Ergebnis 1 bis 8 von 8

Thema: help - remove quicklink

  1. #1
    Einsteiger
    Registriert seit
    08.12.2005
    Beiträge
    5

    Ausrufezeichen help - remove quicklink

    HELP! Quicklinks is somehow installed in my computer
    I found the following 3 files in c:\program files\ql\
    qldf.bin qlink32.dll uninstall.exe
    Everytime I delete them they come back again

    I try using ad-ware and scan spyware to remove quicklinks, everytime after it's removed it comes back again. Please help.

    Here is my hijackthis logfile

    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 2:34:28 PM, on 12/8/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
    C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
    C:\WINDOWS\csvas.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\NavNT\vptray.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\WINDOWS\system32\igps.exe
    C:\WINDOWS\system32\pgws.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Creative\TaskBar\CTLTray.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\regedit.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    
    O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128777173671
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131300605140
    O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll  
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: URL - C:\WINDOWS\system32\lv4409hqe.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
    O23 - Service: Service Cvasvr (Service Cvas) - Unknown owner - C:\WINDOWS\csvas.exe

  2. #2
    Einsteiger
    Registriert seit
    08.12.2005
    Beiträge
    5

    Re: help - remove quicklink

    Oh and also,
    the follow were found in the spywareguard reports

    Code:
    --------------------------------------------------------------------------------
    NEW BHO DETECTION ALERT
    On 02:08:36 12/08/2005 a new BHO installation attempt was detected.
    BHO: {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22}
    ProgramID: QuickLinks.LinkTracker.1
    File Location: C:\Program Files\QL\qlink32.dll
    User Action Taken: KEEP BHO
    
    --------------------------------------------------------------------------------
    NEW BHO DETECTION ALERT
    On 02:09:01 12/08/2005 a new BHO installation attempt was detected.
    BHO: {00000000-0000-0000-0000-000000000010}
    ProgramID: n/a
    File Location: C:\WINDOWS\DH.dll
    User Action Taken: REMOVE BHO

  3. #3
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.039

    AW: help - remove quicklink

    Welcome to HijackThis.de @ Lenaedic

    Make sure you set windows to see the hidden files and folders.

    Please load the following unknown files

    C:\WINDOWS\csvas.exe
    C:\WINDOWS\system32\igps.exe
    C:\WINDOWS\system32\pgws.exe
    C:\WINDOWS\system32\lv4409hqe.dll

    1. ->up to Upload malicious software.
    2. ->up to ST-Adware-Upload

    If you need a zip-tool we suggest zipgenius (It is free).

    Scan these files then also with Virustotal and Jotti

    C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
    C:\WINDOWS\csvas.exe
    C:\WINDOWS\system32\igps.exe
    C:\WINDOWS\system32\pgws.exe
    C:\Program Files\QL\qlink32.dll
    C:\WINDOWS\system32\lv4409hqe.dll

    Please make us know if you succeeded in uploading the files to both the URLs
    and make us know every result of the Online Scan by copy&paste.


    __________________

    Please help us to keep this Free Service online

    Konto EN - PayPal-US - PayPal-DE - Konto DE
    you are welcome
    Ruby

  4. #4
    Einsteiger
    Registriert seit
    08.12.2005
    Beiträge
    5

    Re: help - remove quicklink

    I sucessfully uploaded
    C:\WINDOWS\system32\igps.exe
    C:\WINDOWS\system32\pgws.exe
    However,
    C:\WINDOWS\csvas.exe
    C:\WINDOWS\system32\lv4409hqe.dll
    are nowhere to be found. and lv4409hqe.dll disappeared from the hijackthis log too.

    Here are the scan results:

    File: igps.exe
    Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5 918ad3fa960ad50896c34689e103b33b
    Packers detected: -
    Scanner results
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found Adware.QuickLinks
    F-Prot Antivirus Found nothing
    Fortinet Found Adware/LinkMaker
    Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Suggestor.o
    NOD32 Found nothing
    Norman Virus Control Found nothing
    UNA Found nothing
    VBA32 Found AdWare.Win32.Suggestor.o

    File: pgws.exe
    Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5 229ec04150663752c9022c338dbd418f
    Packers detected: -
    Scanner results
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    UNA Found nothing
    VBA32 Found nothing

    File: qlink32.dll
    Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5 cbcca4017ebc49d7290a615f7b5cb530
    Packers detected: -
    Scanner results
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found Adware.QuickLinks
    F-Prot Antivirus Found nothing
    Fortinet Found Adware/LinkMaker
    Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Suggestor.o
    NOD32 Found nothing
    Norman Virus Control Found nothing
    UNA Found nothing
    VBA32 Found AdWare.Win32.Suggestor.o

    File: PRTG_Traffic_Grapher.exe
    Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
    MD5 8cedf100412ab0403cb997f3fa3f7598
    Packers detected: ARMADILLO
    Scanner results
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    UNA Found nothing
    VBA32 Found nothing

    This is a report processed by VirusTotal on 12/09/2005 at 08:48:53 (CET) after scanning the file "igps.exe" file.
    Antivirus Version Update Result
    AntiVir 6.33.0.61 12.08.2005 ADSPY/Suggestor.O
    Avast 4.6.695.0 12.07.2005 no virus found
    AVG 718 12.08.2005 no virus found
    Avira 6.33.0.61 12.08.2005 ADSPY/Suggestor.O
    BitDefender 7.2 12.09.2005 no virus found
    CAT-QuickHeal 8.00 12.08.2005 AdWare.Suggestor.o (Not a Virus)
    ClamAV devel-20051108 12.08.2005 no virus found
    DrWeb 4.33 12.08.2005 no virus found
    eTrust-Iris 7.1.194.0 12.09.2005 no virus found
    eTrust-Vet 11.9.1.0 12.09.2005 no virus found
    Fortinet 2.54.0.0 12.09.2005 Adware/LinkMaker
    F-Prot 3.16c 12.07.2005 no virus found
    Ikarus 0.2.59.0 12.09.2005 no virus found
    Kaspersky 4.0.2.24 12.09.2005 not-a-virus:AdWare.Win32.Suggestor.o
    McAfee 4646 12.08.2005 potentially unwanted program Adware-LinkMaker
    NOD32v2 1.1316 12.08.2005 no virus found
    Norman 5.70.10 12.08.2005 no virus found
    Panda 8.02.00 12.08.2005 no virus found
    Sophos 4.00.0 12.09.2005 no virus found
    Symantec 8.0 12.07.2005 no virus found
    TheHacker 5.9.1.052 12.09.2005 Adware/Suggestor.o
    VBA32 3.10.5 12.08.2005 AdWare.Win32.Suggestoro

    This is a report processed by VirusTotal on 12/09/2005 at 08:47:43 (CET) after scanning the file "pgws.exe" file.
    Antivirus Version Update Result
    AntiVir 6.33.0.61 12.08.2005 no virus found
    Avast 4.6.695.0 12.07.2005 no virus found
    AVG 718 12.08.2005 no virus found
    Avira 6.33.0.61 12.08.2005 no virus found
    BitDefender 7.2 12.09.2005 no virus found
    CAT-QuickHeal 8.00 12.08.2005 no virus found
    ClamAV devel-20051108 12.08.2005 no virus found
    DrWeb 4.33 12.08.2005 no virus found
    eTrust-Iris 7.1.194.0 12.09.2005 no virus found
    eTrust-Vet 11.9.1.0 12.09.2005 no virus found
    Fortinet 2.54.0.0 12.09.2005 no virus found
    F-Prot 3.16c 12.07.2005 no virus found
    Ikarus 0.2.59.0 12.09.2005 no virus found
    Kaspersky 4.0.2.24 12.09.2005 no virus found
    McAfee 4646 12.08.2005 no virus found
    NOD32v2 1.1316 12.08.2005 no virus found
    Norman 5.70.10 12.08.2005 no virus found
    Panda 8.02.00 12.08.2005 no virus found
    Sophos 4.00.0 12.09.2005 no virus found
    Symantec 8.0 12.07.2005 no virus found
    TheHacker 5.9.1.052 12.09.2005 no virus found
    VBA32 3.10.5 12.08.2005 no virus found

    This is a report processed by VirusTotal on 12/09/2005 at 08:50:07 (CET) after scanning the file "qlink32.dll" file.
    Antivirus Version Update Result
    AntiVir 6.33.0.61 12.08.2005 ADSPY/Suggestor.O
    Avast 4.6.695.0 12.07.2005 no virus found
    AVG 718 12.08.2005 no virus found
    Avira 6.33.0.61 12.08.2005 ADSPY/Suggestor.O
    BitDefender 7.2 12.09.2005 no virus found
    CAT-QuickHeal 8.00 12.08.2005 AdWare.Suggestor.o (Not a Virus)
    ClamAV devel-20051108 12.08.2005 no virus found
    DrWeb 4.33 12.08.2005 no virus found
    eTrust-Iris 7.1.194.0 12.09.2005 no virus found
    eTrust-Vet 11.9.1.0 12.09.2005 no virus found
    Fortinet 2.54.0.0 12.09.2005 Adware/LinkMaker
    F-Prot 3.16c 12.07.2005 no virus found
    Ikarus 0.2.59.0 12.09.2005 no virus found
    Kaspersky 4.0.2.24 12.09.2005 not-a-virus:AdWare.Win32.Suggestor.o
    McAfee 4646 12.08.2005 potentially unwanted program Adware-LinkMaker
    NOD32v2 1.1316 12.08.2005 no virus found
    Norman 5.70.10 12.08.2005 no virus found
    Panda 8.02.00 12.08.2005 no virus found
    Sophos 4.00.0 12.09.2005 no virus found
    Symantec 8.0 12.07.2005 no virus found
    TheHacker 5.9.1.052 12.09.2005 Adware/Suggestor.o
    VBA32 3.10.5 12.08.2005 AdWare.Win32.Suggestoro

    This is a report processed by VirusTotal on 12/09/2005 at 08:53:59 (CET) after scanning the file "PRTG Traffic Grapher.exe" file.
    Antivirus Version Update Result
    AntiVir 6.33.0.61 12.08.2005 no virus found
    Avast 4.6.695.0 12.07.2005 no virus found
    AVG 718 12.08.2005 no virus found
    Avira 6.33.0.61 12.08.2005 no virus found
    BitDefender 7.2 12.09.2005 no virus found
    CAT-QuickHeal 8.00 12.08.2005 no virus found
    ClamAV devel-20051108 12.08.2005 no virus found
    DrWeb 4.33 12.08.2005 no virus found
    eTrust-Iris 7.1.194.0 12.09.2005 no virus found
    eTrust-Vet 11.9.1.0 12.09.2005 no virus found
    Fortinet 2.54.0.0 12.09.2005 no virus found
    F-Prot 3.16c 12.07.2005 no virus found
    Ikarus 0.2.59.0 12.09.2005 no virus found
    Kaspersky 4.0.2.24 12.09.2005 no virus found
    McAfee 4646 12.08.2005 no virus found
    NOD32v2 1.1316 12.08.2005 no virus found
    Norman 5.70.10 12.08.2005 no virus found
    Panda 8.02.00 12.08.2005 no virus found
    Sophos 4.00.0 12.09.2005 no virus found
    Symantec 8.0 12.07.2005 no virus found
    TheHacker 5.9.1.052 12.09.2005 no virus found
    VBA32 3.10.5 12.08.2005 no virus found

  5. #5
    Einsteiger
    Registriert seit
    08.12.2005
    Beiträge
    5

    Re: help - remove quicklink

    Ok. I just ran a Norton AntiVirus Scan and it caught "c:\windows\csvas.exe" as a W32.Spybot.Worm, but my program can't do anything do it....

    Here's the result:
    Scan type: Realtime Protection Scan
    Event: Virus Found!
    Virus name: W32.Spybot.Worm
    File: C:\WINDOWS\csvas.exe
    Location: C:\WINDOWS
    Computer: TURIN
    User: Lenny
    Action taken: Clean failed : Quarantine failed : Access denied
    Date found: Fri Dec 09 04:10:43 2005

    Can't quarantine it, can't delete it, can't upload it to
    1) Upload malicious software
    2) ST-Adware-Upload
    and Can't uplaod to Virustotal and Jotti either...

    for ex, i try uploading it to jotti, and it said
    "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"
    But the file size is 47.5KB.
    Geändert von lenaedic (09.12.2005 um 09:24 Uhr)

  6. #6
    Forenbenutzer Avatar von BipBip
    Registriert seit
    14.11.2005
    Ort
    France
    Beiträge
    96

    Re: help - remove quicklink

    Bonjour lenaedic and Ruby,

    lenaedic,

    Please load down a Free Trial Version of Spy Sweeper.
    Instal it.

    Turn to safe mode. Stay in safe mode until you read that you may turn to normal mode!

    Try to run Spybot (Save the logfile) and Spysweeper (Save the logfile).

    Reboot your system into normal mode.

    Run a Full System Scan by Panda ActiveScan.
    It will last 2-3 hours. You will have to allow ActiveX.
    Save the logfile.
    Reboot the system when the scan is finished.
    Configure then the IE with these Settings.

    Post the logfile of Pandascan in VB-code
    Post the save logfile of Spybot in VB-code ,
    Post the save logfile of Spysweeper in VB-code ,
    Post a new HJT-log in VB-code please.

  7. #7
    Einsteiger
    Registriert seit
    08.12.2005
    Beiträge
    5

    Re: help - remove quicklink

    it looks like most of bad stuff has been removed?

    this is my spysweeker results after I clean out stuff after I reboot my computer:
    Code:
    ********
    10:12 PM: |       Start of Session, Sunday, December 11, 2005       |
    10:12 PM: Spy Sweeper started
    10:12 PM: Sweep initiated using definitions version 581
    10:12 PM: Starting Memory Sweep
    10:20 PM: Memory Sweep Complete, Elapsed Time: 00:08:06
    10:20 PM: Starting Registry Sweep
    10:21 PM: Registry Sweep Complete, Elapsed Time:00:01:45
    10:22 PM: Starting Cookie Sweep
    10:22 PM:   Found Spy Cookie: 2o7.net cookie
    10:22 PM:   tracy@msnportal.112.2o7[1].txt (ID = 1958)
    10:22 PM:   Found Spy Cookie: 247realmedia cookie
    10:22 PM:   lenny@247realmedia[1].txt (ID = 1953)
    10:22 PM:   lenny@2o7[1].txt (ID = 1957)
    10:22 PM:   Found Spy Cookie: 6425137 cookie
    10:22 PM:   lenny@6425137[2].txt (ID = 1989)
    10:22 PM:   Found Spy Cookie: about cookie
    10:22 PM:   lenny@about[1].txt (ID = 2037)
    10:22 PM:   Found Spy Cookie: cd freaks cookie
    10:22 PM:   lenny@ads.cdfreaks[1].txt (ID = 2371)
    10:22 PM:   Found Spy Cookie: pointroll cookie
    10:22 PM:   lenny@ads.pointroll[2].txt (ID = 3148)
    10:22 PM:   Found Spy Cookie: adtech cookie
    10:22 PM:   lenny@adtech[2].txt (ID = 2155)
    10:22 PM:   Found Spy Cookie: askmen cookie
    10:22 PM:   lenny@askmen[1].txt (ID = 2247)
    10:22 PM:   Found Spy Cookie: atwola cookie
    10:22 PM:   lenny@atwola[1].txt (ID = 2255)
    10:22 PM:   Found Spy Cookie: bizrate cookie
    10:22 PM:   lenny@bizrate[1].txt (ID = 2308)
    10:22 PM:   Found Spy Cookie: bluestreak cookie
    10:22 PM:   lenny@bluestreak[2].txt (ID = 2314)
    10:22 PM:   Found Spy Cookie: burstnet cookie
    10:22 PM:   lenny@burstnet[2].txt (ID = 2336)
    10:22 PM:   lenny@buycom.122.2o7[1].txt (ID = 1958)
    10:22 PM:   Found Spy Cookie: casalemedia cookie
    10:22 PM:   lenny@casalemedia[1].txt (ID = 2354)
    10:22 PM:   lenny@cdfreaks[1].txt (ID = 2370)
    10:22 PM:   lenny@club.cdfreaks[2].txt (ID = 2371)
    10:22 PM:   lenny@compnetworking.about[1].txt (ID = 2038)
    10:22 PM:   Found Spy Cookie: 360i cookie
    10:22 PM:   lenny@ct.360i[1].txt (ID = 1962)
    10:22 PM:   Found Spy Cookie: dealtime cookie
    10:22 PM:   lenny@dealtime[1].txt (ID = 2505)
    10:22 PM:   Found Spy Cookie: did-it cookie
    10:22 PM:   lenny@did-it[1].txt (ID = 2523)
    10:22 PM:   Found Spy Cookie: ru4 cookie
    10:22 PM:   lenny@edge.ru4[1].txt (ID = 3269)
    10:22 PM:   Found Spy Cookie: fe.lea.lycos.com cookie
    10:22 PM:   lenny@fe.lea.lycos[1].txt (ID = 2660)
    10:22 PM:   Found Spy Cookie: gamespy cookie
    10:22 PM:   lenny@gamespy[1].txt (ID = 2719)
    10:22 PM:   Found Spy Cookie: go.com cookie
    10:22 PM:   lenny@go[1].txt (ID = 2728)
    10:22 PM:   Found Spy Cookie: humanclick cookie
    10:22 PM:   lenny@hc2.humanclick[1].txt (ID = 2810)
    10:22 PM:   Found Spy Cookie: domainsponsor cookie
    10:22 PM:   lenny@landing.domainsponsor[1].txt (ID = 2535)
    10:22 PM:   Found Spy Cookie: freestats.net cookie
    10:22 PM:   lenny@mark8ing.freestats[2].txt (ID = 2705)
    10:22 PM:   Found Spy Cookie: pcstats.com cookie
    10:22 PM:   lenny@pcstats[1].txt (ID = 3125)
    10:22 PM:   Found Spy Cookie: pricegrabber cookie
    10:22 PM:   lenny@pricegrabber[1].txt (ID = 3185)
    10:22 PM:   Found Spy Cookie: pro-market cookie
    10:22 PM:   lenny@pro-market[2].txt (ID = 3197)
    10:22 PM:   Found Spy Cookie: web-stat cookie
    10:22 PM:   lenny@server3.web-stat[1].txt (ID = 3649)
    10:22 PM:   Found Spy Cookie: serving-sys cookie
    10:22 PM:   lenny@serving-sys[2].txt (ID = 3343)
    10:22 PM:   lenny@stat.dealtime[2].txt (ID = 2506)
    10:22 PM:   Found Spy Cookie: burstbeacon cookie
    10:22 PM:   lenny@www.burstbeacon[2].txt (ID = 2335)
    10:22 PM: Cookie Sweep Complete, Elapsed Time: 00:00:12
    10:22 PM: Starting File Sweep
    11:18 PM: File Sweep Complete, Elapsed Time: 00:56:37
    11:18 PM: Full Sweep has completed.  Elapsed time 01:06:49
    11:18 PM: Traces Found: 35
    11:09 AM: Removal process initiated
    11:10 AM:   Quarantining All Traces: 247realmedia cookie
    11:10 AM:   Quarantining All Traces: 2o7.net cookie
    11:10 AM: Removal process completed.  Elapsed time 00:00:25
    11:10 AM: Your spyware definitions have been updated.
    11:11 AM: Deletion from quarantine initiated
    11:11 AM: Processing: 2o7.net cookie
    11:11 AM: Deletion from quarantine completed.  Elapsed time 00:00:00
    This is the spysweeper finding a bunch of adwares before I clean it:
    Code:
    ********
    5:19 PM: |       Start of Session, Friday, December 09, 2005       |
    5:19 PM: Spy Sweeper started
    5:19 PM: Sweep initiated using definitions version 581
    5:19 PM: Starting Memory Sweep
    5:21 PM: Memory Sweep Complete, Elapsed Time: 00:02:14
    5:21 PM: Starting Registry Sweep
    5:21 PM:   Found Adware: regfreeze desktop hijack
    5:21 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\main\ || start page (ID = 1037198)
    5:21 PM: Registry Sweep Complete, Elapsed Time:00:00:12
    5:21 PM: Starting Cookie Sweep
    5:21 PM:   Found Spy Cookie: 2o7.net cookie
    5:21 PM:   tracy@msnportal.112.2o7[1].txt (ID = 1958)
    5:21 PM:   Found Spy Cookie: 247realmedia cookie
    5:21 PM:   lenny@247realmedia[1].txt (ID = 1953)
    5:21 PM:   lenny@2o7[1].txt (ID = 1957)
    5:21 PM:   Found Spy Cookie: 6425137 cookie
    5:21 PM:   lenny@6425137[2].txt (ID = 1989)
    5:21 PM:   Found Spy Cookie: about cookie
    5:21 PM:   lenny@about[1].txt (ID = 2037)
    5:21 PM:   Found Spy Cookie: cd freaks cookie
    5:21 PM:   lenny@ads.cdfreaks[1].txt (ID = 2371)
    5:21 PM:   Found Spy Cookie: pointroll cookie
    5:21 PM:   lenny@ads.pointroll[2].txt (ID = 3148)
    5:21 PM:   Found Spy Cookie: adtech cookie
    5:21 PM:   lenny@adtech[2].txt (ID = 2155)
    5:21 PM:   Found Spy Cookie: askmen cookie
    5:21 PM:   lenny@askmen[1].txt (ID = 2247)
    5:21 PM:   Found Spy Cookie: atwola cookie
    5:21 PM:   lenny@atwola[1].txt (ID = 2255)
    5:21 PM:   Found Spy Cookie: bizrate cookie
    5:21 PM:   lenny@bizrate[1].txt (ID = 2308)
    5:21 PM:   Found Spy Cookie: bluestreak cookie
    5:21 PM:   lenny@bluestreak[2].txt (ID = 2314)
    5:21 PM:   Found Spy Cookie: burstnet cookie
    5:21 PM:   lenny@burstnet[2].txt (ID = 2336)
    5:21 PM:   lenny@buycom.122.2o7[1].txt (ID = 1958)
    5:21 PM:   Found Spy Cookie: casalemedia cookie
    5:21 PM:   lenny@casalemedia[1].txt (ID = 2354)
    5:21 PM:   lenny@cdfreaks[1].txt (ID = 2370)
    5:21 PM:   lenny@club.cdfreaks[2].txt (ID = 2371)
    5:21 PM:   lenny@compnetworking.about[1].txt (ID = 2038)
    5:21 PM:   Found Spy Cookie: 360i cookie
    5:21 PM:   lenny@ct.360i[1].txt (ID = 1962)
    5:21 PM:   Found Spy Cookie: dealtime cookie
    5:21 PM:   lenny@dealtime[1].txt (ID = 2505)
    5:21 PM:   Found Spy Cookie: did-it cookie
    5:21 PM:   lenny@did-it[1].txt (ID = 2523)
    5:21 PM:   Found Spy Cookie: ru4 cookie
    5:21 PM:   lenny@edge.ru4[1].txt (ID = 3269)
    5:21 PM:   Found Spy Cookie: fe.lea.lycos.com cookie
    5:21 PM:   lenny@fe.lea.lycos[1].txt (ID = 2660)
    5:21 PM:   Found Spy Cookie: gamespy cookie
    5:21 PM:   lenny@gamespy[1].txt (ID = 2719)
    5:21 PM:   Found Spy Cookie: go.com cookie
    5:21 PM:   lenny@go[1].txt (ID = 2728)
    5:21 PM:   Found Spy Cookie: humanclick cookie
    5:21 PM:   lenny@hc2.humanclick[1].txt (ID = 2810)
    5:21 PM:   Found Spy Cookie: domainsponsor cookie
    5:21 PM:   lenny@landing.domainsponsor[1].txt (ID = 2535)
    5:21 PM:   Found Spy Cookie: freestats.net cookie
    5:21 PM:   lenny@mark8ing.freestats[2].txt (ID = 2705)
    5:21 PM:   Found Spy Cookie: pcstats.com cookie
    5:21 PM:   lenny@pcstats[1].txt (ID = 3125)
    5:21 PM:   Found Spy Cookie: pricegrabber cookie
    5:21 PM:   lenny@pricegrabber[1].txt (ID = 3185)
    5:21 PM:   Found Spy Cookie: pro-market cookie
    5:21 PM:   lenny@pro-market[2].txt (ID = 3197)
    5:21 PM:   Found Spy Cookie: web-stat cookie
    5:21 PM:   lenny@server3.web-stat[1].txt (ID = 3649)
    5:21 PM:   Found Spy Cookie: serving-sys cookie
    5:21 PM:   lenny@serving-sys[2].txt (ID = 3343)
    5:21 PM:   lenny@stat.dealtime[2].txt (ID = 2506)
    5:21 PM:   Found Spy Cookie: burstbeacon cookie
    5:21 PM:   lenny@www.burstbeacon[2].txt (ID = 2335)
    5:21 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
    5:21 PM: Starting File Sweep
    5:26 PM:   Found Adware: dollarrevenue
    5:26 PM:   tx[1].exe (ID = 199283)
    5:26 PM:   Found Adware: look2me
    5:26 PM:   appwrap[1].exe (ID = 65722)
    5:27 PM:   n2r20c9oef.dll (ID = 159)
    5:29 PM:   timessquare[1].exe (ID = 194150)
    5:29 PM:   drsmartload[1].exe (ID = 203611)
    5:32 PM:   Found Adware: targetsaver
    5:32 PM:   tsuninst.exe (ID = 193501)
    5:38 PM:   appwrap[1].exe (ID = 65739)
    5:41 PM:   iokom.exe (ID = 195131)
    5:41 PM:   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run || ioko (ID = 0)
    5:55 PM:   iokol.exe (ID = 195130)
    5:56 PM:   iokoa.exe (ID = 195128)
    5:56 PM:   iokop.exe (ID = 195132)
    5:56 PM:   Found Adware: command
    5:56 PM:   mte3ndi6odoxng[1].exe (ID = 185985)
    6:11 PM:   class-barrel (ID = 78229)
    6:11 PM:   iokoc.dll (ID = 195129)
    6:11 PM:   vocabulary (ID = 78283)
    6:15 PM:   j0l4la3q1d.dll (ID = 159)
    6:50 PM:   guard.tmp (ID = 159)
    6:58 PM:   drsmartload[1].exe (ID = 203611)
    6:58 PM:   timessquare[1].exe (ID = 194150)
    6:59 PM:   stub_113_4_0_4_0[1].exe (ID = 193995)
    6:59 PM:   tsinstall_4_0_4_0_b4.exe (ID = 193496)
    7:02 PM:   Found Adware: linkmaker
    7:02 PM:   inrh9400[1].exe (ID = 200300)
    7:02 PM:   Found Adware: quicklink search toolbar
    7:02 PM:   9400[1].cab (ID = 200301)
    7:02 PM:   f8f41a.tmp (ID = 200301)
    7:03 PM:   tsupdate2[2].ini (ID = 193498)
    7:03 PM:   Found Adware: apropos
    7:03 PM:   contextplus[1].exe (ID = 203610)
    7:03 PM:   installer[1].exe (ID = 168558)
    7:30 PM:   n3prvb40pao.vbs (ID = 185675)
    7:30 PM:   donotdelete[1].htm (ID = 198788)
    7:30 PM:   drsmartload.dat (ID = 198788)
    7:33 PM: File Sweep Complete, Elapsed Time: 02:11:34
    7:33 PM: Full Sweep has completed.  Elapsed time 02:14:07
    7:33 PM: Traces Found: 67
    10:11 PM: Removal process initiated
    10:11 PM:   Quarantining All Traces: look2me
    10:11 PM:   Quarantining All Traces: apropos
    10:11 PM:   Quarantining All Traces: regfreeze desktop hijack
    10:11 PM:   Quarantining All Traces: command
    10:11 PM:   Quarantining All Traces: dollarrevenue
    10:11 PM:   Quarantining All Traces: linkmaker
    10:11 PM:   Quarantining All Traces: quicklink search toolbar
    10:11 PM:   Quarantining All Traces: targetsaver
    10:11 PM: Removal process completed.  Elapsed time 00:00:42
    10:12 PM: Deletion from quarantine initiated
    10:12 PM: Processing: apropos
    10:12 PM: Processing: command
    10:12 PM: Processing: dollarrevenue
    10:12 PM: Processing: linkmaker
    10:12 PM: Processing: look2me
    10:12 PM: Processing: quicklink search toolbar
    10:12 PM: Processing: regfreeze desktop hijack
    10:12 PM: Processing: targetsaver
    10:12 PM: Deletion from quarantine completed.  Elapsed time 00:00:00
    10:12 PM: |       End of Session, Sunday, December 11, 2005       |
    ********
    1:45 PM: |       Start of Session, Friday, December 09, 2005       |
    1:45 PM: Spy Sweeper started
    1:45 PM: Sweep initiated using definitions version 581
    1:45 PM: Starting Memory Sweep
    1:45 PM:   Found Adware: quicklink search toolbar
    1:45 PM:   Detected running threat: C:\Program Files\QL\qlink32.dll (ID = 200308)
    1:49 PM:   Detected running threat: C:\WINDOWS\system32\igps.exe (ID = 200311)
    1:49 PM:   Detected running threat: C:\WINDOWS\system32\pgws.exe (ID = 200314)
    1:50 PM: Memory Sweep Complete, Elapsed Time: 00:05:03
    1:50 PM: Starting Registry Sweep
    1:50 PM:   Found Adware: cws-aboutblank
    1:50 PM:   HKCR\protocols\filter\text/html\  (2 subtraces) (ID = 114343)
    1:50 PM:   HKLM\software\classes\protocols\filter\text/html\  (2 subtraces) (ID = 115907)
    1:50 PM:   Found Adware: findthewebsiteyouneed hijacker
    1:50 PM:   HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 125242)
    1:51 PM:   Found Adware: linkmaker
    1:51 PM:   HKLM\software\classes\typelib\{423550e9-2f83-4678-9929-c1774088b180}\  (9 subtraces) (ID = 129743)
    1:51 PM:   HKCR\typelib\{423550e9-2f83-4678-9929-c1774088b180}\  (9 subtraces) (ID = 129750)
    1:51 PM:   HKCR\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\  (8 subtraces) (ID = 359437)
    1:51 PM:   HKLM\software\classes\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\  (8 subtraces) (ID = 359440)
    1:51 PM:   HKCR\quicklinks.linktracker.1\  (3 subtraces) (ID = 359448)
    1:51 PM:   HKCR\quicklinks.linktracker\  (3 subtraces) (ID = 359449)
    1:51 PM:   HKCR\quicklinks.quicklinksfilter.1\  (3 subtraces) (ID = 359450)
    1:51 PM:   HKCR\quicklinks.quicklinksfilter\  (3 subtraces) (ID = 359451)
    1:51 PM:   HKLM\software\classes\quicklinks.linktracker.1\  (3 subtraces) (ID = 359452)
    1:51 PM:   HKLM\software\classes\quicklinks.linktracker\  (3 subtraces) (ID = 359453)
    1:51 PM:   HKLM\software\classes\quicklinks.quicklinksfilter.1\  (3 subtraces) (ID = 359454)
    1:51 PM:   HKLM\software\classes\quicklinks.quicklinksfilter\  (3 subtraces) (ID = 359455)
    1:51 PM:   HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (ID = 359456)
    1:51 PM:   HKLM\software\ql\  (3 subtraces) (ID = 359458)
    1:51 PM:   HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)
    1:51 PM:   HKCR\clsid\{3551784b-e99a-474f-b782-3ec814442918}\  (10 subtraces) (ID = 727328)
    1:51 PM:   HKLM\software\classes\clsid\{3551784b-e99a-474f-b782-3ec814442918}\  (10 subtraces) (ID = 727357)
    1:51 PM:   HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\  (2 subtraces) (ID = 909558)
    1:51 PM:   Found Adware: dollarrevenue
    1:51 PM:   HKLM\software\microsoft\drsmartload\  (1 subtraces) (ID = 916795)
    1:51 PM:   Found Adware: command
    1:51 PM:   HKLM\system\currentcontrolset\services\cmdservice\  (5 subtraces) (ID = 958670)
    1:51 PM:   HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\  (6 subtraces) (ID = 1016064)
    1:51 PM:   HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\  (8 subtraces) (ID = 1016072)
    1:51 PM:   HKLM\software\microsoft\windows\currentversion\run\ || lspins (ID = 1027202)
    1:51 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
    1:51 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
    1:51 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search page (ID = 125238)
    1:51 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\main\ || start page (ID = 125239)
    1:51 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
    1:51 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 790268)
    1:51 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)
    1:51 PM: Registry Sweep Complete, Elapsed Time:00:00:47
    1:51 PM: Starting Cookie Sweep
    1:51 PM:   Found Spy Cookie: 2o7.net cookie
    1:51 PM:   tracy@msnportal.112.2o7[1].txt (ID = 1958)
    1:51 PM:   Found Spy Cookie: 247realmedia cookie
    1:51 PM:   lenny@247realmedia[1].txt (ID = 1953)
    1:51 PM:   lenny@2o7[1].txt (ID = 1957)
    1:51 PM:   Found Spy Cookie: 6425137 cookie
    1:51 PM:   lenny@6425137[2].txt (ID = 1989)
    1:51 PM:   Found Spy Cookie: about cookie
    1:51 PM:   lenny@about[1].txt (ID = 2037)
    1:51 PM:   Found Spy Cookie: cd freaks cookie
    1:51 PM:   lenny@ads.cdfreaks[1].txt (ID = 2371)
    1:51 PM:   Found Spy Cookie: pointroll cookie
    1:51 PM:   lenny@ads.pointroll[2].txt (ID = 3148)
    1:51 PM:   Found Spy Cookie: adtech cookie
    1:51 PM:   lenny@adtech[2].txt (ID = 2155)
    1:51 PM:   Found Spy Cookie: askmen cookie
    1:51 PM:   lenny@askmen[1].txt (ID = 2247)
    1:51 PM:   Found Spy Cookie: atwola cookie
    1:51 PM:   lenny@atwola[1].txt (ID = 2255)
    1:51 PM:   Found Spy Cookie: bizrate cookie
    1:51 PM:   lenny@bizrate[1].txt (ID = 2308)
    1:51 PM:   Found Spy Cookie: bluestreak cookie
    1:51 PM:   lenny@bluestreak[2].txt (ID = 2314)
    1:51 PM:   Found Spy Cookie: burstnet cookie
    1:51 PM:   lenny@burstnet[2].txt (ID = 2336)
    1:51 PM:   lenny@buycom.122.2o7[1].txt (ID = 1958)
    1:51 PM:   Found Spy Cookie: casalemedia cookie
    1:51 PM:   lenny@casalemedia[1].txt (ID = 2354)
    1:51 PM:   lenny@cdfreaks[1].txt (ID = 2370)
    1:51 PM:   lenny@club.cdfreaks[2].txt (ID = 2371)
    1:51 PM:   lenny@compnetworking.about[1].txt (ID = 2038)
    1:51 PM:   Found Spy Cookie: hitslink cookie
    1:51 PM:   lenny@counter.hitslink[2].txt (ID = 2790)
    1:51 PM:   Found Spy Cookie: 360i cookie
    1:51 PM:   lenny@ct.360i[1].txt (ID = 1962)
    1:51 PM:   Found Spy Cookie: dealtime cookie
    1:51 PM:   lenny@dealtime[1].txt (ID = 2505)
    1:51 PM:   Found Spy Cookie: did-it cookie
    1:51 PM:   lenny@did-it[1].txt (ID = 2523)
    1:51 PM:   Found Spy Cookie: ru4 cookie
    1:51 PM:   lenny@edge.ru4[1].txt (ID = 3269)
    1:51 PM:   Found Spy Cookie: fastclick cookie
    1:51 PM:   lenny@fastclick[1].txt (ID = 2651)
    1:51 PM:   Found Spy Cookie: fe.lea.lycos.com cookie
    1:51 PM:   lenny@fe.lea.lycos[1].txt (ID = 2660)
    1:51 PM:   Found Spy Cookie: gamespy cookie
    1:51 PM:   lenny@gamespy[1].txt (ID = 2719)
    1:51 PM:   Found Spy Cookie: go.com cookie
    1:51 PM:   lenny@go[1].txt (ID = 2728)
    1:51 PM:   Found Spy Cookie: humanclick cookie
    1:51 PM:   lenny@hc2.humanclick[1].txt (ID = 2810)
    1:51 PM:   Found Spy Cookie: domainsponsor cookie
    1:51 PM:   lenny@landing.domainsponsor[1].txt (ID = 2535)
    1:51 PM:   Found Spy Cookie: freestats.net cookie
    1:51 PM:   lenny@mark8ing.freestats[2].txt (ID = 2705)
    1:51 PM:   Found Spy Cookie: pcstats.com cookie
    1:51 PM:   lenny@pcstats[1].txt (ID = 3125)
    1:51 PM:   Found Spy Cookie: pricegrabber cookie
    1:51 PM:   lenny@pricegrabber[1].txt (ID = 3185)
    1:51 PM:   Found Spy Cookie: pro-market cookie
    1:51 PM:   lenny@pro-market[2].txt (ID = 3197)
    1:51 PM:   Found Spy Cookie: web-stat cookie
    1:51 PM:   lenny@server3.web-stat[1].txt (ID = 3649)
    1:51 PM:   Found Spy Cookie: serving-sys cookie
    1:51 PM:   lenny@serving-sys[2].txt (ID = 3343)
    1:51 PM:   lenny@stat.dealtime[2].txt (ID = 2506)
    1:51 PM:   Found Spy Cookie: burstbeacon cookie
    1:51 PM:   lenny@www.burstbeacon[2].txt (ID = 2335)
    1:51 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
    1:51 PM: Starting File Sweep
    1:52 PM:   dc14.exe (ID = 203611)
    1:52 PM:   Found Adware: look2me
    1:52 PM:   icont.exe (ID = 65722)
    1:52 PM:   dc9.exe (ID = 194150)
    1:53 PM:   thanks[1].exe (ID = 199283)
    1:54 PM:   dc13.exe (ID = 199283)
    1:59 PM:   Sweep Canceled
    1:59 PM: File Sweep Complete, Elapsed Time: 00:08:01
    1:59 PM: Traces Found: 185
    2:00 PM: Removal process initiated
    2:00 PM:   Quarantining All Traces: cws-aboutblank
    2:00 PM:   Quarantining All Traces: look2me
    2:00 PM:   Quarantining All Traces: command
    2:00 PM:   Quarantining All Traces: dollarrevenue
    2:00 PM:   Quarantining All Traces: findthewebsiteyouneed hijacker
    2:00 PM:   Quarantining All Traces: linkmaker
    2:00 PM:   Quarantining All Traces: quicklink search toolbar
    2:00 PM:   quicklink search toolbar is in use.  It will be removed on reboot.
    2:00 PM:     C:\Program Files\QL\qlink32.dll is in use.  It will be removed on reboot.
    2:00 PM:     C:\WINDOWS\system32\igps.exe is in use.  It will be removed on reboot.
    2:00 PM:     C:\WINDOWS\system32\pgws.exe is in use.  It will be removed on reboot.
    2:00 PM:   Preparing to restart your computer. Please wait...
    2:00 PM: Removal process completed.  Elapsed time 00:00:39
    2:45 PM: Deletion from quarantine initiated
    2:45 PM: Processing: command
    2:45 PM: Processing: cws-aboutblank
    2:45 PM: Processing: dollarrevenue
    2:45 PM: Processing: findthewebsiteyouneed hijacker
    2:45 PM: Processing: linkmaker
    2:45 PM: Processing: quicklink search toolbar
    2:45 PM: Deletion from quarantine completed.  Elapsed time 00:00:00
    Spybot results came up with no result.

    This is the panda results:
    Code:
    Incident                      Status                        Location                                                                                                                                                                                                                                                        
                                                  
    Virus:Trj/Downloader.GSV      Not disinfected               C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\70F5U32T\thanks[1].exe                                                                                                                                               
    Virus:Trj/Downloader.GSV      Not disinfected               C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\74QQ49EA\t4u[1].exe                                                                                                                                                
    Adware:Adware/EShopper        Not disinfected               C:\Program Files\Bethesda Softworks\Morrowind\Data Files\Uninstall The Wilderness Mod v. 2.1.exe
    This is the hijactthis log file result:
    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 6:52:56 PM, on 12/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
    C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\NavNT\vptray.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Creative\TaskBar\CTLTray.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\eMule\emule.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128777173671
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131300605140
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
    O23 - Service: Service Cvasvr (Service Cvas) - Unknown owner - C:\WINDOWS\csvas.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    The log file shows that it's still trying ti load csvas.exe, how do I get rid of it entirely? and what else do I need to remove??? Thanks

  8. #8
    Forenbenutzer Avatar von BipBip
    Registriert seit
    14.11.2005
    Ort
    France
    Beiträge
    96

    Re: help - remove quicklink

    Ok,
    1
    Make sure you set windows to see the hidden files and folders.

    2
    Please load these files

    C:\Program Files\Bethesda Softworks\Morrowind\Data Files\Uninstall The Wilderness Mod v. 2.1.exe


    1. ->up to Upload malicious software.
    2. ->up to ST-Adware-Upload

    If you need a zip-tool we suggest zipgenius (It is free).

    Please make us know if you succeeded in uploading the files to both the URLs.

    Please scan the following files

    C:\Program Files\Bethesda Softworks\Morrowind\Data Files\Uninstall The Wilderness Mod v. 2.1.exe

    with Virustotal and Jotti

    => Make us know all about the results by copy&paste.

    FIRST WORK
    Code:
    1-Go to Start->Run and type in services.msc and hit OK. Then look for "Service Cvasvr (Service Cvas)" and double click on it. 
    Click on the Stop button and under Startup type, choose Disabled.
    
    2-Download, install 
    *EasyCleaner by Toni Helenius ( http://personal.inet.fi/business/toniarts/ecleane.htm )
    *Download
    CCleaner
    
    3-Then reboot in safe mode and delete:
    C:\WINDOWS\csvas.exe
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ <-- delete all what there is in that folder
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ <-- delete all what there is in that folder
    
    6-Run the CCleaner
    Put a Checkmark next to all items
    under "Windows", "Applications" and "Issues".
    Have a look to the screenshots.
    Press the button "Run Cleaner".
    
    5- Run EasyCleaner
    * delete unnecessary files through EasyCleaner-Unnecessary
    * clean the registry through EasyCleaner-Registry (don't delete key with a red round if there are any)
    
    6-Reboot normaly
    SECOND WORK
    Code:
    The deleting Version of eScan
    You will want to copy the text from this post and save it as a text file (*.txt) or print it because you will be working offline (in safemode) to resolve your problem and not have access to this forum. Follow these STEPS. STEP 1 You must turn off System Restore during this process. You will keep it off until we are done fixing your system. STEP 2
    1. Download mwavscan (It is free), if you don't have a zip-tool we suggest zipgenius (It is free).
    2. You MUST Unzip mwavscan to 'C:\bases' (case sensitive, any other folder and it won't work properly)
    3. After installing some systems automatically start up the program, if this happens close it, you don't want to run it now.
    4. Open 'My Computer'
    5. Double click on 'C:'
    6. Double click on the folder 'bases'
    7. Now in that root folder look for 'kavupd.exe' and double click on it. (We are updating mwavscan to the latest definitions.)
    8. NOTE: Occasionally users receive an error that 'signatures are more then 30 days old'. If you receive this keep trying to run kavupd.exe, it means the definition server is busy, but you will eventually get through.
    STEP 3
    1. Now turn off your computer and remove the network cable/phone line from your machine.
    2. Reboot your computer in Safe Mode
    STEP 4
    1. Open 'My Computer'
    2. Double click on 'C:'
    3. Double click on the folder 'bases'
    4. Double click on 'mwavscan.com'
    5. Now close all other windows, browsers, and programs other then Mwavscan before continuing
    6. Checkmark: Memory, StartUp-Folders, Drives, All Local Drives, Registry and INI Files, System Folders, Services
    7. Now select 'Scan All Files'
    8. Finally, click on 'Scan Clean' (The program will take several hours to run)
    9. When the scan is complete, click 'View Log' and Save it!
    STEP 5
    1. Reconnect your network cable/phone line
    2. Reboot your system into normal mode.
    STEP 6
    1. Open 'My Computer'
    2. Double click on 'C:'
    3. Double click on the folder 'bases'
    4. Find the log file in the directory.
    5. Open it with an editor (Notepad will do fine)
    6. Look for the files which are tagged as "virus" or "infected"
    7. Copy&paste all these files tagged as "virus" or "infected" in a new document and save to your desktop
    STEP 7 Run Hijackthis again and have it save a new log file. Step 8 Post every file of mwavscan by looking for "infected" and "tagged as" to this thread: It looks like this: File C:\WINDOWS\sssasasb32.exe infected by "Trojan-Downloader.Win32.Agent.ig" Virus. Action Taken File C:\Documents and Settings\Name\Local Settings\Application Data\Wildtangent\0F.dat tagged as not-a-virus:AdWare.WildTangent.b. No Action Taken. Also post the total results: =>Total Number of Files Scanned: =>Total Number of Virus(es) Found: =>Total Number of Disinfected Files: =>Total Number of Files Renamed: =>Total Number of Deleted Files: =>Total Number of Errors: ***** Scanning complete. ***** Finally, post the new Hijackthis logfile!
    ==========================
    STEP 9 Using the free version of the eScan, please load down this free tool eScan-Check1.10 to delete the found Ad- and Spyware. Unzip 'eScan-Check1.10' to 'C:\escheck' (case sensitive, any other folder and it won't work properly) STEP 10
    1. Now turn off your computer and remove the network cable/phone line from your machine again.
    2. Reboot your system into Safe Mode
    STEP 11 Open 'My Computer' Double click on 'C:' Double click on the folder 'bases' Now in that root folder look for 'mwav.log' and double click on it. STEP 12 Use 'eScan-Check1.10' and put a checkmark to 'Delete all files on Reboot -> put a checkmark next to all files which are "tagged as not-a-virus:AdWare..." and then press the Button 'Delete Files'. STEP 13 Reboot your system into Normal Mode. NOTE: If you want to re-scan your system with the eScan once more, you MUST first delete the 'mwav.log' otherwise you won't get a good result of the new scan. You must turn on System Restore Finally, post the new Hijackthis logfile!

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. help me remove spotresults.com
    Von fagigi im Forum Archiv
    Antworten: 19
    Letzter Beitrag: 13.08.2005, 04:55
  2. What do I have to remove?
    Von DAvid im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 17.04.2005, 21:08
  3. please help my log to remove SAHAgent
    Von Ben im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 11.03.2005, 17:27

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •