wie entfernt man w32.spybot.worm?

#61 Hallo,
Sabine
ist ja interessant, dass du auch in Portugal lebst, wo denn? Einer meiner Hunde heißt übrigens Nikita...
Ja, formatieren ist schon eine Idee. Das habe ich allerdings schon mal vor 3 Monaten gemacht....weil ich mit dem W32-spybot nicht klar kam. Und kurze Zeit später hat der selbe Keks wieder angefangen. Kriege halt immer so eine Fehlermeldung: Generic Host, System32 hat ein Problem entdeckt und alles muss beendet werden. Oder besser: alles ist schon beendet.
Also: wenn ich jetzt mal wieder formatiere, möchte ich nicht wieder das gleiche Problem haben. Ich hoffe, ich habe genügend Zeit, deine Anweisungen zu lesen....bevor mal wieder Ende ist....oder zumindest zu kopieren.

Erstmal ein dickes Danke!
Beijinhos
Conny

#62 ????
ist das kompliziert!!!! erklär mir mal wie ich alles infected suchen soll?! ich bin auf bearbeiten gegangen hab da bei suchen das eingegeben, aber da kamen ca.30 wörter mit infected muss ich die sätze wo infected drinsteht ins board kopieren??

#63 KLar, musst du das machen
__________
MfG Sabina

rund um die PC-Sicherheit

#64 hallo@pody

wer so was laedt und dann noch den Dialer, braucht sich nicht zu wundern, wenn alles verseucht ist....

VacPro.internazionale_ver4 (Dialer) + ErrorGuard



•Download Registry Search Tool :
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip

Meldung (Symantec)--
warnmeldung:bösartiges skript entdeckt --> ignorieren
Object: Windows Script Host Shell Object

Doppelklick:regsrch.vbs

reinkopieren:

{9E98E84C-79E1-49C3-82EB-798FCD552EFB}

Press 'OK'
warten, bis die Suche beendet ist. (Ergebnis bitte posten)

{205FF73B-CA67-11D5-99DD-444553540006}

Press 'OK'

warten, bis die Suche beendet ist. (Ergebnis bitte posten)


#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: sPeerObj Class - {00000026-8735-428D-B81F-DD098223B25F} - C:\WINDOWS\speer.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Programme\Toolbar\toolbar.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\Programme\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\Programme\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Windows Taskmanager] lsassx.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [orsvaz] C:\WINDOWS\orsvaz.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\RunServices: [Windows Taskmanager] lsassx.exe
O4 - HKCU\..\Run: [ChkMail] A‹
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\Programme\Toolbar\toolbar.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

PC neustarten

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\Downloaded Program Files\internazionale_ver4.ocx
C:\Programme\Toolbar\TBPS.exe
C:\Programme\Toolbar\PIB.exe
C:\WINDOWS\System32\lsassx.exe
C:\temp\salm.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\WINDOWS\System32\gah95on6.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\Program Files\Media Pass\MediaPassC.dll
C:\Program Files\Media Pass\Info.txt
C:\WINDOWS\temp\USB.exe
C:\WINDOWS\temp\oddworldz.exe
C:\WINDOWS\temp\istinstall.exe
C:\WINDOWS\SYSTEM32\igfxsrvc.dll
C:\WINDOWS\orsvaz.exe
C:\Programme\Gemeinsame Dateien\WinTools\WSup.exe
C:\Programme\Gemeinsame Dateien\WinTools\WToolsA.exe
C:\Programme\Gemeinsame Dateien\WinTools\WToolsB.dll
C:\WINDOWS\nem220.dll
C:\WINDOWS\speer.dll
C:\Programme\Toolbar\toolbar.dll

PC neustarten

•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->

danach von hier die "infected" abkopieren--> und dann in die Killbox oder manuell loeschen

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann

#ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)

#TuneUp2004 (30 Tage free)
http://www.tuneup.de/products/tuneup-utilities/
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner

#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

+ poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

#65 hallo sabina,

bin ebenfalls neu hier (google machts möglich) und wende mich mit dem gleichen problem an dich wie die anderen in diesem thread. os=windows xp, virenscanner=norton antivirus professional 2003 (halbwegs up to date). av hat auch diesen virus erkannt, kann ihn jedoch nicht löschen habe auch scon in anderen threads geschaut und bin nach deren anweisung vorgegangen, leider ohne das gewünschte ergebnis. habe unter anderen in der regedit nach verdächtigen einträgen geschaut, aber nicht die beschrieben gefunden. habe mir auch ein tool <<spybot s&d>> auf den rechner geladen. hilft alles nix. mein rechner "friert ein" immer nach einer kurzen zeit, nachdem ich mich ins netz eingewählt habe - dann geht nix mehr. ich vermute, dass ich dann auch nicht mehr herr des rechners bin. ihr schreibt hier immer vin <<hijackthis>> was ist bedeutet das??? ich habe bereits meine rechner im gesicherten modus hochgefahren und den scanner drübre laufen lassen. was soll ich nun tun.
thanxxx im voraus!
meik

#66 Hallo@blutsvente

HijackThis
http://www.downloads.subratam.org/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Lade/entpacke HijackThis in einem Ordner -->None of the above,
just start the program --> Save--> Savelog -->es öffnet sich der
Editor -->

Do a system scan and save a logfile --> Save--> Savelog -->es öffnet sich der
Editor -->

nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins
Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit

#67 hi sabina,
dass ging aber fix - thanxxx a lot
hier der inhalt des logfiles. bitte, bitte keine hiobsbotschaften
eat this:


