wie entfernt man w32.spybot.worm?Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
09.03.2005, 20:32
...neu hier
Beiträge: 2 |
||
|
||
09.03.2005, 23:07
Member
Beiträge: 14 |
#62
????
ist das kompliziert!!!! erklär mir mal wie ich alles infected suchen soll?! ich bin auf bearbeiten gegangen hab da bei suchen das eingegeben, aber da kamen ca.30 wörter mit infected muss ich die sätze wo infected drinsteht ins board kopieren?? |
|
|
||
09.03.2005, 23:37
Ehrenmitglied
Beiträge: 29434 |
||
|
||
10.03.2005, 00:59
Ehrenmitglied
Beiträge: 29434 |
#64
hallo@pody
wer so was laedt und dann noch den Dialer, braucht sich nicht zu wundern, wenn alles verseucht ist.... VacPro.internazionale_ver4 (Dialer) + ErrorGuard •Download Registry Search Tool : http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip Meldung (Symantec)-- warnmeldung:bösartiges skript entdeckt --> ignorieren Object: Windows Script Host Shell Object Doppelklick:regsrch.vbs reinkopieren: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {205FF73B-CA67-11D5-99DD-444553540006} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll O2 - BHO: sPeerObj Class - {00000026-8735-428D-B81F-DD098223B25F} - C:\WINDOWS\speer.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Programme\Toolbar\toolbar.dll O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\Programme\Toolbar\toolbar.dll O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe O4 - HKLM\..\Run: [TBPS] C:\Programme\Toolbar\TBPS.exe O4 - HKLM\..\Run: [Windows Taskmanager] lsassx.exe O4 - HKLM\..\Run: [salm] c:\temp\salm.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [orsvaz] C:\WINDOWS\orsvaz.exe O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe O4 - HKLM\..\RunServices: [Windows Taskmanager] lsassx.exe O4 - HKCU\..\Run: [ChkMail] A‹ O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\Programme\Toolbar\toolbar.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll PC neustarten •KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\Downloaded Program Files\internazionale_ver4.ocx C:\Programme\Toolbar\TBPS.exe C:\Programme\Toolbar\PIB.exe C:\WINDOWS\System32\lsassx.exe C:\temp\salm.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Program Files\Media Pass\MediaPass.exe C:\WINDOWS\System32\gah95on6.exe C:\Program Files\Media Pass\MediaPassK.exe C:\Program Files\Media Pass\MediaPassC.dll C:\Program Files\Media Pass\Info.txt C:\WINDOWS\temp\USB.exe C:\WINDOWS\temp\oddworldz.exe C:\WINDOWS\temp\istinstall.exe C:\WINDOWS\SYSTEM32\igfxsrvc.dll C:\WINDOWS\orsvaz.exe C:\Programme\Gemeinsame Dateien\WinTools\WSup.exe C:\Programme\Gemeinsame Dateien\WinTools\WToolsA.exe C:\Programme\Gemeinsame Dateien\WinTools\WToolsB.dll C:\WINDOWS\nem220.dll C:\WINDOWS\speer.dll C:\Programme\Toolbar\toolbar.dll PC neustarten •eScan-Erkennungstool eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich: http://www.mwti.net/antivirus/free_utilities.asp oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche kavupd.exe, die klickst du an--> (Update- in DOS) ausführen -->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben und nun alles rauskopieren, was angezeigt wird--> danach von hier die "infected" abkopieren--> und dann in die Killbox oder manuell loeschen #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann #ClaerProg..lade die neuste Version <1.4.1 http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) #TuneUp2004 (30 Tage free) http://www.tuneup.de/products/tuneup-utilities/ Cleanup repair -->TuneUp Diskcleaner Cleanup repair -->Registry Cleaner #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein + poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.03.2005, 14:21
...neu hier
Beiträge: 6 |
#65
hallo sabina,
bin ebenfalls neu hier (google machts möglich) und wende mich mit dem gleichen problem an dich wie die anderen in diesem thread. os=windows xp, virenscanner=norton antivirus professional 2003 (halbwegs up to date). av hat auch diesen virus erkannt, kann ihn jedoch nicht löschen habe auch scon in anderen threads geschaut und bin nach deren anweisung vorgegangen, leider ohne das gewünschte ergebnis. habe unter anderen in der regedit nach verdächtigen einträgen geschaut, aber nicht die beschrieben gefunden. habe mir auch ein tool <<spybot s&d>> auf den rechner geladen. hilft alles nix. mein rechner "friert ein" immer nach einer kurzen zeit, nachdem ich mich ins netz eingewählt habe - dann geht nix mehr. ich vermute, dass ich dann auch nicht mehr herr des rechners bin. ihr schreibt hier immer vin <<hijackthis>> was ist bedeutet das??? ich habe bereits meine rechner im gesicherten modus hochgefahren und den scanner drübre laufen lassen. was soll ich nun tun. thanxxx im voraus! meik |
|
|
||
10.03.2005, 15:10
Ehrenmitglied
Beiträge: 29434 |
#66
Hallo@blutsvente
HijackThis http://www.downloads.subratam.org/hijackthis.zip http://www.spywareinfo.com/~merijn/files/hijackthis.zip Lade/entpacke HijackThis in einem Ordner -->None of the above, just start the program --> Save--> Savelog -->es öffnet sich der Editor --> Do a system scan and save a logfile --> Save--> Savelog -->es öffnet sich der Editor --> nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.03.2005, 15:44
...neu hier
Beiträge: 6 |
#67
hi sabina,
dass ging aber fix - thanxxx a lot hier der inhalt des logfiles. bitte, bitte keine hiobsbotschaften eat this: Logfile of HijackThis v1.99.1 Scan saved at 15:28:52, on 10.3.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Dokumente und Einstellungen\meik\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.teltarif.de/lcr/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Popup Blocker System32c Monitoring] PopUpBlockercd.exe O4 - HKLM\..\Run: [winupdates] winupdates.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [Go And Start] svdll32.exe O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\RunServices: [Popup Blocker System32c Monitoring] PopUpBlockercd.exe O4 - HKLM\..\RunServices: [winupdates] winupdates.exe O4 - HKLM\..\RunServices: [Go And Start] svdll32.exe O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Popup Blocker System32c Monitoring] PopUpBlockercd.exe O4 - HKCU\..\Run: [Go And Start] svdll32.exe O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe |
|
|
||
10.03.2005, 16:58
...neu hier
Beiträge: 3 |
#68
hey danke..hoff mal es geht *g*
also...1. die beiden Registry Search ergebnisse: REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "{9E98E84C-79E1-49C3-82EB-798FCD552EFB}" 10.03.2005 16:51:56 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Control] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\MiscStatus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\MiscStatus\1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\ToolboxBitmap32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\VERSION] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VacPro.internazionale_ver4\Clsid] @="{9E98E84C-79E1-49C3-82EB-798FCD552EFB}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Contains] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Contains\Files] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\DownloadInformation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\InstalledVersion] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/internazionale_ver4.ocx] ".Owner"="{9E98E84C-79E1-49C3-82EB-798FCD552EFB}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/internazionale_ver4.ocx] "{9E98E84C-79E1-49C3-82EB-798FCD552EFB}"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb] ".Owner"="{9E98E84C-79E1-49C3-82EB-798FCD552EFB}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb] "{9E98E84C-79E1-49C3-82EB-798FCD552EFB}"="" ---------------------------------------- REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "{205FF73B-CA67-11D5-99DD-444553540006}" 10.03.2005 16:54:48 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Install.Install\CLSID] @="{205FF73B-CA67-11D5-99DD-444553540006}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Install.Install.1\CLSID] @="{205FF73B-CA67-11D5-99DD-444553540006}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains\Files] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\DownloadInformation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\InstalledVersion] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Install.dll] ".Owner"="{205FF73B-CA67-11D5-99DD-444553540006}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Install.dll] "{205FF73B-CA67-11D5-99DD-444553540006}"="" |
|
|
||
10.03.2005, 17:10
Member
Beiträge: 14 |
#69
so hier die infected :
File C:\WINDOWS\System32\winlspak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\drivers\axmjdtzo.sys infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken. File C:\WINDOWS\aconti.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\d8.exe infected by "Trojan-Downloader.Win32.Small.ahx" Virus. Action Taken: No Action Taken. File C:\WINDOWS\icont.exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken. File C:\WINDOWS\iconu.exe infected by "not-a-virus:AdWare.Zestyfind" Virus. Action Taken: No Action Taken. File C:\WINDOWS\nem220.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken. File C:\WINDOWS\od-stnd168.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dk" Virus. Action Taken: No Action Taken. File C:\WINDOWS\p2p-10112.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken. File C:\WINDOWS\SSK_B5.EXE infected by "Trojan-Dropper.Win32.SurfSide.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\wsem303.dll infected by "Trojan-Downloader.Win32.Dyfuca.dt" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\ffInst.exe infected by "not-a-virus:AdWare.Look2Me.r" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\odpomeve.exe infected by "Trojan-Downloader.Win32.IstBar.ha" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\PopOops.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\PopOops2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\solufsuq.dll infected by "Trojan.Win32.Golid.f" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\SWLAD1.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\SWLAD2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\ujqnggjr.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\vjwwofim.dll infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\wincoreak.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\winlspak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\winrulesak.dll infected by "Trojan-Downloader.Win32.Agent.bt" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\winupdak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\wpqzfegu.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Luzzi\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader.jar-6063b9ef-73469f01.zip infected by "Trojan-Downloader.Java.OpenConnection.i" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Luzzi\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv2.jar-1cd70a40-49e29381.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Luzzi\Eigene Dateien\virus-,spysoftware\l2mfix\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken. File C:\Dokumente und Einstellungen\Luzzi\Eigene Dateien\virus-,spysoftware\l2mfix.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken. File C:\Dokumente und Einstellungen\Luzzi\Favoriten\Programme\mirc612.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken. File C:\program files\Altnet\Download Manager\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\program files\Altnet\Download Manager\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\program files\Altnet\Download Manager\adm4005.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\program files\Altnet\Download Manager\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\program files\Altnet\Download Manager\asmps.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. File C:\program files\Altnet\Points Manager\sysdetect.dll infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken. File C:\program files\Internet Optimizer\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: No Action Taken. File C:\program files\Internet Optimizer\update\optimize312.exe infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: No Action Taken. File C:\program files\mIRC\backup\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken. File C:\program files\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.02. No Action Taken. File C:\Programme\Common Files\updmgr\rvupdmgr.exe infected by "Trojan-Downloader.Win32.Keenval" Virus. Action Taken: No Action Taken. File C:\Programme\Common Files\updmgr\simgr.exe infected by "Trojan-Downloader.Win32.Keenval" Virus. Action Taken: No Action Taken. File C:\Programme\Common Files\updmgr\updmgr.exe infected by "Trojan-Downloader.Win32.Keenval" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\apps\DateManager\datemanager2102.zip infected by "not-a-virus:AdWare.Gator.4116" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\apps\DateManager\InstallDateManager.exe infected by "not-a-virus:AdWare.Gator.4116" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\apps\PrecisionTime\InstallPrecisionTime.exe infected by "not-a-virus:AdWare.Gator.2102" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\apps\PrecisionTime\precisiontime2102.zip infected by "not-a-virus:AdWare.Gator.2102" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\store\apps\datemanager2102.zip infected by "not-a-virus:AdWare.Gator.4116" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\store\apps\precisiontime2102.zip infected by "not-a-virus:AdWare.Gator.2102" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\nluplcae\ltalstoc\sqrmetsb.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\nluplcae\nsflueerfo\ffroesmsl.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\WinTools\WSup.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\WinTools\WToolsA.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\WinTools\WToolsB.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\WinTools\WToolsS.exe infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: No Action Taken. File C:\Programme\INSTAFINK\instafink.dll infected by "not-a-virus:AdWare.ToolBar.404Search.h" Virus. Action Taken: No Action Taken. File C:\Programme\Kazaa\TopSearch.dll infected by "not-a-virus:AdWare.Altnet.d" Virus. Action Taken: No Action Taken. File C:\Programme\MyWay\myBar\2.bin\MY2NS.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken. File C:\Programme\MyWay\myBar\2.bin\NPMYWAY.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\01422DBB.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\022B7473.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\031C4C42.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\031F763E.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\0323203B.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\03264A37.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\03CC4D3F.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\070E39AA.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\07150DA3.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\071C619B.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\0768104C.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\09C83C5A.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\09D75265.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\09D75265.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\0C713AE5.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\0F207879.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\0FD44264.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\0FD86C60.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\12BF2F75.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\1CFD092B.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\1EE04F17.dll infected by "Trojan-Dropper.Win32.Agent.fu" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\1F1E5B6F.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\225D6E47.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\23917E5B.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\245A50A4.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\24D93657.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\28850A9A.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\29423E46.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\2AAC0D0D.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\337A079C.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\35321F7A.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\3C1D2B35.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\447E64E7.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\45220BBB.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\45220BBB.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\45DE4289.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\4A9115A6.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\4C814C61.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\4E1D1C04.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\4E5E1895.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\51444DCB.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\56572021.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\5AFD026F.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\5C661529.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\5C6A3F25.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\5E3259DD.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\64401BCA.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\644345C7.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\64871974.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\663B0C5E.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\6A9D6516.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\7265201D.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\74217742.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\7AA31A97.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\7AD86D79.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\7AD86D79.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\7F6028F3.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken. File C:\Programme\PerfectNav\BHO\PerfectNav150c.dll infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken. File C:\Programme\Recommended Hotfix - 421701D\v15\RH.DLL infected by "not-a-virus:AdWare.SmartPops" Virus. Action Taken: No Action Taken. File C:\Programme\Recommended Hotfix - 421701D\v15\RH.exe infected by "not-a-virus:AdWare.SmartPops" Virus. Action Taken: No Action Taken. File C:\Programme\SED\SE.exe infected by "not-a-virus:AdWare.WindowEnhancer" Virus. Action Taken: No Action Taken. File C:\Programme\SED\SED.exe infected by "not-a-virus:AdWare.Cres" Virus. Action Taken: No Action Taken. File C:\Programme\SurfSideKick 2\SskBho.dll infected by "not-a-virus:AdWare.TotalVelocity.aa" Virus. Action Taken: No Action Taken. File C:\Programme\SurfSideKick 2\SskCore.dll infected by "not-a-virus:AdWare.TotalVelocity.ac" Virus. Action Taken: No Action Taken. File C:\WINDOWS\aconti.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\browserxtras\pn\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Coder\_248-a2p-0-0-.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Coder\_344-a2p-0-0-.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\d8.exe infected by "Trojan-Downloader.Win32.Small.ahx" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\058343sw.exe tagged as not-a-virus:RiskWare.Dialer.PlayGames. No Action Taken. File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\058343sw.exe tagged as not-a-virus:RiskWare.Dialer.PlayGames. No Action Taken. File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ieloader.dll infected by "Trojan-Downloader.Win32.Ladder.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\ieloader.dll infected by "Trojan-Downloader.Win32.Ladder.c" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\MaConnect.dll infected by "not-a-virusorn-Tool.Win32.MaConnect" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\StarInstall.ocx infected by "Trojan-Downloader.Win32.Small.eb" Virus. Action Taken: No Action Taken. File C:\WINDOWS\icont.exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken. File C:\WINDOWS\iconu.exe infected by "not-a-virus:AdWare.Zestyfind" Virus. Action Taken: No Action Taken. File C:\WINDOWS\nem220.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken. File C:\WINDOWS\od-stnd168.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dk" Virus. Action Taken: No Action Taken. File C:\WINDOWS\p2p-10112.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken. File C:\WINDOWS\SSK_B5.EXE infected by "Trojan-Dropper.Win32.SurfSide.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\drivers\.sys infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\ffInst.exe infected by "not-a-virus:AdWare.Look2Me.r" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\odpomeve.exe infected by "Trojan-Downloader.Win32.IstBar.ha" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\PopOops.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\PopOops2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\solufsuq.dll infected by "Trojan.Win32.Golid.f" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\SWLAD1.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\SWLAD2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\ujqnggjr.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\wincoreak.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\winlspak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\winrulesak.dll infected by "Trojan-Downloader.Win32.Agent.bt" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\winupdak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\wpqzfegu.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\adm.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\Setup.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\bw2.com infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\nsdtmp09.dll infected by "not-a-virus:AdWare.MetaDirect.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\wincoreak.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\winlspak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\winrulesak.dll infected by "Trojan-Downloader.Win32.Agent.bt" Virus. Action Taken: No Action Taken. File C:\WINDOWS\wsem303.dll infected by "Trojan-Downloader.Win32.Dyfuca.dt" Virus. Action Taken: No Action Taken. File C:\WINDOWS\aconti.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\browserxtras\pn\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Coder\_248-a2p-0-0-.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Coder\_344-a2p-0-0-.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\d8.exe infected by "Trojan-Downloader.Win32.Small.ahx" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\058343sw.exe tagged as not-a-virus:RiskWare.Dialer.PlayGames. No Action Taken. File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\058343sw.exe tagged as not-a-virus:RiskWare.Dialer.PlayGames. No Action Taken. File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ieloader.dll infected by "Trojan-Downloader.Win32.Ladder.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\ieloader.dll infected by "Trojan-Downloader.Win32.Ladder.c" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\MaConnect.dll infected by "not-a-virusorn-Tool.Win32.MaConnect" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\StarInstall.ocx infected by "Trojan-Downloader.Win32.Small.eb" Virus. Action Taken: No Action Taken. File C:\WINDOWS\icont.exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken. File C:\WINDOWS\iconu.exe infected by "not-a-virus:AdWare.Zestyfind" Virus. Action Taken: No Action Taken. File C:\WINDOWS\nem220.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken. File C:\WINDOWS\od-stnd168.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dk" Virus. Action Taken: No Action Taken. File C:\WINDOWS\p2p-10112.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken. File C:\WINDOWS\SSK_B5.EXE infected by "Trojan-Dropper.Win32.SurfSide.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\ffInst.exe infected by "not-a-virus:AdWare.Look2Me.r" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\odpomeve.exe infected by "Trojan-Downloader.Win32.IstBar.ha" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\PopOops.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\PopOops2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\solufsuq.dll infected by "Trojan.Win32.Golid.f" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\SWLAD1.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\SWLAD2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\ujqnggjr.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\wincoreak.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\winlspak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\winrulesak.dll infected by "Trojan-Downloader.Win32.Agent.bt" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\winupdak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\wpqzfegu.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\adm.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\Setup.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\bw2.com infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\nsdtmp09.dll infected by "not-a-virus:AdWare.MetaDirect.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\wincoreak.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\winlspak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\winrulesak.dll infected by "Trojan-Downloader.Win32.Agent.bt" Virus. Action Taken: No Action Taken. File C:\WINDOWS\wsem303.dll infected by "Trojan-Downloader.Win32.Dyfuca.dt" Virus. Action Taken: No Action Taken. so hier der log vom ad aware scann Ad-Aware SE Build 1.05 Logfile Created ononnerstag, 10. März 2005 17:14:12 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R32 10.03.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» AdDestroyer(TAC index:5):5 total references Alexa(TAC index:5):2 total references AltnetBDE(TAC index:4):54 total references Claria(TAC index:7):18 total references CommonName(TAC index:7):2 total references CoolWebSearch(TAC index:0):5 total references Cydoor(TAC index:7):99 total references Dialer(TAC index:5):13 total references DownloadWare(TAC index:8):3 total references DyFuCA(TAC index:3):40 total references eUniverse(TAC index:10):32 total references Global Netcom Inc(TAC index:5):6 total references Hijacker.TopConverting(TAC index:5):17 total references IBIS Toolbar(TAC index:5):128 total references MainPean Dialer(TAC index:5):11 total references MRU List(TAC index:0):37 total references NetworkEssentials(TAC index:7):48 total references Possible Browser Hijack attempt(TAC index:3):6 total references Redirected hostfile entry(TAC index:4):11 total references StarInstall(MainPean)(TAC index:5):22 total references SurfSideKickBHO(TAC index:7):7 total references Tracking Cookie(TAC index:3):80 total references WebDialer(TAC index:5):20 total references win32.trojandownloader.cabdialer(TAC index:7):5 total references VirtualBouncer(TAC index:5):3 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 10.03.2005 17:14:12 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 616 ThreadCreationTime : 10.03.2005 14:23:49 BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 712 ThreadCreationTime : 10.03.2005 14:23:53 BasePriority : High #:3 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 756 ThreadCreationTime : 10.03.2005 14:23:53 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:4 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 768 ThreadCreationTime : 10.03.2005 14:23:53 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:5 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1028 ThreadCreationTime : 10.03.2005 14:23:54 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1188 ThreadCreationTime : 10.03.2005 14:23:54 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1548 ThreadCreationTime : 10.03.2005 14:23:57 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:8 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1572 ThreadCreationTime : 10.03.2005 14:23:57 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:9 [ccevtmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1600 ThreadCreationTime : 10.03.2005 14:23:57 BasePriority : Normal FileVersion : 1.03.4 ProductVersion : 1.03.4 ProductName : Event Manager CompanyName : Symantec Corporation FileDescription : Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:10 [jusched.exe] FilePath : C:\Programme\Java\jre1.5.0_01\bin\ ProcessID : 1816 ThreadCreationTime : 10.03.2005 14:23:58 BasePriority : Normal #:11 [p2p networking.exe] FilePath : C:\WINDOWS\System32\P2P Networking\ ProcessID : 1824 ThreadCreationTime : 10.03.2005 14:23:58 BasePriority : Normal FileVersion : 1, 26, 0, 10 ProductVersion : 1, 26, 0, 10 ProductName : P2P Networking CompanyName : Joltid Ltd. FileDescription : P2P Networking InternalName : P2P Networking LegalCopyright : Copyright © 2001 - 2004 Joltid Ltd. All Rights Reserved. LegalTrademarks : Joltid is a registered trademark of Joltid Ltd. OriginalFilename : P2P Networking.exe #:12 [cisvc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 604 ThreadCreationTime : 10.03.2005 14:24:07 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cisvc.exe #:13 [navapsvc.exe] FilePath : C:\Programme\Norton AntiVirus\ ProcessID : 656 ThreadCreationTime : 10.03.2005 14:24:07 BasePriority : Normal FileVersion : 9.05.1015 ProductVersion : 9.05.1015 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:14 [nprotect.exe] FilePath : C:\Programme\Norton AntiVirus\AdvTools\ ProcessID : 668 ThreadCreationTime : 10.03.2005 14:24:07 BasePriority : Normal FileVersion : 16.00.0.22 ProductVersion : 16.00.0.22 ProductName : Norton Utilities CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT LegalCopyright : Copyright (C) 2003 Symantec Corporation LegalTrademarks : Norton Utilities OriginalFilename : NPROTECT.EXE #:15 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1180 ThreadCreationTime : 10.03.2005 14:24:11 BasePriority : Normal FileVersion : 6.13.10.3100 ProductVersion : 6.13.10.3100 ProductName : NVIDIA Driver Helper Service, Version 31.00 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 31.00 InternalName : NVSVC LegalCopyright : (c) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:16 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1504 ThreadCreationTime : 10.03.2005 14:24:11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:17 [mwavscan.com] FilePath : C:\DOKUME~1\Luzzi\LOKALE~1\Temp\ ProcessID : 2644 ThreadCreationTime : 10.03.2005 14:25:50 BasePriority : Normal FileVersion : 4, 0, 0, 1 ProductVersion : 4, 0, 0, 1 ProductName : MWAV CompanyName : MicroWorld Technologies Inc. FileDescription : eScan Toolkit Utility InternalName : mwavscan LegalCopyright : Copyright © 2003-2004 MicroWorld Technologies Inc. OriginalFilename : mwavscan.exe #:18 [kavss.exe] FilePath : C:\DOKUME~1\Luzzi\LOKALE~1\Temp\ ProcessID : 2668 ThreadCreationTime : 10.03.2005 14:25:54 BasePriority : Normal FileVersion : 4.0.2.10 ProductVersion : 4.0.2.10 ProductName : Kaspersky Anti-Virus Scanner Server CompanyName : Kaspersky Lab. FileDescription : Kaspersky Anti-Virus Single Scanner InternalName : kavss.exe LegalCopyright : Copyright (C) 1999-2002 Kaspersky Lab. LegalTrademarks : Kaspersky is a registered trademark of Kaspersky Lab. OriginalFilename : kavss.exe Comments : Dmitry A. Ryabov [ryabov@kaspersky.com] #:19 [cidaemon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 4036 ThreadCreationTime : 10.03.2005 14:31:39 BasePriority : Idle FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cidaemon.exe #:20 [firefox.exe] FilePath : C:\Programme\Mozilla Firefox\ ProcessID : 3124 ThreadCreationTime : 10.03.2005 15:57:35 BasePriority : Normal #:21 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3960 ThreadCreationTime : 10.03.2005 16:11:51 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» AdDestroyer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\software\vb and vba program settings\addestroyer AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{e813099d-5529-47f4-9b37-4afafcb00a43} AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{e813099d-5529-47f4-9b37-4afafcb00a43} Value : AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb} AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb} Value : AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} Value : AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\altnet AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\altnet Value : SharedMediaDir AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\altnet Value : ALTNET_DIR AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm4.adm4 AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm4.adm4 Value : AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm25.adm25 AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm25.adm25 Value : AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm4.adm4.1 AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm4.adm4.1 Value : AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} Value : AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} Value : AppID AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm25.adm25.1 AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm25.adm25.1 Value : AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\adm.exe AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\adm.exe Value : AppID AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\altnet signing module.exe AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\altnet signing module.exe Value : AppID AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{e813099d-5529-47f4-9b37-4afafcb00a43} AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{e813099d-5529-47f4-9b37-4afafcb00a43} Value : Claria Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : GMG Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : uets Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : GEF Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : GMI Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : LastInstall Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : SSeq Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : SEvt Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : PAK Claria Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\gain Claria Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\gator.com Claria Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\gain CommonName Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00000000-0000-0000-0000-000000000000} Cydoor Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\software\cydoor Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\software\cydoor Value : Vers Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\software\cydoor Value : Desc2 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\software\cydoor Value : ConnType Cydoor Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cydoor Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cydoor Value : C:\Programme\Kazaa\Kazaa.exe Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cydoor Value : AdwrCnt Cydoor Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\\software\cydoor Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\\software\cydoor Value : Vers Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\\software\cydoor Value : Desc2 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\\software\cydoor Value : ConnType Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : Cytainment Rootkey : HKEY_CLASSES_ROOT Object : ieloaderctl.ieloaderctl Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : Cytainment Rootkey : HKEY_CLASSES_ROOT Object : ieloaderctl.ieloaderctl Value : Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : Cytainment Rootkey : HKEY_CLASSES_ROOT Object : ieloaderctl.ieloaderctl.1 Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : Cytainment Rootkey : HKEY_CLASSES_ROOT Object : ieloaderctl.ieloaderctl.1 Value : Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : Cytainment Rootkey : HKEY_CLASSES_ROOT Object : interface\{0f4a7b40-a295-11cf-a3a9-00a0c9034920} Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : Cytainment Rootkey : HKEY_CLASSES_ROOT Object : interface\{0f4a7b40-a295-11cf-a3a9-00a0c9034920} Value : Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : Cytainment Rootkey : HKEY_CLASSES_ROOT Object : interface\{c60bc918-abba-0704-0b53-2c8830e9faec} Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : Cytainment Rootkey : HKEY_CLASSES_ROOT Object : interface\{c60bc918-abba-0704-0b53-2c8830e9faec} Value : Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : Cytainment Rootkey : HKEY_CLASSES_ROOT Object : typelib\{000000aa-abba-0704-0b53-2c8830e9faec} Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{42f2d240-b23c-11d6-8c73-70a05dc10000} Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{42f2d240-b23c-11d6-8c73-70a05dc10000} Value : SystemComponent Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{42f2d240-b23c-11d6-8c73-70a05dc10000} Value : Installer DownloadWare Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\software\downloadware DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc} DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.sinkobj.1 DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.sinkobj.1 Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.sinkobj DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.sinkobj Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj.1 DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj.1 Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297} DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297} Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\software\avenue media DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-854245398-2147024035-839522115-1004\software\policies\avenue media DyFuCA Object Recognized! Type : Regkey Data : Category Dieser Beitrag wurde am 10.03.2005 um 18:03 Uhr von EVO VII editiert.
|
|
|
||
10.03.2005, 18:33
...neu hier
Beiträge: 3 |
#70
und hier mein ergebnis vom virenscann (hab das mit dem "infected" nicht gecheckt)
File C:\WINDOWS\System32\2b3fsk0h.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\bln02nqv.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\ELEONO~1\LOKALE~1\Temp\backups\backup-20050310-170514-123.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\ELEONO~1\LOKALE~1\Temp\backups\backup-20050310-170514-352.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\ELEONO~1\LOKALE~1\Temp\backups\backup-20050310-170514-375.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\ELEONO~1\LOKALE~1\Temp\backups\backup-20050310-170516-424.dll infected by "not-a-virusorn-Dialer.Win32.Creazione.l" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\ELEONO~1\LOKALE~1\Temp\DrTemp\speer_v12.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\ELEONO~1\LOKALE~1\Temp\THI4CE9.tmp\speer.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Eleonore Skarlakidis\Lokale Einstellungen\Temp\backups\backup-20050310-170514-123.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Eleonore Skarlakidis\Lokale Einstellungen\Temp\backups\backup-20050310-170514-352.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Eleonore Skarlakidis\Lokale Einstellungen\Temp\backups\backup-20050310-170514-375.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Eleonore Skarlakidis\Lokale Einstellungen\Temp\backups\backup-20050310-170516-424.dll infected by "not-a-virusorn-Dialer.Win32.Creazione.l" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Eleonore Skarlakidis\Lokale Einstellungen\Temp\DrTemp\speer_v12.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Eleonore Skarlakidis\Lokale Einstellungen\Temp\THI4CE9.tmp\speer.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\Program Files\Media Pass\MediaPassK.exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\WinTools\WSup.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\WinTools\WToolsS.exe infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\01FD6EE2.pif infected by "IM-Worm.Win32.Bropia.l" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\020118DE.exe infected by "IM-Worm.Win32.Bropia.l" Virus. Action Taken: No Action Taken. File C:\Programme\Toolbar\IExploreSkins.exe tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken. File C:\Programme\Toolbar\PIB.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\Programme\Toolbar\TBPS.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\Programme\Toolbar\TBPSSvc.exe infected by "not-a-virus:AdWare.WebSearch.f" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP100\A0008153.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP100\A0008154.exe infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP100\A0008161.exe infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP100\A0008162.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP100\A0008575.exe infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP100\A0008576.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP102\A0008992.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP102\A0008993.exe infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP103\A0009004.dll infected by "not-a-virus:AdWare.WebSearch.f" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP103\A0009010.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP103\A0009011.exe infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP103\A0009016.exe infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\A0009018.dll infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\A0009019.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\A0009024.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\A0009025.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\A0009217.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\A0009218.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\snapshot\MFEX-1.DAT infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP105\A0009729.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP105\A0009730.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP106\A0010167.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP106\A0010168.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP107\A0010342.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP107\A0010343.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP107\A0010355.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP107\A0010356.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP108\A0010834.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP108\A0010835.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP109\A0010940.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP109\A0010941.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011038.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011039.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011043.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011048.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011049.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011059.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011060.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011351.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011352.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP111\A0011366.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP111\A0011367.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP114\A0012032.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP114\A0012033.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP114\A0012046.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP114\A0012047.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP115\A0012334.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP115\A0012335.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP117\A0012978.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP117\A0012979.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013311.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013312.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013388.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013389.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013397.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013398.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013414.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013415.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013425.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013426.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013437.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013438.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013451.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013452.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013459.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013460.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013467.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013468.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013476.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013477.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013485.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013486.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP121\A0013769.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP121\A0013770.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP122\A0013782.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP122\A0013783.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP123\A0013809.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP123\A0013810.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP124\A0013832.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP124\A0013833.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP126\A0013871.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP126\A0013872.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP127\A0013896.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP127\A0013897.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP127\A0014076.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP127\A0014077.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP128\A0014088.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP128\A0014089.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP128\A0014099.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP128\A0014100.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP129\A0014120.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP129\A0014121.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP130\A0014144.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP130\A0014145.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP131\A0014164.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP131\A0014165.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP132\A0014188.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP132\A0014189.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014272.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014273.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014274.dll infected by "not-a-virus:AdWare.WinAD.m" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014275.exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014276.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014277.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014281.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014384.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014385.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014390.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014391.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014401.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014402.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014411.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014413.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014414.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014419.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014420.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014436.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014437.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014461.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014474.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014477.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014483.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014484.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014494.pif infected by "IM-Worm.Win32.Bropia.l" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014495.exe infected by "IM-Worm.Win32.Bropia.l" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014658.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014659.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014673.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014674.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014685.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014690.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014691.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014696.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014697.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014702.exe infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014703.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014706.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014712.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014713.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken. File C:\Temp\salm.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. File C:\Temp\salmhook.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. File C:\WINDOWS\70tovmto.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Messenger2.exe infected by "not-a-virus:AdWare.WinAD.i" Virus. Action Taken: No Action Taken. File C:\WINDOWS\orsvaz.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. File C:\WINDOWS\speer.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\2b3fsk0h.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\bln02nqv.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken. File C:\WINDOWS\70tovmto.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Messenger2.exe infected by "not-a-virus:AdWare.WinAD.i" Virus. Action Taken: No Action Taken. File C:\WINDOWS\orsvaz.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. File C:\WINDOWS\speer.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\2b3fsk0h.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\bln02nqv.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken. |
|
|
||
10.03.2005, 18:51
...neu hier
Beiträge: 9 |
#71
hallo sabina auch ich scheine mit dem wurm verseucht zu sein.kämpfe schon seit gestern abend mit dem entfernen.kannst du mir bitte auch helfen? ich bin allerdings total plond was pc betrifft. hab alleine 30 min. gebraucht um die zip zu öffnen ;-) aber es hat dann doch noch geklappt. anbei mein log. hoffe es ist das richtige und auch vollständig. ich danke dir schon mal im vorraus für deine mühe.
liebe grüße bibi Logfile of HijackThis v1.99.1 Scan saved at 18:39:43, on 10.03.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Internet Security\ISSVC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Softwin\BitDefender8\bdoesrv.exe C:\Programme\Softwin\BitDefender8\bdswitch.exe C:\Program Files\Windows FormatAd\WinForm.exe C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\SCARDS32.EXE C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\System32\devldr32.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe c:\progra~1\softwin\bitdef~1\bdmcon.exe C:\Programme\Softwin\BitDefender8\vsserv.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NSMdtr.exe C:\Dokumente und Einstellungen\Bibi\Eigene Dateien\Meine empfangenen Dateien\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe O4 - HKLM\..\Run: [Windows FormatAd] C:\Program Files\Windows FormatAd\WinForm.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Dokumente und Einstellungen\Bibi\Desktop\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O15 - Trusted Zone: www.seb.de O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{17B5DBA1-4104-4EA7-BA9F-FF53A1ED978D}: NameServer = 217.237.150.225 217.237.150.141 O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe O23 - Service: WinDLL DLL Loader (WinDLL) - Unknown owner - C:\Server\windll.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe |
|
|
||
10.03.2005, 18:52
...neu hier
Beiträge: 4 |
#72
was hab ich zu tun, ich bedanke mich schonmal für die hilfe
Logfile of HijackThis v1.99.1 Scan saved at 18:51:30, on 10.03.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\HanseNet\HanseNet-Produkte\app\TangoService.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\Programme\Softwin\BitDefender8\vsserv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Systemsteuerung\atiptaxx.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Programme\Softwin\BitDefender8\bdoesrv.exe C:\Programme\Softwin\BitDefender8\bdswitch.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\HanseNet\HANSEN~1\app\TangoManager.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\ICQLite\ICQLite.exe C:\Dokumente und Einstellungen\Physalis\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?mszoe (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://in.webcounter.cc/--/?mszoe (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?mszoe (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?mszoe (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?mszoe (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zsscf.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zsscf.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zsscf.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zsscf.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zsscf.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zsscf.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?mszoe (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zsscf.dll/sp.html#44768 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?mszoe (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4B2C0F1B-9B30-2FC4-A487-1C59255C24ED} - C:\WINDOWS\mfcba32.dll O2 - BHO: (no name) - {683E615B-169A-80CF-3487-660FBFB04194} - C:\WINDOWS\mfcba32.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\Jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Systemsteuerung\atiptaxx.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Winsock2 driver] RUNDLL32.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [sdkwa.exe] C:\WINDOWS\system32\sdkwa.exe O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe O4 - HKLM\..\Run: [javagz32.exe] C:\WINDOWS\system32\javagz32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {6E0D8A62-E6CF-4D29-BF04-6537E3BA1DF0} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {6E0D8A62-E6CF-4D29-BF04-6537E3BA1DF0} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {7EDCB906-63FE-498D-A163-3E2C7B69676D} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {7EDCB906-63FE-498D-A163-3E2C7B69676D} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/ger_nopop.exe O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} - http://gn.one2bill.de/soft/axload.cab O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//uncle/main.chm::/load.exe O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://66.230.145.49/20647/online.chm::/on-line.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9f61b12a60c07eebdb4fc97ec168da8e90daa2eebae9c7525e5f878a37b676f935fd98ead5cd86ed7cb267a3cbe236b4146bf88f:adfe7cdda14abbf71198a73bd5be0348 O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/ccb59cc9/enter.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/072c5cf22346a0712a14/netzip/RdxIE601_de.cab O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://img.web.de/v/mail/activex/mail_upload_1123.cab O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.browserplugin.com/plugin/exe/access_special.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/de/check/qdiagh.cab?325 O17 - HKLM\System\CCS\Services\Tcpip\..\{9ADB9F98-F1A6-40FC-8EE4-E10ED0B406A2}: NameServer = 213.191.92.87 213.191.74.18 O19 - User stylesheet: C:\WINDOWS\Web\tips.ini (file missing) O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Programme\HanseNet\HanseNet-Produkte\app\TangoService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe O23 - Service: Network Security Service (NSS) ( 6QÔõ 'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\javaij32.exe (file missing) mfg mit feuchtem gruß Phy |
|
|
||
11.03.2005, 03:31
...neu hier
Beiträge: 2 |
#73
Hi,
also ich hatte vor paar tagen auch das lustige vergnügen das sich mein Norton internet Security 2003 mit Antivirus erkannt hat das ich den w32.spybot.worm auf meiner Kiste hab. Hab mich dann auch hier im Forum umgesehen und hab beschlossen meine Kiste Plat zu machen und sie neu zu instalieren. wäre net wenn mein HijackThis analysiert wird ob da noch eine kleinigkeit übriggeblieben ist die gar nicht so klein ist. Logfile of HijackThis v1.99.1 Scan saved at 03:03:55, on 11.03.2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe D:\Programme\AVPersonal\AVGUARD.EXE D:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\Explorer.exe C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe D:\Programme\Winamp3\winampa.exe C:\Programme\VIAudioi\SBADeck\ADeck.exe D:\Programme\AVPersonal\AVGNT.EXE C:\WINNT\System32\rmctrl.exe D:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\WINNT\System32\internat.exe D:\Programme\Free Download Manager\fdm.exe D:\Programme\WinZip\WZQKPICK.EXE D:\Downloads\HijackThis.exe C:\WINNT\system32\rundll32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/ O2 - BHO: WgBHO Class - {67E9834D-B226-49E6-B6F6-85AA64E14BA3} - D:\Programme\Free Download Manager\iefdm.dll O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [WinampAgent] "D:\Programme\Winamp3\winampa.exe" O4 - HKLM\..\Run: [AudioDeck] C:\Programme\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [RemoteControl] C:\WINNT\System32\rmctrl.exe O4 - HKLM\..\Run: [CloneCDTray] D:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "D:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Free Download Manager] D:\Programme\Free Download Manager\fdm.exe -autorun O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = D:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://D:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Programme\Free Download Manager\dlpage.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe Danke schon mal im voraus. MFG Arthur |
|
|
||
11.03.2005, 09:12
Ehrenmitglied
Beiträge: 29434 |
#74
Hallo@EVO VII
Deaktivieren Wiederherstellung «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann aktiviere sie wieder) •KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\browserxtras\pn\remove.exe C:\WINDOWS\System32\winlspak.dll C:\WINDOWS\System32\drivers\axmjdtzo.sys C:\WINDOWS\aconti.exe C:\WINDOWS\d8.exe C:\WINDOWS\icont.exe C:\WINDOWS\iconu.exe C:\WINDOWS\nem220.dll C:\WINDOWS\od-stnd168.exe C:\WINDOWS\optimize.exe C:\WINDOWS\p2p-10112.exe C:\WINDOWS\SSK_B5.EXE C:\WINDOWS\wsem303.dll C:\WINDOWS\System32\cd_clint.dll C:\WINDOWS\System32\ffInst.exe C:\WINDOWS\System32\odpomeve.exe C:\WINDOWS\System32\PopOops.dll C:\WINDOWS\System32\PopOops2.dll C:\WINDOWS\System32\solufsuq.dll C:\WINDOWS\System32\SWLAD1.dll C:\WINDOWS\System32\SWLAD2.dll C:\WINDOWS\System32\ujqnggjr.exe C:\WINDOWS\System32\vjwwofim.dll C:\WINDOWS\System32\wincoreak.dll C:\WINDOWS\System32\winlspak.dll C:\WINDOWS\System32\winrulesak.dll C:\WINDOWS\System32\winupdak.dll C:\WINDOWS\System32\wpqzfegu.exe C:\Temp\salmhook.dll C:\WINDOWS\70tovmto.exe C:\WINDOWS\Messenger2.exe C:\WINDOWS\orsvaz.exe C:\WINDOWS\speer.dll C:\WINDOWS\system32\2b3fsk0h.dll C:\WINDOWS\system32\bln02nqv.exe C:\program files\Altnet\Download Manager\adm25.dll C:\program files\Altnet\Download Manager\adm4.dll C:\program files\Altnet\Download Manager\adm4005.exe C:\program files\Altnet\Download Manager\admprog.dll C:\program files\Altnet\Download Manager\asmps.dll C:\program files\Altnet\Points Manager\sysdetect.dll C:\program files\Internet Optimizer\optimize.exe C:\program files\Internet Optimizer\update\optimize312.exe C:\WINDOWS\Temp\nsdtmp09.dll C:\WINDOWS\Temp\Altnet\adm.exe C:\WINDOWS\Temp\Altnet\adm25.dll C:\WINDOWS\Temp\Altnet\adm4.dll C:\WINDOWS\Temp\Altnet\admprog.dll C:\WINDOWS\Temp\Altnet\Setup.exe C:\WINDOWS\Temp\bw2.com C:\WINDOWS\Temp\wincoreak.dll C:\WINDOWS\Temp\winlspak.dll C:\WINDOWS\Temp\winrulesak.dll C:\Programme\Common Files\updmgr\rvupdmgr.exe C:\Programme\Common Files\updmgr\simgr.exe C:\Programme\Common Files\updmgr\updmgr.exe C:\Programme\PerfectNav\BHO\PerfectNav150c.dll C:\Programme\Gemeinsame Dateien\CMEII\apps\DateManager\datemanager2102.zip C:\Programme\Gemeinsame Dateien\CMEII\apps\DateManager\InstallDateManager.exe C:\Programme\Gemeinsame Dateien\CMEII\apps\PrecisionTime\InstallPrecisionTime.exe C:\Programme\Gemeinsame Dateien\CMEII\apps\PrecisionTime\precisiontime2102.zip C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll C:\Programme\Gemeinsame Dateien\CMEII\GController.dll C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll C:\Programme\Gemeinsame Dateien\CMEII\store\apps\datemanager2102.zip C:\Programme\Gemeinsame Dateien\CMEII\store\apps\precisiontime2102.zip C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil C:\Programme\Gemeinsame Dateien\nluplcae\ltalstoc\sqrmetsb.exe C:\Programme\Gemeinsame Dateien\nluplcae\nsflueerfo\ffroesmsl.exe C:\Programme\Gemeinsame Dateien\WinTools\WSup.exe C:\Programme\Gemeinsame Dateien\WinTools\WToolsA.exe C:\Programme\Gemeinsame Dateien\WinTools\WToolsB.dll C:\Programme\Gemeinsame Dateien\WinTools\WToolsS.exe C:\Programme\INSTAFINK\instafink.dll C:\Programme\Kazaa\TopSearch.dll C:\Programme\MyWay\myBar\2.bin\MY2NS.EXE C:\Programme\MyWay\myBar\2.bin\NPMYWAY.DLL C:\Programme\Recommended Hotfix - 421701D\v15\RH.DLL C:\Programme\Recommended Hotfix - 421701D\v15\RH.exe C:\Programme\SED\SE.exe C:\Programme\SED\SED.exe C:\Programme\SurfSideKick 2\SskBho.dll C:\Programme\SurfSideKick 2\SskCore.dll C:\WINDOWS\aconti.exe C:\WINDOWS\browserxtras\pn\remove.exe C:\WINDOWS\Coder\_248-a2p-0-0-.exe C:\WINDOWS\Coder\_344-a2p-0-0-.exe C:\WINDOWS\Downloaded Program Files\058343sw.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\058343sw.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ieloader.dll C:\WINDOWS\Downloaded Program Files\ieloader.dll C:\WINDOWS\Downloaded Program Files\MaConnect.dll C:\WINDOWS\Downloaded Program Files\StarInstall.ocx PC neustarten #TuneUp2004 (30 Tage free) http://www.tuneup.de/products/tuneup-utilities/ Cleanup repair -->TuneUp Diskcleaner Cleanup repair -->Registry Cleaner dann scanne noch mal mit •L2mfix Laden Sie L2mfix von hier herunter: http://bilder.informationsarchiv.net/Nikitas_Tools/ http://www.atribune.org/downloads/l2mfix.exe * Speichern Sie die Datei auf Ihren Desktop und doppel-klicken Sie click l2mfix.exe. * Klicken Sie auf Installieren um die Dateien zu extrahieren und folgen Sie den Anweisungen während der Installation. * Dann öffnen Sie den auf Ihrem Desktop neuerstellten Ordner l2mfix * Doppel-klicken Sie die Datei l2mfix.bat und tippen sie eine 1[/] und drücken Sie [Enter], um Find log laufen zu lassen. Dies wird Ihren Computer scannen. Es kann sein, das es so aussieht als ob nichts passiert, aber nach 1 oder 2 Minuten wird sich Notepad mit einem Log öffnen. * Kopieren Sie den Inhalt durch Strg+A und fügen Sie den Inhalt in Ihren Thread durch Strg+V. WICHTIG: Nutzen Sie nicht Option 2, oder jegliche andere Dateien aus dem l2mfix Ordner, bis Sie dazu aufgefordert werden! * Schließen Sie alle offenen Programme , da der nächste Schritt einen Neustart erfordert. Klicken Sie erneut auf l2mfix.bat und tippen Sie 2 ein --> Enter[]. * Drücken Sie eine beliebige Taste um einen Systemneustart einzuleiten. * Nach dem Neustart, werden Ihre Icons auf dem Desktop kurz erscheinen und kurz verschwinden - dies ist NORMAL. * L2mfix wird den Systemscan fortsetzen und wenn es fertig ist, wird sich Notepad öffnen und einen Log anzeigen. Kopieren Sie auch diesen hier in den Thread rein (Strg+C & Strg+V). Posten Sie ausserdem einen aktuellen HijackThis Log. WICHTIG: Nutzen Sie nicht Option 2, oder jegliche andere Dateien aus dem l2mfix Ordner, bis Sie dazu aufgefordert werden! * Doppel-klicken Sie erneut auf l2mfix.bat und geben Sie 4[b] ein. Bestätigen Sie mit [Enter]. * Dies stellt die Winlogon Standardeinstellungen wieder her. * Posten Sie einen [b]aktuellen HijackThis Log erneut in Ihren Thread ein. poste dieses Log + das neue Log vom Hijackthis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.03.2005, 10:30
Ehrenmitglied
Beiträge: 29434 |
#75
Hallo@blutsvente
deaktiviere die Systemwiederherstellung, dann aktiviere sie wieder #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten O4 - HKLM\..\Run: [Popup Blocker System32c Monitoring] PopUpBlockercd.exe O4 - HKLM\..\Run: [winupdates] winupdates.exe O4 - HKLM\..\Run: [Go And Start] svdll32.exe O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe O4 - HKLM\..\RunServices: [Popup Blocker System32c Monitoring] PopUpBlockercd.exe O4 - HKLM\..\RunServices: [winupdates] winupdates.exe O4 - HKLM\..\RunServices: [Go And Start] svdll32.exe O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe PC neustarten---> in den abgesicherten Modus--> mit Internetverbindung (druecke F8, wenn der PC hochfaehrt und waehle die Option: "abgesicherter Modus mit Internetverbindung) loesche: winupdates.exe svdll32.exe wuamgrd.exe PopUpBlockercd.exe mache aus dem abgesicherten Modus heraus alle Onlinescanns, die du auf meiner Seite findest (nach unten scrollen, da sind sie) http://eddys-domain.de/nikita/ dann berichte bitte von jedem einzelnen Onlinescann (alles notieren oder gleich hier reinkopieren--> mit dem kompletten Pfad) + poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Sabine
ist ja interessant, dass du auch in Portugal lebst, wo denn? Einer meiner Hunde heißt übrigens Nikita...
Ja, formatieren ist schon eine Idee. Das habe ich allerdings schon mal vor 3 Monaten gemacht....weil ich mit dem W32-spybot nicht klar kam. Und kurze Zeit später hat der selbe Keks wieder angefangen. Kriege halt immer so eine Fehlermeldung: Generic Host, System32 hat ein Problem entdeckt und alles muss beendet werden. Oder besser: alles ist schon beendet.
Also: wenn ich jetzt mal wieder formatiere, möchte ich nicht wieder das gleiche Problem haben. Ich hoffe, ich habe genügend Zeit, deine Anweisungen zu lesen....bevor mal wieder Ende ist....oder zumindest zu kopieren.
Erstmal ein dickes Danke!
Beijinhos
Conny