[ES]:Possibly Malware, neural evaluation = 5000
[ES]:Contains networking functionality
[ES]:Listens TCP ports !
[ES]:Application has no visible windows
[ES]:EXE packer ?
[ES]:Located in the system folder
[ES]:Loads RASAPI DLL - most likely uses dialing?
Analyzer - the process is under analysis 2320 C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
[ES]:Possibly Malware, neural evaluation = 5000
[ES]:Application has no visible windows
[ES]:Registered in autorun !!
Analyzer - the process is under analysis 2648 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
[ES]:Possibly Malware, neural evaluation = 5000
[ES]:Contains networking functionality
[ES]:Listens TCP ports !
[ES]:Application has no visible windows
Analyzer - the process is under analysis 2740 C:\Programme\Logitech\SetPoint\SetPoint.exe
[ES]:Possibly Malware, neural evaluation = 5000
[ES]:Contains networking functionality
[ES]:Application has no visible windows
[ES]:Registered in autorun !!
Modules loaded: 406
Memory check completed
3. Scanning disks
C:\Programme\Symantec\Norton PartitionMagic 8.0\RESCUEME\DOSYSTEM\COMMAND.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\Programme\Symantec\Norton PartitionMagic 8.0\RESCUEME\DOSYSTEM\FDISK.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\Programme\Symantec\Norton PartitionMagic 8.0\RESCUEME\DOSYSTEM\KEYB.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\Programme\Symantec\Norton PartitionMagic 8.0\RESCUEME\DOSYSTEM\MODE.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\Programme\WinRAR\RAR.exe.bak - PE file with nonstandard extension(level of danger 5%)
C:\Programme\WinRAR\WinRAR.exe.bak - PE file with nonstandard extension(level of danger 5%)
C:\Programme\WS_FTP\ftpscrpt.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP121\A0229750.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP121\A0231079.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0234458.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0235125.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0235127.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0239959.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0243914.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0245721.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0043B2E3 0027FAA8 0005C758 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0245724.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0045EE31 0027FAA8 000F1EA7 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0245726.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0044C509 0027FAA8 000F2833 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0245728.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 00455D6E 0027FAA8 000F419D 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0245729.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0042F5E3 0027FAA8 0008CFEC 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0247771.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0042F5E3 0027FAA8 0008CFEC 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0247772.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 00455D6E 0027FAA8 000F419D 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0247774.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0044C509 0027FAA8 000F2833 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0247776.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0045EE31 0027FAA8 000F1EA7 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0247779.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0043B2E3 0027FAA8 0005C758 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0248358.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0043B2E3 0027FAA8 0005C758 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0248361.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0045EE31 0027FAA8 000F1EA7 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0248363.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0044C509 0027FAA8 000F2833 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0248365.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 00455D6E 0027FAA8 000F419D 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0248366.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0042F5E3 0027FAA8 0008CFEC 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0250932.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0043B2E3 0027FAA8 0005C758 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0250935.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0045EE31 0027FAA8 000F1EA7 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0250937.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0044C509 0027FAA8 000F2833 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0250939.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 00455D6E 0027FAA8 000F419D 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0250940.exe >>> suspicion for Trojan-Downloader.Win32.VB.agd ( 0042F5E3 0027FAA8 0008CFEC 00000000 16384)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0260253.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0261280.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0261286.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0261293.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0261295.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0261899.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0274670.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0275661.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0275667.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0275674.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0275676.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0276286.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0283316.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0283375.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0283406.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0284974.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0294354.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0294360.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0294367.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0294369.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0294607.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0309049.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0309051.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0309058.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0309060.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0309187.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0329310.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0340798.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0341137.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0341139.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0341146.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0341148.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0341282.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0349231.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0349463.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0349465.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0349472.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0349474.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0349659.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0361089.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0361094.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0377965.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0377971.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0377978.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0377980.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0378200.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0391709.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0391715.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0391722.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0391724.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0391948.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0406330.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0406336.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0406343.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0406345.COM - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0406548.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors have been detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\Programme\Logitech\SetPoint\lgscroll.dll --> Suspicion for a Keylogger or Trojan DLL
C:\Programme\Logitech\SetPoint\lgscroll.dll>>> Behavioral analysis:
1. Reacts to events: keyboard, window events, all events
C:\Programme\Logitech\SetPoint\lgscroll.dll>>> Neural network: file with probability 50,00% appears like a typical keyboard/mouse events trap
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hook DLLs
6. Searching for opened TCP/UDP ports used by malicious programs
In the database 319 port description
Opened on this PC 12 TCP ports and 15 UDP ports
Check completed, no suspicious objects detected
7. Heuristic system check
Check completed
Files scanned: 226802, extracted from archives: 0, malicious programs found 0
Scanning terminated at 13.08.2006 17:58:50
Scanning lasted 01:30:59
Autoquarantine is executed
Autoquarantine completed
Creating the arhive of files from the quarantine
Creating the arhive of files from the quarantine is completed
Standard script is executed: Update databases with automatic settings
Starting automatic update
Update parameters:Use Internet Explorer settings
Automatic update completed successfully
AV databases (according to IE settings) updated successfully

Alt 13.08.2006, 21:41   #12
vincewega
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



und jetzt das hijacklog nach der säuberung durch cc:

Logfile of HijackThis v1.99.1
Scan saved at 22:39:12, on 13.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\DOKUME~1\SRO\LOKALE~1\Temp\Rar$EX00.235\avz4\avz.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programme\ewido anti-spyware 4.0\ewido.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Dokumente und Einstellungen\SRO\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E4BEDEA-DBD7-4253-82B7-5F7B240821BF} - C:\WINDOWS\system32\psnpqagn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LBTServ - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

Alt 14.08.2006, 06:24   #13
Rene-gad
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



@vincewega
Warum bist du der Anleitung zum AVZ nicht nachgegangen?
Zitat:
The database was last updated 28.07.2006
Du hast weder Scripts aktiviert
Zitat:
C:\System Volume Information\_restore{F8945977-F963-4DA5-928D-30A311096A0C}\RP123\A0235125.COM
noch Systemwiederherstellung abgestellt.

Alt 14.08.2006, 07:30   #14
vincewega
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



Guten Morgen,

ich bin der Anleitung genau gefolgt und habe auch alle Scripte, wie auf deiner Seite angegeben, angehakt.....??? Ich werde die Einstellungen gleich prüfen und lass die Prüfroutine nochmal laufen.

Alt 14.08.2006, 07:34   #15
Rene-gad
 
Speicherplatz verringert sich - Standard

Speicherplatz verringert sich



@vincewega
Zitat:
ich bin der Anleitung genau gefolgt und habe auch alle Scripte, wie auf deiner Seite angegeben, angehakt.
Mache bitte dann das Signaturenupdate manuell: File/On-line automatic update/Start. Vllt. ist der Update-Script fehlgeschlagen.

Antwort

Themen zu Speicherplatz verringert sich
adobe, bho, dateien, desktop, dsl, einstellungen, explorer, firefox, helper, hijack, internet, internet explorer, kaspersky, keine ahnung, konvertieren, laufwerk c, microsoft, mozilla, mozilla firefox, nvidia, pdf, pdf-datei, programme, server, software, speicherplatz, system, windows, windows xp, yahoo



Ähnliche Themen: Speicherplatz verringert sich


  1. Downloadgeschwindigkeit plötzlich deutlich verringert.
    Plagegeister aller Art und deren Bekämpfung - 04.10.2015 (10)
  2. Festplatte füllt sich selbstständig nach dem Hochfahren, Speicherplatz grundlos auf allen Partitionen immer wieder voll
    Plagegeister aller Art und deren Bekämpfung - 19.07.2015 (8)
  3. Win7 - Speicherplatz verringert sich, Zugriff auf eigene Ordner blockiert
    Log-Analyse und Auswertung - 10.02.2015 (11)
  4. Geschwindigkeit des surfens verringert/Seitenaufbau dauert länger
    Log-Analyse und Auswertung - 28.05.2014 (27)
  5. Plötzlich schnell sich reduzierender Speicherplatz/Hijackthis-Logfile
    Log-Analyse und Auswertung - 21.02.2013 (3)
  6. C:\ & D:\eula1028.txt - kein speicherplatz
    Log-Analyse und Auswertung - 20.08.2012 (5)
  7. Schädling, der die Internetgeschwindigkeit stark verringert!
    Plagegeister aller Art und deren Bekämpfung - 16.09.2011 (9)
  8. Speicherplatz ändert sich andauernt
    Plagegeister aller Art und deren Bekämpfung - 14.06.2011 (1)
  9. Speicherplatz/Trojaner Problem
    Log-Analyse und Auswertung - 06.12.2010 (6)
  10. Speicherplatz Private Nachrichten
    Lob, Kritik und Wünsche - 20.01.2010 (5)
  11. IEXPLORE.EXE verringert Internet+PC-Geschwindigkeit
    Plagegeister aller Art und deren Bekämpfung - 18.07.2009 (3)
  12. Speicherplatz auf Systemlaufwerk verringert sich bis auf 0 Byte
    Log-Analyse und Auswertung - 22.09.2007 (6)
  13. Zu wenig Speicherplatz
    Log-Analyse und Auswertung - 30.09.2006 (5)
  14. Internet Geschwindigkeit Verringert sich
    Log-Analyse und Auswertung - 16.08.2006 (1)
  15. Defragementierung und Speicherplatz
    Alles rund um Windows - 27.06.2006 (8)
  16. Verringert ein Router die Geschwindigkeit?
    Antiviren-, Firewall- und andere Schutzprogramme - 19.10.2005 (5)

Zum Thema Speicherplatz verringert sich - Hallo, bei mir verringert sich der Speicherplatz ausschließlich auf Laufwerk C ganz immens. Aufgefallen ist mir dies nach einem Windows Update. Ob die Verringerung damit zu tun hat, keine Ahnung??? - Speicherplatz verringert sich...
Archiv
Du betrachtest: Speicherplatz verringert sich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.