bekomme AdStatKeep.exe nicht gelöscht |
||
|---|---|---|
| #0
| ||
|
04.02.2005, 11:07
...neu hier
Beiträge: 3 |
||
 
|
|
|
|
04.02.2005, 11:32
Member
 Beiträge: 669 |
#2
Zunächst einmal ist dein HijackThis veraltet, besorge dir die aktuelle Version und am besten gleich im Paket folgende Programme noch dazu:
HijackThis http://www.hijackthis.de/downloads/hijackthis_199.zip Spybot S&D http://www.safer-networking.org/de/download/index.html eScan http://www.mwti.net/antivirus/free_utilities.asp edit: Tippfehler in der eScan-URL berichtigt KillBox http://www.bleepingcomputer.com/files/killbox.php Deaktiviere die Systemwiederherstellung (Arbeitsplatz => Rechtsklick => Eigenschaften). Nach erfolgter Reinigung des Systems nicht vergessen, wieder zu aktivieren! Gehe in den abgesicherten Modus (Rechner neu starten und F8 drücken beim Booten) Deaktiviere den Virenwächter, falls vorhanden, und führe mit AdAware und Spybot S&D im abgesicherten Modus einen vollständigen Systemscan durch. Markiere (Häkchen setzen) und lösche alle gefundenen kritischen Objekte (AdAware: "Next", Spybot S&D: "markierte Probleme beheben" drücken) (DSO Exploit im Spybot S&D kannst Du vernachlässigen, ist ein Bug im Programm. Wenn Du willst, kannst Du ihn mit dem Fix von hier beseitigen, ist für die Funktion von Spybot aber nicht notwendig). Virenwächter danach wieder aktivieren! Ferner fixe mit HijackThis (mit der aktuellen Version bitte!): R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.femity.net/ wenn diese Seite unbekannt/unbeabsichtigt ist fixen! O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe Killbox: Öffne die Killbox => Delete File on Reboot => und kopiere nacheinander die nachfolgenden Dateien mit kompletter Pfadangabe hinein, drücke das rote Kreuz und wenn angefragt wird, ob der Rechner neu gestartet werden soll, dann antworte mit "no" usf. bis zur letzten Datei, dann mit "yes" antworten C:\temp\salm.exe C:\Program Files\AdStatus Service\AdStatServ.exe C:\Program Files\AdStatus Service\AdStatKeep.exe Kennst du diesen Prozess? Überprüfe ihn am besten einmal hier: http://virusscan.jotti.org/ C:\WINDOWS\System32\bcmwltry.exe Deaktiviere wieder den Virenwächter, falls vorhanden. Starte eScan mit der mwav.exe. Das Programm wird sich im temp-Ordner extrahieren und automatisch starten, wenn du es frisch heruntergeladen hast sind die Viren-Definitionen aktuell und das manuelle Update nicht zwingend nötig. Setze im eScan alle Häkchen und wähle bei "Drives" "All Local Drives" aus und ein paar Zeilen darunter "Scan All Files" anstelle von "Program Files". Drücke dann den Scan-Button um den Vorgang zu starten (das kann je nach Größe deiner Festplatten ziemlich lange dauern, aber unbedingt zu Ende scannen lassen und nicht abbrechen!). Lass dir danach das eScan-Log anzeigen und speichere es ab. Öffne es mit dem Editor und suche per Suchfunktion nach "infected". Kopiere alle betroffenen Zeilen vollständig und poste sie hier im Forum (komlpetter Pfad + Datei, sowie Art der Infektion!) Virenwächter danach wieder aktivieren! Bitte arbeite diese Liste ab und poste die geforderten HijackThis und eScan-Logs wie beschrieben. __________ "life's a bitch, turn around and she'll backstab you for a buck." Dieser Beitrag wurde am 05.02.2005 um 23:18 Uhr von Malkesh editiert.
|
|
|
|
|
|
|
08.02.2005, 08:14
...neu hier
Themenstarter Beiträge: 3 |
#3
Hallo Malkesh,
Danke für die Hinweise. Ich lade mir gerade die verschiedenen empfohlenen Programm runter und werde die Schritte dann befolgen. Vorher aber noch eine Frage: Du schreibst: "und führe mit AdAware und Spybot S&D im abgesicherten Modus einen vollständigen Systemscan durch". Ist AdAware noch ein weiteres Programm oder Bestandteil der anderen Programme, die Du empfohlen hast? Hast Du dazu auch noch einen Link? Viele Grüße, Heike |
|
|
|
|
|
|
08.02.2005, 10:24
Member
Beiträge: 669 |
#4
AdAware-Download
http://www.lavasoft.de/support/download/ AdAware ist wie Spybot ein Programm zum aufspüren von Spyware. Es erzgänzt sich sehr gut mit Spybot, so das man mit beiden Programmen in Kombination eine relativ hohe Erkennungsrate erreichen kann. __________ "life's a bitch, turn around and she'll backstab you for a buck." Dieser Beitrag wurde am 08.02.2005 um 10:24 Uhr von Malkesh editiert.
|
|
|
|
|
|
|
08.02.2005, 15:27
...neu hier
Themenstarter Beiträge: 3 |
#5
Hallo Malkesh,
Das probiere ich auch noch mal. Hier aber erst einmal meine erschreckenden Logfiles. Das eScan-Logfile zeigt u.a. ganz viele Dateien an, die der Norton Anti Virus in Quarantäne gesteckt hat. Trotzdem - Ganz schön erschreckend! Was mache ich bloß mit diesen umfangreichen Ergebnissen? Ich hoffe, dass ich Deine Anweisungen richtig befolgt habe - bei Killbox bin ich mir nicht ganz sicher... Viele Grüße, Heike www.femity.net ist mir bekannt und nicht bösartig... Logfile of HijackThis v1.99.0 Scan saved at 15:18:43, on 08.02.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis_199.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.femity.net/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\virenscanner\spybot\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [Status Monitor CLJ1500] C:\Programme\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,83/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106642013047 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe (file missing) Tue Feb 08 12:54:34 2005 => File C:\WINDOWS\System32\TFTP2824 infected by "Backdoor.Win32.Rbot.15" Virus. Action Taken: No Action Taken. Tue Feb 08 12:54:36 2005 => File C:\WINDOWS\System32\TFTP3476 infected by "Backdoor.Win32.Rbot.15" Virus. Action Taken: No Action Taken. Tue Feb 08 12:54:37 2005 => File C:\WINDOWS\System32\TFTP3816 infected by "Backdoor.Win32.Rbot.15" Virus. Action Taken: No Action Taken. Tue Feb 08 12:54:39 2005 => File C:\WINDOWS\System32\TFTP708 infected by "Backdoor.Win32.Rbot.15" Virus. Action Taken: No Action Taken. Tue Feb 08 12:55:09 2005 => File C:\DOKUME~1\HEIKEK~1.NOT\LOKALE~1\Temp\dealhelper.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus. Action Taken: No Action Taken. Tue Feb 08 12:55:21 2005 => File C:\DOKUME~1\HEIKEK~1.NOT\LOKALE~1\Temp\powerscan.exe infected by "not-a-virus:AdWare.PowerScan.c" Virus. Action Taken: No Action Taken. Tue Feb 08 12:55:22 2005 => File C:\DOKUME~1\HEIKEK~1.NOT\LOKALE~1\Temp\sahagent.exe infected by "not-a-virus:AdWare.Sahat.h" Virus. Action Taken: No Action Taken. Tue Feb 08 12:55:38 2005 => File C:\WINDOWS\system32\config\SYSTEM~1\LOKALE~1\TEMPOR~1\Content.IE5\K52F4HMJ\lc[1].exe infected by "Trojan-Clicker.Win32.Small.dn" Virus. Action Taken: No Action Taken. Tue Feb 08 12:55:39 2005 => File C:\WINDOWS\system32\config\SYSTEM~1\LOKALE~1\TEMPOR~1\Content.IE5\K52F4HMJ\lc[2].exe infected by "Trojan-Clicker.Win32.Small.dn" Virus. Action Taken: No Action Taken. Tue Feb 08 13:20:21 2005 => File C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temp\dealhelper.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus. Action Taken: No Action Taken. Tue Feb 08 13:20:36 2005 => File C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temp\powerscan.exe infected by "not-a-virus:AdWare.PowerScan.c" Virus. Action Taken: No Action Taken. Tue Feb 08 13:20:37 2005 => File C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temp\sahagent.exe infected by "not-a-virus:AdWare.Sahat.h" Virus. Action Taken: No Action Taken. Tue Feb 08 13:25:12 2005 => File C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8XQBSTMN\ads2[1].htm infected by "Trojan-Clicker.JS.Linker.f" Virus. Action Taken: No Action Taken. Tue Feb 08 13:26:27 2005 => File C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5UF45U3\0006_regular[1].cab infected by "Trojan-Downloader.Win32.IstBar.gu" Virus. Action Taken: No Action Taken. Tue Feb 08 13:31:07 2005 => File C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Q45XA2O0\a375aa[1].js infected by "Trojan-Downloader.JS.Small.af" Virus. Action Taken: No Action Taken. Tue Feb 08 13:31:07 2005 => File C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Q45XA2O0\a375aa[2].js infected by "Trojan-Downloader.JS.Small.af" Virus. Action Taken: No Action Taken. Tue Feb 08 13:31:08 2005 => File C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Q45XA2O0\ads2[1].htm infected by "Trojan-Clicker.JS.Linker.f" Virus. Action Taken: No Action Taken. Tue Feb 08 13:31:08 2005 => File C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Q45XA2O0\ads2[2].htm infected by "Trojan-Clicker.JS.Linker.f" Virus. Action Taken: No Action Taken. Tue Feb 08 13:31:08 2005 => File C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Q45XA2O0\ads2[3].htm infected by "Trojan-Clicker.JS.Linker.f" Virus. Action Taken: No Action Taken. Tue Feb 08 13:31:08 2005 => File C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Q45XA2O0\AdStatComm[1].dll infected by "not-a-virus:AdWare.WinAD.u" Virus. Action Taken: No Action Taken. Tue Feb 08 13:31:12 2005 => File C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Q45XA2O0\bunSetup[1].cab infected by "not-a-virus:AdWare.Sahat.f" Virus. Action Taken: No Action Taken. Tue Feb 08 13:33:40 2005 => File C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WPOVCFSV\lc[1].exe infected by "Trojan-Clicker.Win32.Small.dn" Virus. Action Taken: No Action Taken. Tue Feb 08 13:49:05 2005 => File C:\lc.exe infected by "Trojan-Clicker.Win32.Small.dn" Virus. Action Taken: No Action Taken. Tue Feb 08 13:54:46 2005 => File C:\Program Files\AdStatus Service\AdStatComm.dll infected by "not-a-virus:AdWare.WinAD.u" Virus. Action Taken: No Action Taken. Tue Feb 08 14:00:54 2005 => File C:\Programme\ISTsvc\istsvc.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:14 2005 => File C:\Programme\Norton AntiVirus\Quarantine\002044FC infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:14 2005 => File C:\Programme\Norton AntiVirus\Quarantine\002044FC infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:14 2005 => File C:\Programme\Norton AntiVirus\Quarantine\004225E0 infected by "Email-Worm.Win32.NetSky.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:14 2005 => File C:\Programme\Norton AntiVirus\Quarantine\006825EA.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\008F0D6B.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\015C1C23.EXE infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\021B57AF.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\041D39EF infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\04240DE8 infected by "not-a-virus:AdWare.WinAD.s" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\042737E4 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\042A61E1 infected by "Trojan-Downloader.Win32.IstBar.gu" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\04DB7442 infected by "Trojan-Downloader.JS.IstBar.b" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0773086C infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\096C09AA infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\09703A1D infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0E9C165B infected by "Email-Worm.Win32.NetSky.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0FF412CE infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\103862CB infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\10BD06A6 infected by "Email-Worm.Win32.NetSky.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1115118F.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\13581AD4 infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:21 2005 => File C:\Programme\Norton AntiVirus\Quarantine\17177A67 infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:21 2005 => File C:\Programme\Norton AntiVirus\Quarantine\18051B91.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:22 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1A0035BF infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:22 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1A056967.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:22 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1A1B79BC infected by "Email-Worm.Win32.NetSky.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:22 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1BE24BC7 infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1D6B29FC.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1ECE7A77.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\20894D28 infected by "Email-Worm.Win32.NetSky.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:24 2005 => File C:\Programme\Norton AntiVirus\Quarantine\20FC45FB infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:24 2005 => File C:\Programme\Norton AntiVirus\Quarantine\20FF6FF7 infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:24 2005 => File C:\Programme\Norton AntiVirus\Quarantine\214A0257 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:24 2005 => File C:\Programme\Norton AntiVirus\Quarantine\21A267F3 infected by "Email-Worm.Win32.NetSky.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:25 2005 => File C:\Programme\Norton AntiVirus\Quarantine\229475FB infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:25 2005 => File C:\Programme\Norton AntiVirus\Quarantine\23AC06C5.EXE infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:25 2005 => File C:\Programme\Norton AntiVirus\Quarantine\258675F1 infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:26 2005 => File C:\Programme\Norton AntiVirus\Quarantine\25B14BE4 infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:26 2005 => File C:\Programme\Norton AntiVirus\Quarantine\25CB1AB0 infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:26 2005 => File C:\Programme\Norton AntiVirus\Quarantine\26E70F39 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:26 2005 => File C:\Programme\Norton AntiVirus\Quarantine\27F02855 infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:26 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2C526F9E infected by "Trojan-Downloader.Win32.Dyfuca.ds" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:27 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2DB064AF infected by "Email-Worm.Win32.NetSky.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:27 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2E113BAC.exe infected by "Worm.Win32.Lemoor.a" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:27 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2E361E1C infected by "Email-Worm.Win32.NetSky.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:27 2005 => File C:\Programme\Norton AntiVirus\Quarantine\31902BD4.EXE infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:28 2005 => File C:\Programme\Norton AntiVirus\Quarantine\33813276.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:28 2005 => File C:\Programme\Norton AntiVirus\Quarantine\33B86374 infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:28 2005 => File C:\Programme\Norton AntiVirus\Quarantine\33BB0D71 infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:28 2005 => File C:\Programme\Norton AntiVirus\Quarantine\33BE376D infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:28 2005 => File C:\Programme\Norton AntiVirus\Quarantine\34351881 infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:29 2005 => File C:\Programme\Norton AntiVirus\Quarantine\35AB7B4F.exe infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:29 2005 => File C:\Programme\Norton AntiVirus\Quarantine\38564293 infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:30 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3B6D02F7 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:31 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3CA5742C.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:31 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3D6403A8.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:32 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3E711949.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:32 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3F2766DD infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:33 2005 => File C:\Programme\Norton AntiVirus\Quarantine\40D61BC9 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:33 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4144005A infected by "Trojan-Downloader.JS.IstBar.b" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:34 2005 => File C:\Programme\Norton AntiVirus\Quarantine\43815414.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:34 2005 => File C:\Programme\Norton AntiVirus\Quarantine\44371923 infected by "not-a-virus:AdWare.WinAD.p" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:34 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4483344A infected by "Email-Worm.Win32.NetSky.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:34 2005 => File C:\Programme\Norton AntiVirus\Quarantine\44D87467 infected by "Email-Worm.Win32.NetSky.q" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:35 2005 => File C:\Programme\Norton AntiVirus\Quarantine\45746BEE.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:35 2005 => File C:\Programme\Norton AntiVirus\Quarantine\46DC08BA infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:35 2005 => File C:\Programme\Norton AntiVirus\Quarantine\47B94871 infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:36 2005 => File C:\Programme\Norton AntiVirus\Quarantine\49A20DFB infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:36 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4A14551A infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:36 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4BD24BB5.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:37 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4E503DD9.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:37 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4FC85521 infected by "Trojan-Downloader.JS.IstBar.b" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:37 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4FE20A40 infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:38 2005 => File C:\Programme\Norton AntiVirus\Quarantine\52BB59C3 infected by "Trojan-Downloader.JS.IstBar.b" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:38 2005 => File C:\Programme\Norton AntiVirus\Quarantine\52D932D8 infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:39 2005 => File C:\Programme\Norton AntiVirus\Quarantine\558567EB.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:39 2005 => File C:\Programme\Norton AntiVirus\Quarantine\561A6DC7 infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:39 2005 => File C:\Programme\Norton AntiVirus\Quarantine\563C49AB infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:40 2005 => File C:\Programme\Norton AntiVirus\Quarantine\58113CD4.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:40 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5AFA55A0 infected by "Trojan-Downloader.Win32.Dyfuca.dp" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:40 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5CE05867 infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:41 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5FCC18C8 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:41 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6024241A infected by "Trojan-Downloader.BAT.Ftp.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:41 2005 => File C:\Programme\Norton AntiVirus\Quarantine\607C6B13 infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:41 2005 => File C:\Programme\Norton AntiVirus\Quarantine\60A051E9 infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:42 2005 => File C:\Programme\Norton AntiVirus\Quarantine\60EF096F infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:42 2005 => File C:\Programme\Norton AntiVirus\Quarantine\61E17231 infected by "Trojan-Downloader.Win32.Dyfuca.dp" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:43 2005 => File C:\Programme\Norton AntiVirus\Quarantine\61E41C2E infected by "Trojan-Downloader.Win32.IstBar.ge" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:43 2005 => File C:\Programme\Norton AntiVirus\Quarantine\61E7462A infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:43 2005 => File C:\Programme\Norton AntiVirus\Quarantine\61EA7027 infected by "Trojan-Downloader.Win32.Dyfuca.ds" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:43 2005 => File C:\Programme\Norton AntiVirus\Quarantine\61EE1A23 infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:43 2005 => File C:\Programme\Norton AntiVirus\Quarantine\61F1441F infected by "Trojan-Downloader.Win32.Dyfuca.dt" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:44 2005 => File C:\Programme\Norton AntiVirus\Quarantine\623020DC infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:44 2005 => File C:\Programme\Norton AntiVirus\Quarantine\63B273C3 infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:45 2005 => File C:\Programme\Norton AntiVirus\Quarantine\656D7CBE infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:45 2005 => File C:\Programme\Norton AntiVirus\Quarantine\662C7CA3 infected by "Email-Worm.Win32.NetSky.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:45 2005 => File C:\Programme\Norton AntiVirus\Quarantine\671A2366.EXE infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:46 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6807618D.exe infected by "Net-Worm.Win32.Padobot.n" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:46 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6B5A3B8F infected by "Trojan-Downloader.JS.IstBar.b" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:46 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6BB64B86 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:46 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6D4225A0 infected by "Email-Worm.Win32.NetSky.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:46 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6D5A1E8C.exe infected by "Net-Worm.Win32.Padobot.e" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:47 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6E1D7ED4 infected by "Net-Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:47 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6E2028D0 infected by "Net-Worm.Win32.Padobot.n" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:47 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6F5F5D7E.exe infected by "Net-Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:47 2005 => File C:\Programme\Norton AntiVirus\Quarantine\700357C8 infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:47 2005 => File C:\Programme\Norton AntiVirus\Quarantine\721B4D9D infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:48 2005 => File C:\Programme\Norton AntiVirus\Quarantine\72271E6F infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:48 2005 => File C:\Programme\Norton AntiVirus\Quarantine\726E64F6.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:48 2005 => File C:\Programme\Norton AntiVirus\Quarantine\74422E1E.exe infected by "Net-Worm.Win32.Padobot.n" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:48 2005 => File C:\Programme\Norton AntiVirus\Quarantine\76480318 infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:48 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77570EA4 infected by "Net-Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:49 2005 => File C:\Programme\Norton AntiVirus\Quarantine\78FF7300 infected by "Trojan-Downloader.Win32.Dyfuca.ds" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:49 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7AF86849 infected by "Net-Worm.Win32.Padobot.n" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:50 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7B4C0453 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:50 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7CD20FDC infected by "Backdoor.Win32.Rbot.15" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:50 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7D7A5820 infected by "Backdoor.Win32.SdBot.jg" Virus. Action Taken: No Action Taken. Tue Feb 08 14:18:51 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7F3B7EE1.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Tue Feb 08 14:21:52 2005 => C:\RECYCLER\S-1-5-21-1960408961-1214440339-839522115-1004\Dc132.exe possibly infected and removed by background antivirus package! Tue Feb 08 14:21:52 2005 => File C:\RECYCLER\S-1-5-21-1960408961-1214440339-839522115-1004\Dc132.exe infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken. Tue Feb 08 14:37:38 2005 => File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K52F4HMJ\lc[1].exe infected by "Trojan-Clicker.Win32.Small.dn" Virus. Action Taken: No Action Taken. Tue Feb 08 14:37:38 2005 => File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K52F4HMJ\lc[2].exe infected by "Trojan-Clicker.Win32.Small.dn" Virus. Action Taken: No Action Taken. Tue Feb 08 14:42:35 2005 => File C:\WINDOWS\SYSTEM32\TFTP2824 infected by "Backdoor.Win32.Rbot.15" Virus. Action Taken: No Action Taken. Tue Feb 08 14:42:37 2005 => File C:\WINDOWS\SYSTEM32\TFTP3476 infected by "Backdoor.Win32.Rbot.15" Virus. Action Taken: No Action Taken. Tue Feb 08 14:42:38 2005 => File C:\WINDOWS\SYSTEM32\TFTP3816 infected by "Backdoor.Win32.Rbot.15" Virus. Action Taken: No Action Taken. Tue Feb 08 14:42:39 2005 => File C:\WINDOWS\SYSTEM32\TFTP708 infected by "Backdoor.Win32.Rbot.15" Virus. Action Taken: No Action Taken. Tue Feb 08 14:49:04 2005 => File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K52F4HMJ\lc[1].exe infected by "Trojan-Clicker.Win32.Small.dn" Virus. Action Taken: No Action Taken. Tue Feb 08 14:49:04 2005 => File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K52F4HMJ\lc[2].exe infected by "Trojan-Clicker.Win32.Small.dn" Virus. Action Taken: No Action Taken. Tue Feb 08 14:53:44 2005 => File C:\WINDOWS\SYSTEM32\TFTP2824 infected by "Backdoor.Win32.Rbot.15" Virus. Action Taken: No Action Taken. Tue Feb 08 14:53:45 2005 => File C:\WINDOWS\SYSTEM32\TFTP3476 infected by "Backdoor.Win32.Rbot.15" Virus. Action Taken: No Action Taken. Tue Feb 08 14:53:46 2005 => File C:\WINDOWS\SYSTEM32\TFTP3816 infected by "Backdoor.Win32.Rbot.15" Virus. Action Taken: No Action Taken. Tue Feb 08 14:53:47 2005 => File C:\WINDOWS\SYSTEM32\TFTP708 infected by "Backdoor.Win32.Rbot.15" Virus. Action Taken: No Action Taken. Tue Feb 08 14:54:30 2005 => Total Files Scanned: 86087 Tue Feb 08 14:54:30 2005 => Total Virus(es) Found: 155 Tue Feb 08 14:54:30 2005 => Total Disinfected Files: 0 |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich habe hier schon oft mitgelesen und einige Hilfe dadurch erhalten, muss nun aber doch mal selber eine Frage stellen:
Ich bekomme die Adware-Prozesse AdStatKeep.exe und AdStatServ.exe nicht gelöscht! Im Hijack kann ich sie nicht fixen. Wenn ich sie im Taskmanager beende, sind sie nach dem nächsten Hochfahren wieder aktiv.
Ich poste hier mal das Hijack-Log.
Wäre toll, wenn einer weiter wüsste. Mein Computer hat nämlich mittlerweile massive Probleme (100% CPU).
Viele Grüße,
Heike
Logfile of HijackThis v1.98.2
Scan saved at 11:06:40, on 04.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\temp\salm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Programme\Microsoft ActiveSync\WCESMgr.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AdStatus Service\AdStatServ.exe
C:\Program Files\AdStatus Service\AdStatKeep.exe
C:\Programme\Windows NT\Zubehör\wordpad.exe
C:\Dokumente und Einstellungen\Heike Kirchhoff.NOTEBOOK\Lokale Einstellungen\Temp\Temporäres Verzeichnis 6 für hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.femity.net/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Status Monitor CLJ1500] C:\Programme\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled
O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106642013047
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{199AECC5-BF2C-4B44-AA44-36371B0DB075}: NameServer = 217.237.150.97 217.237.149.161
O17 - HKLM\System\CS1\Services\Tcpip\..\{199AECC5-BF2C-4B44-AA44-36371B0DB075}: NameServer = 217.237.150.97 217.237.149.161