Logfile of HijackThis v1.99.1
Scan saved at 15:28:52, on 10.3.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Dokumente und Einstellungen\meik\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.teltarif.de/lcr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Popup Blocker System32c Monitoring] PopUpBlockercd.exe
O4 - HKLM\..\Run: [winupdates] winupdates.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Go And Start] svdll32.exe
O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\RunServices: [Popup Blocker System32c Monitoring] PopUpBlockercd.exe
O4 - HKLM\..\RunServices: [winupdates] winupdates.exe
O4 - HKLM\..\RunServices: [Go And Start] svdll32.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Popup Blocker System32c Monitoring] PopUpBlockercd.exe
O4 - HKCU\..\Run: [Go And Start] svdll32.exe
O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

#68 hey danke..hoff mal es geht *g*
also...1. die beiden Registry Search ergebnisse:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "{9E98E84C-79E1-49C3-82EB-798FCD552EFB}" 10.03.2005 16:51:56

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Control]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\MiscStatus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\MiscStatus\1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\VERSION]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VacPro.internazionale_ver4\Clsid]
@="{9E98E84C-79E1-49C3-82EB-798FCD552EFB}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Contains]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\Contains\Files]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\DownloadInformation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}\InstalledVersion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/internazionale_ver4.ocx]
".Owner"="{9E98E84C-79E1-49C3-82EB-798FCD552EFB}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/internazionale_ver4.ocx]
"{9E98E84C-79E1-49C3-82EB-798FCD552EFB}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb]
".Owner"="{9E98E84C-79E1-49C3-82EB-798FCD552EFB}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb]
"{9E98E84C-79E1-49C3-82EB-798FCD552EFB}"=""


----------------------------------------



REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "{205FF73B-CA67-11D5-99DD-444553540006}" 10.03.2005 16:54:48

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Install.Install\CLSID]
@="{205FF73B-CA67-11D5-99DD-444553540006}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Install.Install.1\CLSID]
@="{205FF73B-CA67-11D5-99DD-444553540006}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains\Files]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\DownloadInformation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\InstalledVersion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Install.dll]
".Owner"="{205FF73B-CA67-11D5-99DD-444553540006}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Install.dll]
"{205FF73B-CA67-11D5-99DD-444553540006}"=""

#69 so hier die infected :


File C:\WINDOWS\System32\winlspak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\drivers\axmjdtzo.sys infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\aconti.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\d8.exe infected by "Trojan-Downloader.Win32.Small.ahx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\icont.exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\iconu.exe infected by "not-a-virus:AdWare.Zestyfind" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\nem220.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\od-stnd168.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dk" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\p2p-10112.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\SSK_B5.EXE infected by "Trojan-Dropper.Win32.SurfSide.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wsem303.dll infected by "Trojan-Downloader.Win32.Dyfuca.dt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ffInst.exe infected by "not-a-virus:AdWare.Look2Me.r" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\odpomeve.exe infected by "Trojan-Downloader.Win32.IstBar.ha" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PopOops.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PopOops2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\solufsuq.dll infected by "Trojan.Win32.Golid.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWLAD1.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWLAD2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ujqnggjr.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\vjwwofim.dll infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wincoreak.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\winlspak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\winrulesak.dll infected by "Trojan-Downloader.Win32.Agent.bt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\winupdak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wpqzfegu.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Luzzi\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader.jar-6063b9ef-73469f01.zip infected by "Trojan-Downloader.Java.OpenConnection.i" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Luzzi\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv2.jar-1cd70a40-49e29381.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Luzzi\Eigene Dateien\virus-,spysoftware\l2mfix\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Dokumente und Einstellungen\Luzzi\Eigene Dateien\virus-,spysoftware\l2mfix.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Dokumente und Einstellungen\Luzzi\Favoriten\Programme\mirc612.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File C:\program files\Altnet\Download Manager\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\program files\Altnet\Download Manager\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\program files\Altnet\Download Manager\adm4005.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\program files\Altnet\Download Manager\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\program files\Altnet\Download Manager\asmps.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\program files\Altnet\Points Manager\sysdetect.dll infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken.
File C:\program files\Internet Optimizer\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: No Action Taken.
File C:\program files\Internet Optimizer\update\optimize312.exe infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: No Action Taken.
File C:\program files\mIRC\backup\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File C:\program files\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.02. No Action Taken.
File C:\Programme\Common Files\updmgr\rvupdmgr.exe infected by "Trojan-Downloader.Win32.Keenval" Virus. Action Taken: No Action Taken.
File C:\Programme\Common Files\updmgr\simgr.exe infected by "Trojan-Downloader.Win32.Keenval" Virus. Action Taken: No Action Taken.
File C:\Programme\Common Files\updmgr\updmgr.exe infected by "Trojan-Downloader.Win32.Keenval" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\apps\DateManager\datemanager2102.zip infected by "not-a-virus:AdWare.Gator.4116" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\apps\DateManager\InstallDateManager.exe infected by "not-a-virus:AdWare.Gator.4116" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\apps\PrecisionTime\InstallPrecisionTime.exe infected by "not-a-virus:AdWare.Gator.2102" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\apps\PrecisionTime\precisiontime2102.zip infected by "not-a-virus:AdWare.Gator.2102" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\store\apps\datemanager2102.zip infected by "not-a-virus:AdWare.Gator.4116" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\store\apps\precisiontime2102.zip infected by "not-a-virus:AdWare.Gator.2102" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\nluplcae\ltalstoc\sqrmetsb.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\nluplcae\nsflueerfo\ffroesmsl.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\WinTools\WSup.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\WinTools\WToolsA.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\WinTools\WToolsB.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\WinTools\WToolsS.exe infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: No Action Taken.
File C:\Programme\INSTAFINK\instafink.dll infected by "not-a-virus:AdWare.ToolBar.404Search.h" Virus. Action Taken: No Action Taken.
File C:\Programme\Kazaa\TopSearch.dll infected by "not-a-virus:AdWare.Altnet.d" Virus. Action Taken: No Action Taken.
File C:\Programme\MyWay\myBar\2.bin\MY2NS.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.
File C:\Programme\MyWay\myBar\2.bin\NPMYWAY.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\01422DBB.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\022B7473.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\031C4C42.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\031F763E.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\0323203B.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\03264A37.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\03CC4D3F.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\070E39AA.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\07150DA3.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\071C619B.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\0768104C.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\09C83C5A.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\09D75265.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\09D75265.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\0C713AE5.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\0F207879.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\0FD44264.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\0FD86C60.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\12BF2F75.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\1CFD092B.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\1EE04F17.dll infected by "Trojan-Dropper.Win32.Agent.fu" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\1F1E5B6F.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\225D6E47.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\23917E5B.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\245A50A4.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\24D93657.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\28850A9A.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\29423E46.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\2AAC0D0D.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\337A079C.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\35321F7A.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\3C1D2B35.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\447E64E7.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\45220BBB.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\45220BBB.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\45DE4289.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\4A9115A6.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\4C814C61.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\4E1D1C04.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\4E5E1895.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\51444DCB.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\56572021.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\5AFD026F.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\5C661529.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\5C6A3F25.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\5E3259DD.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\64401BCA.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\644345C7.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\64871974.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\663B0C5E.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6A9D6516.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7265201D.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\74217742.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7AA31A97.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7AD86D79.exe infected by "Trojan-Downloader.Win32.Agent.gn" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7AD86D79.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7F6028F3.exe infected by "Backdoor.Win32.Wootbot.aq" Virus. Action Taken: No Action Taken.
File C:\Programme\PerfectNav\BHO\PerfectNav150c.dll infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken.
File C:\Programme\Recommended Hotfix - 421701D\v15\RH.DLL infected by "not-a-virus:AdWare.SmartPops" Virus. Action Taken: No Action Taken.
File C:\Programme\Recommended Hotfix - 421701D\v15\RH.exe infected by "not-a-virus:AdWare.SmartPops" Virus. Action Taken: No Action Taken.
File C:\Programme\SED\SE.exe infected by "not-a-virus:AdWare.WindowEnhancer" Virus. Action Taken: No Action Taken.
File C:\Programme\SED\SED.exe infected by "not-a-virus:AdWare.Cres" Virus. Action Taken: No Action Taken.
File C:\Programme\SurfSideKick 2\SskBho.dll infected by "not-a-virus:AdWare.TotalVelocity.aa" Virus. Action Taken: No Action Taken.
File C:\Programme\SurfSideKick 2\SskCore.dll infected by "not-a-virus:AdWare.TotalVelocity.ac" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\aconti.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\browserxtras\pn\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Coder\_248-a2p-0-0-.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Coder\_344-a2p-0-0-.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\d8.exe infected by "Trojan-Downloader.Win32.Small.ahx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\058343sw.exe tagged as not-a-virus:RiskWare.Dialer.PlayGames. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\058343sw.exe tagged as not-a-virus:RiskWare.Dialer.PlayGames. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ieloader.dll infected by "Trojan-Downloader.Win32.Ladder.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\ieloader.dll infected by "Trojan-Downloader.Win32.Ladder.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\MaConnect.dll infected by "not-a-virusorn-Tool.Win32.MaConnect" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\StarInstall.ocx infected by "Trojan-Downloader.Win32.Small.eb" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\icont.exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\iconu.exe infected by "not-a-virus:AdWare.Zestyfind" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\nem220.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\od-stnd168.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dk" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\p2p-10112.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\SSK_B5.EXE infected by "Trojan-Dropper.Win32.SurfSide.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\drivers\.sys infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ffInst.exe infected by "not-a-virus:AdWare.Look2Me.r" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\odpomeve.exe infected by "Trojan-Downloader.Win32.IstBar.ha" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\PopOops.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\PopOops2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\solufsuq.dll infected by "Trojan.Win32.Golid.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\SWLAD1.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\SWLAD2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ujqnggjr.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wincoreak.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\winlspak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\winrulesak.dll infected by "Trojan-Downloader.Win32.Agent.bt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\winupdak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wpqzfegu.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\Setup.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\bw2.com infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\nsdtmp09.dll infected by "not-a-virus:AdWare.MetaDirect.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\wincoreak.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\winlspak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\winrulesak.dll infected by "Trojan-Downloader.Win32.Agent.bt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wsem303.dll infected by "Trojan-Downloader.Win32.Dyfuca.dt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\aconti.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\browserxtras\pn\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Coder\_248-a2p-0-0-.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Coder\_344-a2p-0-0-.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\d8.exe infected by "Trojan-Downloader.Win32.Small.ahx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\058343sw.exe tagged as not-a-virus:RiskWare.Dialer.PlayGames. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\058343sw.exe tagged as not-a-virus:RiskWare.Dialer.PlayGames. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ieloader.dll infected by "Trojan-Downloader.Win32.Ladder.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\ieloader.dll infected by "Trojan-Downloader.Win32.Ladder.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\MaConnect.dll infected by "not-a-virusorn-Tool.Win32.MaConnect" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\StarInstall.ocx infected by "Trojan-Downloader.Win32.Small.eb" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\icont.exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\iconu.exe infected by "not-a-virus:AdWare.Zestyfind" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\nem220.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\od-stnd168.exe infected by "not-a-virusornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dk" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\p2p-10112.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\SSK_B5.EXE infected by "Trojan-Dropper.Win32.SurfSide.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ffInst.exe infected by "not-a-virus:AdWare.Look2Me.r" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\odpomeve.exe infected by "Trojan-Downloader.Win32.IstBar.ha" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\PopOops.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\PopOops2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\solufsuq.dll infected by "Trojan.Win32.Golid.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\SWLAD1.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\SWLAD2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ujqnggjr.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wincoreak.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\winlspak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\winrulesak.dll infected by "Trojan-Downloader.Win32.Agent.bt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\winupdak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wpqzfegu.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\Setup.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\bw2.com infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\nsdtmp09.dll infected by "not-a-virus:AdWare.MetaDirect.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\wincoreak.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\winlspak.dll infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\winrulesak.dll infected by "Trojan-Downloader.Win32.Agent.bt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wsem303.dll infected by "Trojan-Downloader.Win32.Dyfuca.dt" Virus. Action Taken: No Action Taken.


so hier der log vom ad aware scann

Ad-Aware SE Build 1.05
Logfile Created ononnerstag, 10. März 2005 17:14:12
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R32 10.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AdDestroyer(TAC index:5):5 total references
Alexa(TAC index:5):2 total references
AltnetBDE(TAC index:4):54 total references
Claria(TAC index:7):18 total references
CommonName(TAC index:7):2 total references
CoolWebSearch(TAC index:0):5 total references
Cydoor(TAC index:7):99 total references
Dialer(TAC index:5):13 total references
DownloadWare(TAC index:8):3 total references
DyFuCA(TAC index:3):40 total references
eUniverse(TAC index:10):32 total references
Global Netcom Inc(TAC index:5):6 total references
Hijacker.TopConverting(TAC index:5):17 total references
IBIS Toolbar(TAC index:5):128 total references
MainPean Dialer(TAC index:5):11 total references
MRU List(TAC index:0):37 total references
NetworkEssentials(TAC index:7):48 total references
Possible Browser Hijack attempt(TAC index:3):6 total references
Redirected hostfile entry(TAC index:4):11 total references
StarInstall(MainPean)(TAC index:5):22 total references
SurfSideKickBHO(TAC index:7):7 total references
Tracking Cookie(TAC index:3):80 total references
WebDialer(TAC index:5):20 total references
win32.trojandownloader.cabdialer(TAC index:7):5 total references
VirtualBouncer(TAC index:5):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


10.03.2005 17:14:12 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 616
ThreadCreationTime : 10.03.2005 14:23:49
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 10.03.2005 14:23:53
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 756
ThreadCreationTime : 10.03.2005 14:23:53
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 768
ThreadCreationTime : 10.03.2005 14:23:53
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1028
ThreadCreationTime : 10.03.2005 14:23:54
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1188
ThreadCreationTime : 10.03.2005 14:23:54
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1548
ThreadCreationTime : 10.03.2005 14:23:57
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1572
ThreadCreationTime : 10.03.2005 14:23:57
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:9 [ccevtmgr.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 1600
ThreadCreationTime : 10.03.2005 14:23:57
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:10 [jusched.exe]
FilePath : C:\Programme\Java\jre1.5.0_01\bin\
ProcessID : 1816
ThreadCreationTime : 10.03.2005 14:23:58
BasePriority : Normal


#:11 [p2p networking.exe]
FilePath : C:\WINDOWS\System32\P2P Networking\
ProcessID : 1824
ThreadCreationTime : 10.03.2005 14:23:58
BasePriority : Normal
FileVersion : 1, 26, 0, 10
ProductVersion : 1, 26, 0, 10
ProductName : P2P Networking
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
LegalCopyright : Copyright © 2001 - 2004 Joltid Ltd. All Rights Reserved.
LegalTrademarks : Joltid is a registered trademark of Joltid Ltd.
OriginalFilename : P2P Networking.exe

#:12 [cisvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 604
ThreadCreationTime : 10.03.2005 14:24:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:13 [navapsvc.exe]
FilePath : C:\Programme\Norton AntiVirus\
ProcessID : 656
ThreadCreationTime : 10.03.2005 14:24:07
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:14 [nprotect.exe]
FilePath : C:\Programme\Norton AntiVirus\AdvTools\
ProcessID : 668
ThreadCreationTime : 10.03.2005 14:24:07
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (C) 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:15 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1180
ThreadCreationTime : 10.03.2005 14:24:11
BasePriority : Normal
FileVersion : 6.13.10.3100
ProductVersion : 6.13.10.3100
ProductName : NVIDIA Driver Helper Service, Version 31.00
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 31.00
InternalName : NVSVC
LegalCopyright : (c) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1504
ThreadCreationTime : 10.03.2005 14:24:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [mwavscan.com]
FilePath : C:\DOKUME~1\Luzzi\LOKALE~1\Temp\
ProcessID : 2644
ThreadCreationTime : 10.03.2005 14:25:50
BasePriority : Normal
FileVersion : 4, 0, 0, 1
ProductVersion : 4, 0, 0, 1
ProductName : MWAV
CompanyName : MicroWorld Technologies Inc.
FileDescription : eScan Toolkit Utility
InternalName : mwavscan
LegalCopyright : Copyright © 2003-2004 MicroWorld Technologies Inc.
OriginalFilename : mwavscan.exe

#:18 [kavss.exe]
FilePath : C:\DOKUME~1\Luzzi\LOKALE~1\Temp\
ProcessID : 2668
ThreadCreationTime : 10.03.2005 14:25:54
BasePriority : Normal
FileVersion : 4.0.2.10
ProductVersion : 4.0.2.10
ProductName : Kaspersky Anti-Virus Scanner Server
CompanyName : Kaspersky Lab.
FileDescription : Kaspersky Anti-Virus Single Scanner
InternalName : kavss.exe
LegalCopyright : Copyright (C) 1999-2002 Kaspersky Lab.
LegalTrademarks : Kaspersky is a registered trademark of Kaspersky Lab.
OriginalFilename : kavss.exe
Comments : Dmitry A. Ryabov [ryabov@kaspersky.com]

#:19 [cidaemon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 4036
ThreadCreationTime : 10.03.2005 14:31:39
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:20 [firefox.exe]
FilePath : C:\Programme\Mozilla Firefox\
ProcessID : 3124
ThreadCreationTime : 10.03.2005 15:57:35
BasePriority : Normal


#:21 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3960
ThreadCreationTime : 10.03.2005 16:11:51
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AdDestroyer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\software\vb and vba program settings\addestroyer

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{e813099d-5529-47f4-9b37-4afafcb00a43}

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{e813099d-5529-47f4-9b37-4afafcb00a43}
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet
Value : SharedMediaDir

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet
Value : ALTNET_DIR

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4.1

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4.1
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
Value :

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
Value : AppID

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25.1

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25.1
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe
Value : AppID

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe
Value : AppID

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{e813099d-5529-47f4-9b37-4afafcb00a43}

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{e813099d-5529-47f4-9b37-4afafcb00a43}
Value :

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMG

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : uets

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GEF

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMI

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : LastInstall

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SSeq

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SEvt

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : PAK

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\gain

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\gator.com

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\gain

CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-0000-0000-0000-000000000000}

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\software\cydoor
Value : Vers

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\software\cydoor
Value : Desc2

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\software\cydoor
Value : ConnType

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : C:\Programme\Kazaa\Kazaa.exe

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : AdwrCnt

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\\software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\\software\cydoor
Value : Vers

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\\software\cydoor
Value : Desc2

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\\software\cydoor
Value : ConnType

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : Cytainment
Rootkey : HKEY_CLASSES_ROOT
Object : ieloaderctl.ieloaderctl

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : Cytainment
Rootkey : HKEY_CLASSES_ROOT
Object : ieloaderctl.ieloaderctl
Value :

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : Cytainment
Rootkey : HKEY_CLASSES_ROOT
Object : ieloaderctl.ieloaderctl.1

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : Cytainment
Rootkey : HKEY_CLASSES_ROOT
Object : ieloaderctl.ieloaderctl.1
Value :

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : Cytainment
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0f4a7b40-a295-11cf-a3a9-00a0c9034920}

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : Cytainment
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0f4a7b40-a295-11cf-a3a9-00a0c9034920}
Value :

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : Cytainment
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c60bc918-abba-0704-0b53-2c8830e9faec}

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : Cytainment
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c60bc918-abba-0704-0b53-2c8830e9faec}
Value :

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : Cytainment
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{000000aa-abba-0704-0b53-2c8830e9faec}

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{42f2d240-b23c-11d6-8c73-70a05dc10000}

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{42f2d240-b23c-11d6-8c73-70a05dc10000}
Value : SystemComponent

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{42f2d240-b23c-11d6-8c73-70a05dc10000}
Value : Installer

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\software\downloadware

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj.1

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj.1
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\software\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-2147024035-839522115-1004\software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
Category

#70 und hier mein ergebnis vom virenscann (hab das mit dem "infected" nicht gecheckt)


File C:\WINDOWS\System32\2b3fsk0h.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\bln02nqv.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ELEONO~1\LOKALE~1\Temp\backups\backup-20050310-170514-123.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ELEONO~1\LOKALE~1\Temp\backups\backup-20050310-170514-352.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ELEONO~1\LOKALE~1\Temp\backups\backup-20050310-170514-375.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ELEONO~1\LOKALE~1\Temp\backups\backup-20050310-170516-424.dll infected by "not-a-virusorn-Dialer.Win32.Creazione.l" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ELEONO~1\LOKALE~1\Temp\DrTemp\speer_v12.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ELEONO~1\LOKALE~1\Temp\THI4CE9.tmp\speer.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Eleonore Skarlakidis\Lokale Einstellungen\Temp\backups\backup-20050310-170514-123.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Eleonore Skarlakidis\Lokale Einstellungen\Temp\backups\backup-20050310-170514-352.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Eleonore Skarlakidis\Lokale Einstellungen\Temp\backups\backup-20050310-170514-375.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Eleonore Skarlakidis\Lokale Einstellungen\Temp\backups\backup-20050310-170516-424.dll infected by "not-a-virusorn-Dialer.Win32.Creazione.l" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Eleonore Skarlakidis\Lokale Einstellungen\Temp\DrTemp\speer_v12.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Eleonore Skarlakidis\Lokale Einstellungen\Temp\THI4CE9.tmp\speer.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Program Files\Media Pass\MediaPassK.exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\WinTools\WSup.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\WinTools\WToolsS.exe infected by "Trojan-Downloader.Win32.Wintool.b" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\01FD6EE2.pif infected by "IM-Worm.Win32.Bropia.l" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\020118DE.exe infected by "IM-Worm.Win32.Bropia.l" Virus. Action Taken: No Action Taken.
File C:\Programme\Toolbar\IExploreSkins.exe tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\Programme\Toolbar\PIB.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Toolbar\TBPS.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Toolbar\TBPSSvc.exe infected by "not-a-virus:AdWare.WebSearch.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP100\A0008153.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP100\A0008154.exe infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP100\A0008161.exe infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP100\A0008162.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP100\A0008575.exe infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP100\A0008576.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP102\A0008992.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP102\A0008993.exe infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP103\A0009004.dll infected by "not-a-virus:AdWare.WebSearch.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP103\A0009010.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP103\A0009011.exe infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP103\A0009016.exe infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\A0009018.dll infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\A0009019.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\A0009024.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\A0009025.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\A0009217.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\A0009218.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP104\snapshot\MFEX-1.DAT infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP105\A0009729.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP105\A0009730.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP106\A0010167.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP106\A0010168.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP107\A0010342.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP107\A0010343.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP107\A0010355.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP107\A0010356.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP108\A0010834.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP108\A0010835.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP109\A0010940.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP109\A0010941.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011038.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011039.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011043.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011048.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011049.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011059.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011060.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011351.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP110\A0011352.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP111\A0011366.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP111\A0011367.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP114\A0012032.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP114\A0012033.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP114\A0012046.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP114\A0012047.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP115\A0012334.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP115\A0012335.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP117\A0012978.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP117\A0012979.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013311.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013312.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013388.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013389.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013397.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013398.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013414.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013415.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013425.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP119\A0013426.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013437.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013438.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013451.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013452.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013459.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013460.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013467.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013468.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013476.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013477.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013485.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP120\A0013486.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP121\A0013769.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP121\A0013770.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP122\A0013782.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP122\A0013783.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP123\A0013809.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP123\A0013810.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP124\A0013832.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP124\A0013833.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP126\A0013871.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP126\A0013872.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP127\A0013896.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP127\A0013897.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP127\A0014076.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP127\A0014077.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP128\A0014088.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP128\A0014089.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP128\A0014099.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP128\A0014100.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP129\A0014120.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP129\A0014121.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP130\A0014144.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP130\A0014145.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP131\A0014164.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP131\A0014165.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP132\A0014188.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP132\A0014189.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014272.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014273.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014274.dll infected by "not-a-virus:AdWare.WinAD.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014275.exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014276.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014277.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014281.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014384.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014385.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014390.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014391.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014401.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014402.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014411.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014413.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014414.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014419.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP137\A0014420.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014436.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014437.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014461.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014474.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014477.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014483.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014484.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014494.pif infected by "IM-Worm.Win32.Bropia.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP138\A0014495.exe infected by "IM-Worm.Win32.Bropia.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014658.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014659.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014673.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014674.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014685.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014690.dll infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014691.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014696.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014697.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014702.exe infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014703.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014706.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014712.exe infected by "not-a-virus:AdWare.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{583EC648-8E73-47DA-95E4-28985D72A765}\RP146\A0014713.exe infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\Temp\salm.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Temp\salmhook.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\70tovmto.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Messenger2.exe infected by "not-a-virus:AdWare.WinAD.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\orsvaz.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\speer.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\2b3fsk0h.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\bln02nqv.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\70tovmto.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Messenger2.exe infected by "not-a-virus:AdWare.WinAD.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\orsvaz.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\speer.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\2b3fsk0h.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\bln02nqv.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.

#71 hallo sabina auch ich scheine mit dem wurm verseucht zu sein.kämpfe schon seit gestern abend mit dem entfernen.kannst du mir bitte auch helfen? ich bin allerdings total plond was pc betrifft. hab alleine 30 min. gebraucht um die zip zu öffnen ;-) aber es hat dann doch noch geklappt. anbei mein log. hoffe es ist das richtige und auch vollständig. ich danke dir schon mal im vorraus für deine mühe.
liebe grüße bibi




Logfile of HijackThis v1.99.1
Scan saved at 18:39:43, on 10.03.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\Programme\Softwin\BitDefender8\bdswitch.exe
C:\Program Files\Windows FormatAd\WinForm.exe
C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Dokumente und Einstellungen\Bibi\Eigene Dateien\Meine empfangenen Dateien\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [Windows FormatAd] C:\Program Files\Windows FormatAd\WinForm.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Dokumente und Einstellungen\Bibi\Desktop\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: www.seb.de
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B5DBA1-4104-4EA7-BA9F-FF53A1ED978D}: NameServer = 217.237.150.225 217.237.150.141
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: WinDLL DLL Loader (WinDLL) - Unknown owner - C:\Server\windll.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

#72 was hab ich zu tun, ich bedanke mich schonmal für die hilfe

Logfile of HijackThis v1.99.1
Scan saved at 18:51:30, on 10.03.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\HanseNet\HanseNet-Produkte\app\TangoService.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Systemsteuerung\atiptaxx.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\Programme\Softwin\BitDefender8\bdswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\HanseNet\HANSEN~1\app\TangoManager.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Dokumente und Einstellungen\Physalis\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?mszoe (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://in.webcounter.cc/--/?mszoe (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?mszoe (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?mszoe (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?mszoe (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zsscf.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zsscf.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zsscf.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zsscf.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zsscf.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zsscf.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?mszoe (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zsscf.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?mszoe (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B2C0F1B-9B30-2FC4-A487-1C59255C24ED} - C:\WINDOWS\mfcba32.dll
O2 - BHO: (no name) - {683E615B-169A-80CF-3487-660FBFB04194} - C:\WINDOWS\mfcba32.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\Jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Systemsteuerung\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Winsock2 driver] RUNDLL32.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [sdkwa.exe] C:\WINDOWS\system32\sdkwa.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [javagz32.exe] C:\WINDOWS\system32\javagz32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {6E0D8A62-E6CF-4D29-BF04-6537E3BA1DF0} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {6E0D8A62-E6CF-4D29-BF04-6537E3BA1DF0} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {7EDCB906-63FE-498D-A163-3E2C7B69676D} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {7EDCB906-63FE-498D-A163-3E2C7B69676D} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/ger_nopop.exe
O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} - http://gn.one2bill.de/soft/axload.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//uncle/main.chm::/load.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://66.230.145.49/20647/online.chm::/on-line.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9f61b12a60c07eebdb4fc97ec168da8e90daa2eebae9c7525e5f878a37b676f935fd98ead5cd86ed7cb267a3cbe236b4146bf88f:adfe7cdda14abbf71198a73bd5be0348
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/ccb59cc9/enter.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/072c5cf22346a0712a14/netzip/RdxIE601_de.cab
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://img.web.de/v/mail/activex/mail_upload_1123.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.browserplugin.com/plugin/exe/access_special.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/de/check/qdiagh.cab?325
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ADB9F98-F1A6-40FC-8EE4-E10ED0B406A2}: NameServer = 213.191.92.87 213.191.74.18
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini (file missing)
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Programme\HanseNet\HanseNet-Produkte\app\TangoService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
O23 - Service: Network Security Service (NSS) (� 6QÔõ 'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\javaij32.exe (file missing)


mfg
mit feuchtem gruß
Phy

#73 Hi,
also ich hatte vor paar tagen auch das lustige vergnügen das sich mein Norton internet Security 2003 mit Antivirus erkannt hat das ich den w32.spybot.worm auf meiner Kiste hab. Hab mich dann auch hier im Forum umgesehen und hab beschlossen meine Kiste Plat zu machen und sie neu zu instalieren. wäre net wenn mein HijackThis analysiert wird ob da noch eine kleinigkeit übriggeblieben ist die gar nicht so klein ist.

Logfile of HijackThis v1.99.1
Scan saved at 03:03:55, on 11.03.2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Programme\AVPersonal\AVGUARD.EXE
D:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Programme\Winamp3\winampa.exe
C:\Programme\VIAudioi\SBADeck\ADeck.exe
D:\Programme\AVPersonal\AVGNT.EXE
C:\WINNT\System32\rmctrl.exe
D:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINNT\System32\internat.exe
D:\Programme\Free Download Manager\fdm.exe
D:\Programme\WinZip\WZQKPICK.EXE
D:\Downloads\HijackThis.exe
C:\WINNT\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
O2 - BHO: WgBHO Class - {67E9834D-B226-49E6-B6F6-85AA64E14BA3} - D:\Programme\Free Download Manager\iefdm.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Programme\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Programme\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [RemoteControl] C:\WINNT\System32\rmctrl.exe
O4 - HKLM\..\Run: [CloneCDTray] D:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "D:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Free Download Manager] D:\Programme\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://D:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Programme\Free Download Manager\dlpage.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe



Danke schon mal im voraus.



MFG

Arthur

#74 Hallo@EVO VII

Deaktivieren Wiederherstellung
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann aktiviere sie wieder)

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\browserxtras\pn\remove.exe
C:\WINDOWS\System32\winlspak.dll
C:\WINDOWS\System32\drivers\axmjdtzo.sys
C:\WINDOWS\aconti.exe
C:\WINDOWS\d8.exe
C:\WINDOWS\icont.exe
C:\WINDOWS\iconu.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\od-stnd168.exe
C:\WINDOWS\optimize.exe
C:\WINDOWS\p2p-10112.exe
C:\WINDOWS\SSK_B5.EXE
C:\WINDOWS\wsem303.dll
C:\WINDOWS\System32\cd_clint.dll
C:\WINDOWS\System32\ffInst.exe
C:\WINDOWS\System32\odpomeve.exe
C:\WINDOWS\System32\PopOops.dll
C:\WINDOWS\System32\PopOops2.dll
C:\WINDOWS\System32\solufsuq.dll
C:\WINDOWS\System32\SWLAD1.dll
C:\WINDOWS\System32\SWLAD2.dll
C:\WINDOWS\System32\ujqnggjr.exe
C:\WINDOWS\System32\vjwwofim.dll
C:\WINDOWS\System32\wincoreak.dll
C:\WINDOWS\System32\winlspak.dll
C:\WINDOWS\System32\winrulesak.dll
C:\WINDOWS\System32\winupdak.dll
C:\WINDOWS\System32\wpqzfegu.exe

C:\Temp\salmhook.dll
C:\WINDOWS\70tovmto.exe
C:\WINDOWS\Messenger2.exe
C:\WINDOWS\orsvaz.exe
C:\WINDOWS\speer.dll
C:\WINDOWS\system32\2b3fsk0h.dll
C:\WINDOWS\system32\bln02nqv.exe

C:\program files\Altnet\Download Manager\adm25.dll
C:\program files\Altnet\Download Manager\adm4.dll
C:\program files\Altnet\Download Manager\adm4005.exe
C:\program files\Altnet\Download Manager\admprog.dll
C:\program files\Altnet\Download Manager\asmps.dll
C:\program files\Altnet\Points Manager\sysdetect.dll
C:\program files\Internet Optimizer\optimize.exe
C:\program files\Internet Optimizer\update\optimize312.exe

C:\WINDOWS\Temp\nsdtmp09.dll
C:\WINDOWS\Temp\Altnet\adm.exe
C:\WINDOWS\Temp\Altnet\adm25.dll
C:\WINDOWS\Temp\Altnet\adm4.dll
C:\WINDOWS\Temp\Altnet\admprog.dll
C:\WINDOWS\Temp\Altnet\Setup.exe
C:\WINDOWS\Temp\bw2.com
C:\WINDOWS\Temp\wincoreak.dll
C:\WINDOWS\Temp\winlspak.dll
C:\WINDOWS\Temp\winrulesak.dll

C:\Programme\Common Files\updmgr\rvupdmgr.exe
C:\Programme\Common Files\updmgr\simgr.exe
C:\Programme\Common Files\updmgr\updmgr.exe

C:\Programme\PerfectNav\BHO\PerfectNav150c.dll

C:\Programme\Gemeinsame Dateien\CMEII\apps\DateManager\datemanager2102.zip
C:\Programme\Gemeinsame Dateien\CMEII\apps\DateManager\InstallDateManager.exe
C:\Programme\Gemeinsame Dateien\CMEII\apps\PrecisionTime\InstallPrecisionTime.exe
C:\Programme\Gemeinsame Dateien\CMEII\apps\PrecisionTime\precisiontime2102.zip
C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll
C:\Programme\Gemeinsame Dateien\CMEII\GController.dll
C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll
C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll
C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll
C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll
C:\Programme\Gemeinsame Dateien\CMEII\store\apps\datemanager2102.zip
C:\Programme\Gemeinsame Dateien\CMEII\store\apps\precisiontime2102.zip
C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll
C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll
C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe
C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil
C:\Programme\Gemeinsame Dateien\nluplcae\ltalstoc\sqrmetsb.exe
C:\Programme\Gemeinsame Dateien\nluplcae\nsflueerfo\ffroesmsl.exe

C:\Programme\Gemeinsame Dateien\WinTools\WSup.exe
C:\Programme\Gemeinsame Dateien\WinTools\WToolsA.exe
C:\Programme\Gemeinsame Dateien\WinTools\WToolsB.dll
C:\Programme\Gemeinsame Dateien\WinTools\WToolsS.exe
C:\Programme\INSTAFINK\instafink.dll
C:\Programme\Kazaa\TopSearch.dll
C:\Programme\MyWay\myBar\2.bin\MY2NS.EXE
C:\Programme\MyWay\myBar\2.bin\NPMYWAY.DLL


C:\Programme\Recommended Hotfix - 421701D\v15\RH.DLL
C:\Programme\Recommended Hotfix - 421701D\v15\RH.exe
C:\Programme\SED\SE.exe
C:\Programme\SED\SED.exe
C:\Programme\SurfSideKick 2\SskBho.dll
C:\Programme\SurfSideKick 2\SskCore.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\browserxtras\pn\remove.exe
C:\WINDOWS\Coder\_248-a2p-0-0-.exe
C:\WINDOWS\Coder\_344-a2p-0-0-.exe

C:\WINDOWS\Downloaded Program Files\058343sw.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\058343sw.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ieloader.dll
C:\WINDOWS\Downloaded Program Files\ieloader.dll
C:\WINDOWS\Downloaded Program Files\MaConnect.dll
C:\WINDOWS\Downloaded Program Files\StarInstall.ocx

PC neustarten

#TuneUp2004 (30 Tage free)
http://www.tuneup.de/products/tuneup-utilities/
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner

dann scanne noch mal mit

•L2mfix
Laden Sie L2mfix von hier herunter:
http://bilder.informationsarchiv.net/Nikitas_Tools/
http://www.atribune.org/downloads/l2mfix.exe


* Speichern Sie die Datei auf Ihren Desktop und doppel-klicken Sie click l2mfix.exe.
* Klicken Sie auf Installieren um die Dateien zu extrahieren und folgen Sie den Anweisungen während der Installation.
* Dann öffnen Sie den auf Ihrem Desktop neuerstellten Ordner l2mfix
* Doppel-klicken Sie die Datei l2mfix.bat und tippen sie eine 1[/] und drücken Sie [Enter], um Find log laufen zu lassen. Dies wird Ihren Computer scannen. Es kann sein, das es so aussieht als ob nichts passiert, aber nach 1 oder 2 Minuten wird sich Notepad mit einem Log öffnen.
* Kopieren Sie den Inhalt durch Strg+A und fügen Sie den Inhalt in Ihren Thread durch Strg+V.

WICHTIG: Nutzen Sie nicht Option 2, oder jegliche andere Dateien aus dem l2mfix Ordner, bis Sie dazu aufgefordert werden!
* Schließen Sie alle offenen Programme , da der nächste Schritt einen Neustart erfordert. Klicken Sie erneut auf l2mfix.bat und tippen Sie 2 ein --> Enter[].
* Drücken Sie eine beliebige Taste um einen Systemneustart einzuleiten.
* Nach dem Neustart, werden Ihre Icons auf dem Desktop kurz erscheinen und kurz verschwinden - dies ist NORMAL.
* L2mfix wird den Systemscan fortsetzen und wenn es fertig ist, wird sich Notepad öffnen und einen Log anzeigen. Kopieren Sie auch diesen hier in den Thread rein (Strg+C & Strg+V). Posten Sie ausserdem einen aktuellen HijackThis Log.
WICHTIG: Nutzen Sie nicht Option 2, oder jegliche andere Dateien aus dem l2mfix Ordner, bis Sie dazu aufgefordert werden!
* Doppel-klicken Sie erneut auf l2mfix.bat und geben Sie 4[b] ein. Bestätigen Sie mit [Enter].
* Dies stellt die Winlogon Standardeinstellungen wieder her.
* Posten Sie einen [b]aktuellen HijackThis Log erneut in Ihren Thread ein.

poste dieses Log + das neue Log vom Hijackthis
__________
MfG Sabina

rund um die PC-Sicherheit

#75 Hallo@blutsvente

deaktiviere die Systemwiederherstellung, dann aktiviere sie wieder

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

O4 - HKLM\..\Run: [Popup Blocker System32c Monitoring] PopUpBlockercd.exe
O4 - HKLM\..\Run: [winupdates] winupdates.exe
O4 - HKLM\..\Run: [Go And Start] svdll32.exe
O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\RunServices: [Popup Blocker System32c Monitoring] PopUpBlockercd.exe
O4 - HKLM\..\RunServices: [winupdates] winupdates.exe
O4 - HKLM\..\RunServices: [Go And Start] svdll32.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe

PC neustarten---> in den abgesicherten Modus--> mit Internetverbindung
(druecke F8, wenn der PC hochfaehrt und waehle die Option: "abgesicherter Modus mit Internetverbindung)

loesche:
winupdates.exe
svdll32.exe
wuamgrd.exe
PopUpBlockercd.exe

mache aus dem abgesicherten Modus heraus alle Onlinescanns, die du auf meiner Seite findest (nach unten scrollen, da sind sie)

http://eddys-domain.de/nikita/

dann berichte bitte von jedem einzelnen Onlinescann (alles notieren oder gleich hier reinkopieren--> mit dem kompletten Pfad)
+
poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit