nervigen Toolbar von "ISearch"+C:\WINDOWS\isrvs\ffisearch.exe

#0
28.03.2005, 15:04
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#1 habe dasselbe Problem mit dieser nervigen Toolbar von "ISearch". Vielleicht kannst du mir ja helfen. Bitte !!! *nerv*
Hier mein Hijackthis logfile:

Logfile of HijackThis v1.99.0
Scan saved at 15:40:15, on 28.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programme\Norton AntiVirus2004\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Norton AntiVirus2004\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\svhost32.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\ALGU.EXE
C:\WINDOWS\system32\SPOOLSV32.EXE
C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Dokumente und Einstellungen\Siesenop\Eigene Dateien\hijackthis199_beta\HijackThis.exe

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus2004\NavShExt.dll
O2 - BHO: ATDP Class - {E3D3AFEE-2172-4ef5-8509-1638AFFF0374} - C:\WINDOWS\atlass.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus2004\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SfWinStartInfo] C:\SFIRM32\sfWinStartupInfo.exe
O4 - HKLM\..\Run: [UsbD] C:\WINDOWS\system32\svhost32.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ALG32] C:\WINDOWS\system32\ALG32.EXE
O4 - HKCU\..\Run: [SPOOLSVU] C:\WINDOWS\system32\SPOOLSVU.EXE
O4 - HKCU\..\Run: [ALGU] C:\WINDOWS\system32\ALGU.EXE
O4 - HKCU\..\Run: [SPOOLSV32] C:\WINDOWS\system32\SPOOLSV32.EXE
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD0764B2-0CE0-401A-9474-213482A49C84}: NameServer = 205.188.146.145
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus2004\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus2004\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

hoffe, du weißt die Lösung.
Viele Grüße,
Sebastian
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.03.2005, 15:18
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#2 Hallo@Sebastian

•Hoster-Tool : http://members.aol.com/toadbee/hoster.zip
Press 'Restore Original Hosts' and press 'OK'
Exit Program.

•Download NOD32 Antivirus System--> scanne erst im abgesicherten Modus
http://www.nod32.de/download/download.php

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - (no file)
O2 - BHO: ATDP Class - {E3D3AFEE-2172-4ef5-8509-1638AFFF0374} - C:\WINDOWS\atlass.dll
O4 - HKLM\..\Run: [UsbD] C:\WINDOWS\system32\svhost32.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKCU\..\Run: [ALG32] C:\WINDOWS\system32\ALG32.EXE<--Trojan.StartPage.K
O4 - HKCU\..\Run: [SPOOLSVU] C:\WINDOWS\system32\SPOOLSVU.EXE<--Trojan.StartPage.K
O4 - HKCU\..\Run: [ALGU] C:\WINDOWS\system32\ALGU.EXE
O4 - HKCU\..\Run: [SPOOLSV32] C:\WINDOWS\system32\SPOOLSV32.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Kennen Sie die IP oder die Domäne '205.188.146.145' nicht, fixen.
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD0764B2-0CE0-401A-9474-213482A49C84}: NameServer = 205.188.146.145

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

PC neustarten


•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\isrvs\edmond.exe
C:\WINDOWS\isrvs\ffisearch.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\isrvs\mfiltis.dll
C:\WINDOWS\isrvs\sysupd.dll

C:\WINDOWS\HTASSUI.exe
C:\WINDOWS\htass.dll
C:\WINDOWS\system32\svhost32.exe
C:\WINDOWS\system32\ALGU.EXE
C:\WINDOWS\system32\ALG32.EXE
C:\WINDOWS\system32\SPOOLSV32.EXE
C:\WINDOWS\system32\SPOOLSVU.EXE
C:\WINDOWS\atlass.dll

PC neustarten--> in den abgesicherten Modus

C:\WINDOWS\isrvs <--loeschen
suche: ffisearch.exe/script.dat --> loeschen

•Download NOD32 Antivirus System--> scanne im abgesicherten Modus
Man sollte jedoch darauf achten, dass man die Einstellungen
dahingehend ändert das ALLE DATEIEN durchsucht werden.
Voreingestellt sind nur bestimmte Dateitypen.

----------------------------------------------------------------------
•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->


___________________________________________________________________________

INFO:

isrvs\desktop.exe Packed UPX <d70000.0.10>
isrvs\desktop.exe Infected not-a-virus:AdWare.ToolBar.ISearch.d <cd0000.0.e>
isrvs\edmond.exe OK <cf0000.0.9>
ffisearch.exe Packed UPX <d70000.0.10>
ffisearch.exe Archive AWinstall <ce0000.0.11>
ffisearch.exe/script.dat OK <cf0000.0.9>
ffisearch.exe/data0000 OK <cf0000.0.9>
isrvs\mfiltis.dll Packed UPX <d70000.0.10>
isrvs\mfiltis.dll Infected not-a-virus:AdWare.ToolBar.ISearch.d <cd0000.0.e>
isrvs\sysupd.dll Packed UPX <d70000.0.10>
isrvs\sysupd.dll Infected Trojan-Downloader.Win32.Ieser.a <cd0000.0.e>

ALGU.EXE
 O2 - BHO: ATDP Class - {E3D3AFEE-2172-4ef5-8509-1638AFFF0374} - C:\WINDOWS\atlass.dll
 O4 - HKCU\..\Run: [ALGU] C:\WINDOWS\System32\ALGU.EXE
[スタート] > [ファイル名を指定して実行] で
 regsvr32 /u :\WINDOWS\atlass.dll
手順の 4 で
 C:\WINDOWS\atlass.dll
 C:\WINDOWS\System32\ALGU.EXE

Trojan.StartPage.K
http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.k.html

# HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

# In the right pane, delete the values:

"ALG32" = "%System%\ALG32.EXE"
"SPOOLSVU" = "%System%\SPOOLSVU.EXE"

# Navigate to the subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6EC32A-7C19-4409-99E8-FC980BCDAF26}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTASS.HTDP
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTASS.HTDP.1

# In the right pane, delete the value:

"(Default)" = "HTDP Class"

# Navigate to the subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6EC32A-7C19-4409-99E8-FC980BCDAF26}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4677FF8F-7740-4A9C-9F5E-E93794A86E85}\1.0\0\win32
# In the right pane, delete the value:

"(Default)" = "%Windir%\htass.dll"

# Navigate to the subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6EC32A-7C19-4409-99E8-FC980BCDAF26}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTASS.HTDP\CurVer

# In the right pane, delete the value:

"(Default)" = "HTASS.HTDP.1"

# Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6EC32A-7C19-4409-99E8-FC980BCDAF26}\TypeLib

# In the right pane, delete the value:

"(Default)" = "{4677FF8F-7740-4a9c-9F5E-E93794A86E85}"

# Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6EC32A-7C19-4409-99E8-FC980BCDAF26}\VersionIndependentProgID

# In the right pane, delete the value:

"(Default)" = "HTASS.HTDP"

# Navigate to the subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTASS.HTDP\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTASS.HTDP.1\CLSID

# In the right pane, delete the value:

"(Default)" = "{9E6EC32A-7C19-4409-99E8-FC980BCDAF26}"

# Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4677FF8F-7740-4A9C-9F5E-E93794A86E85}\1.0

# In the right pane, delete the value:

"(Default)" = "HTASS 1.0 Type Library"

# Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4677FF8F-7740-4A9C-9F5E-E93794A86E85}\1.0\FLAGS

# In the right pane, delete the value:

"(Default)" = "0"

# Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4677FF8F-7740-4A9C-9F5E-E93794A86E85}\1.0\HELPDIR

# In the right pane, delete the value:

"(Default)" = "%Windir%"

# Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

# In the right pane, delete the values:

"MSMsgSvc" = ""
"SEHLPstp" = ""
"WTLBAstp" = ""

# Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

# In the right pane, delete the value:

"{9E6EC32A-7C19-4409-99E8-FC980BCDAF26}" = ""

# Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B6EF17E-18E5-4449-86EA-64C82D596EAE}

# In the right pane, delete the value:

"(Default)" = "IDOMPeek"

# Navigate to the subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B6EF17E-18E5-4449-86EA-64C82D596EAE}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B6EF17E-18E5-4449-86EA-64C82D596EAE}\ProxyStubClsid32

# In the right pane, delete the value:

"(Default)" = "{00020424-0000-0000-C000-000000000046}"

# Navigate to the subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B6EF17E-18E5-4449-86EA-64C82D596EAE}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}\TypeLib

# In the right pane, delete the values:

"(Default)" = "{4677FF8F-7740-4A9C-9F5E-E93794A86E85}"
"Version" = "1.0"

# Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}

# In the right pane, delete the value:

"(Default)" = "IDocEventHandler"

# Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

# In the right pane, delete the values:

"HTAssADutid" = "0x4134CCF1"
"HTAssutid" = "0x4134CFCB"
"HTAssittid" = "0x4134CD73"
"HTAssistid" = "0x4134CD73"
"HTAssiftid" = "0x4134CE3B"
"HTAssID" = "0x989681"
"HTAssBnxt" = "0x4134DFCF"

# Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HTAssLib

# In the right pane, delete the values:

"DisplayName" = "HTAss Library"
"UninstallString" = "%Windir%\HTASSUI.exe"

# Navigate to the subkeys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

# In the right pane, delete the value:

"Start Page" = "http:/ /default.home"

# Exit the Registry Editor.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.03.2005, 13:33
...neu hier

Beiträge: 2
#3 hatte heute noch keine Zeit, mache mich jetzt ran,
vielen Dank für deine Hilfe

die Toolbar ist ersteinmal adé, juhu :-)
Dieser Beitrag wurde am 30.03.2005 um 11:42 Uhr von shebass1122 editiert.
Seitenanfang Seitenende
03.04.2005, 17:09
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#4 Hallo@

Zitat

So, habe EScan durchlaufen lassen, der hat einen Virus gefunden, scheinbar den Trojaner? Jedoch kann EScan (da ich ja die Testversion habe) die Viren nicht löschen. Wie kann ich die jetzt entfernen?
Soll ich die Log von EScan posten?

Habe alle anderen Schritte erfolgreich durchgeführt.
Sebastian


wenn du 200 infizierte Datein gefunden hast...dann kopiere sie erst mal hier ins Forum (aber nicht doppelt)

-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.04.2005, 11:53
...neu hier

Beiträge: 2
#5 File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "avenue media Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "altnet Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ATLASSUI.exe infected by "Trojan.Win32.StartPage.ig" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\msxmidi.exe infected by "Trojan-Dropper.Win32.Small.vb" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\11yf05fg.exe infected by "not-a-virus:AdWare.F1Organizer.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\64wu86rd.exe infected by "not-a-virus:AdWare.F1Organizer.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\HeidiNorthcott_11yf05fg.exe infected by "Trojan-Dropper.Win32.Small.nt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\patch.exe infected by "not-a-virus:AdWare.ToolBar.ISearch.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\SHAgentNew.dll infected by "Trojan-Dropper.Win32.Small.mh" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Siesenop\LOKALE~1\Temp\ajdnjh.exe infected by "Trojan-Dropper.Win32.Small.vn" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Siesenop\LOKALE~1\Temp\fonmco.exe infected by "Trojan-Dropper.Win32.Small.vv" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Siesenop\LOKALE~1\Temp\ssvchst.exe infected by "Trojan-Downloader.Win32.Small.aqc" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Kname\Lokale Einstellungen\Temp\common.dll infected by "not-a-virus:AdWare.WebSearch.s" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Kname\Lokale Einstellungen\Temp\TBPS.exe infected by "not-a-virus:AdWare.WebSearch.h" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Kname\Lokale Einstellungen\Temp\toolbar.dll infected by "not-a-virus:AdWare.WebSearch.q" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Kname\Lokale Einstellungen\Temp\UpdatedUpdaterInstall.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\name\Eigene Dateien\hijackthis199_beta\backups\backup-20050329-205151-631.dll infected by "Trojan-Downloader.Win32.Small.aai" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\name\Lokale Einstellungen\Temp\ajdnjh.exe infected by "Trojan-Dropper.Win32.Small.vn" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\name\Lokale Einstellungen\Temp\fonmco.exe infected by "Trojan-Dropper.Win32.Small.vv" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\name\Lokale Einstellungen\Temp\ssvchst.exe infected by "Trojan-Downloader.Win32.Small.aqc" Virus. Action Taken: No Action Taken.
File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\KaZaA\TopSearch.dll infected by "not-a-virus:AdWare.Altnet.e" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\01F3240D.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\01FA58DD.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\0563311F infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\08C95BBD.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\0B3D2C0A.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\0EF329E4 infected by "not-a-virus:AdWare.PowerScan.b" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\11560EDD infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\115A38D9 infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\115D62D5 infected by "not-a-virus:AdWare.WinComm" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\11600CD2 infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\116336CE infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\12B76D20.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\12CC4AF0.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\12CF74EC.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\1653432F.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\16F36E7A infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\1A2108D4 infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\1AC10185.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\1B5572BD.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\1E3A42E8 infected by "Trojan-Downloader.Win32.IstBar.er" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\224969E8.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\224F3DE1.htm infected by "Trojan-Downloader.VBS.Psyme.j" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\261F2304.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\26224D00.class infected by "Trojan.Java.Femad" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\262676FC.ani infected by "Trojan-Downloader.Win32.Ani.b" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\262F74F2.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\26331EEE.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\294C07E0.html infected by "Trojan-Downloader.JS.Small.d" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\29CB7EE7 infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\2D7F093D.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\2DAE4076 infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\2EBA2762.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\35AA3650.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\3612224F.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\38B864ED.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\3C8C18B7.html infected by "Trojan-Downloader.JS.Small.d" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\3C8E46BB.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\3ED602CA.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\40422AC0 infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\41E31AD2.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\43D20461.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\45635956.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\4979613C infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\4A0D6110 infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\4A964140.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\4D0E6FBC infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\4F0550A3 infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\4F96479B infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\56253D3D infected by "not-a-virus:porn-Dialer.Win32.Intexdial" Virus. Action Taken: No Action aken.
File C:\Programme\Norton AntiVirus2004\Quarantine\585E4702.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\59A120D8 infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\5D1921C9 infected by "not-a-virus:AdWare.WinComm" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\624D31CD infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\640320E8 infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\65BE1A42.exe infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\65BE1A42.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\65C1443F.htm infected by "Trojan-Downloader.VBS.Psyme.j" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\66D47FA2 infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\6743304D infected by "Trojan-Downloader.Win32.Small.eb" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\6CC46C3A.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\6D3953B8.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\6D673930.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\6E76265E infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\6F935CE6 infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\6FB4640E.htm infected by "Trojan-Downloader.JS.Small.d" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\74A43A91.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\76932F1A infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\77D343CD.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\77D66DCA.htm infected by "Trojan-Downloader.JS.Small.d" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\7F4D6D46.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus2004\Quarantine\7F53413F.htm infected by "Trojan-Downloader.VBS.Psyme.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP224\A0100075.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP224\A0100076.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP224\A0100077.exe infected by "Trojan-Downloader.Win32.IstBar.er" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP224\A0100078.exe infected by "not-a-virus:AdWare.WinComm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP224\A0100079.exe infected by "not-a-virus:AdWare.WinComm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP250\A0145073.exe infected by "Trojan-Dropper.Win32.Agent.ge" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP253\A0145406.exe infected by "Trojan-Dropper.Win32.Small.vb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP253\A0145407.dll infected by "Trojan-Downloader.Win32.Small.aai" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP254\A0147537.EXE infected by "Trojan-Dropper.Win32.Small.vb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP254\A0147627.exe infected by "Trojan-Dropper.Win32.Small.vb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP254\A0147628.dll infected by "Trojan-Downloader.Win32.Small.aai" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP254\A0149611.DLL infected by "Trojan.Win32.Small.ds" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP254\A0150609.DLL infected by "Trojan.Win32.Small.ds" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP254\A0150627.exe infected by "Trojan.Win32.StartPage.ig" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150652.dll infected by "not-a-virus:AdWare.ToolBar.ToolBand.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150653.exe infected by "Trojan.Win32.StartPage.ig" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150672.exe infected by "Trojan-Dropper.Win32.Small.vd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150673.dll infected by "Trojan.Win32.Spabot.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150674.exe infected by "Trojan-Dropper.Win32.Small.vd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150675.exe infected by "Trojan-Spy.Win32.Small.ak" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150676.exe infected by "Backdoor.Win32.Thunk.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150677.exe infected by "Backdoor.Win32.Thunk.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150686.dll infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150687.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150688.dll infected by "Trojan.Win32.TopAntiSpyware.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150689.exe infected by "Trojan-Proxy.Win32.Agent.dl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150690.exe infected by "Trojan-Proxy.Win32.Agent.dl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150691.exe infected by "Trojan.Win32.TopAntiSpyware.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150692.dll infected by "Trojan.Win32.TopAntiSpyware.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150693.exe infected by "Trojan-Dropper.Win32.Small.oy" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150694.exe infected by "Backdoor.Win32.Jeemp.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150695.exe infected by "Backdoor.Win32.Jeemp.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150696.exe infected by "Trojan-Dropper.Win32.Small.vn" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150697.dll infected by "Trojan-Downloader.Win32.Small.anu" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150698.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150699.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150700.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150701.exe infected by "Trojan-Downloader.Win32.Small.amq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150703.dll infected by "Trojan-Downloader.Win32.Small.aai" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150709.EXE infected by "Trojan-Dropper.Win32.Small.vb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150716.DLL infected by "Trojan.Win32.Small.ds" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150717.DLL infected by "Trojan.Win32.Small.ds" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150718.DLL infected by "Trojan.Win32.Small.ds" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150719.exe infected by "Trojan-Dropper.Win32.Small.ve" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150720.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150721.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP255\A0150722.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154004.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154005.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154006.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154007.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154008.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154009.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154010.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154011.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154013.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154015.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154016.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154023.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154024.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154025.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154026.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154027.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154028.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154029.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0154081.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0156250.dll infected by "Trojan-Downloader.Win32.Small.aai" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0156261.dll infected by "Trojan-Downloader.Win32.Agent.kb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0156262.exe infected by "Trojan-Dropper.Win32.Agent.ge" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0156263.exe infected by "Trojan-Proxy.Win32.Agent.cj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0156264.EXE infected by "Trojan-Dropper.Win32.Small.vb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0156265.EXE infected by "Trojan-Dropper.Win32.Agent.ge" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0156266.EXE infected by "Trojan-Dropper.Win32.Small.vb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F44EEAA4-EEEF-48B8-A2CF-89026FB82A8B}\RP257\A0156267.EXE infected by "Trojan-Dropper.Win32.Agent.ge" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ATLASSUI.exe infected by "Trojan.Win32.StartPage.ig" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\browserxtras\pn\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\isrvs\desktop.exe infected by "not-a-virus:AdWare.ToolBar.ISearch.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\isrvs\edmond.exe infected by "Trojan.Win32.Delprot.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\isrvs\ffisearch.exe infected by "not-a-virus:AdWare.MDH.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\isrvs\isearch.xpi infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\isrvs\mfiltis.dll infected by "not-a-virus:AdWare.ToolBar.ISearch.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\isrvs\sysupd.dll infected by "Trojan-Downloader.Win32.Ieser.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\msxmidi.exe infected by "Trojan-Dropper.Win32.Small.vb" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\11yf05fg.exe infected by "not-a-virus:AdWare.F1Organizer.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\64wu86rd.exe infected by "not-a-virus:AdWare.F1Organizer.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\HeidiNorthcott_11yf05fg.exe infected by "Trojan-Dropper.Win32.Small.nt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\patch.exe infected by "not-a-virus:AdWare.ToolBar.ISearch.d" Virus. Action Taken: No Action Taken.
Seitenanfang Seitenende
09.04.2005, 16:53
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#6 Hallo@shebass1122

Deaktivieren Wiederherstellung
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\ATLASSUI.exe
C:\WINDOWS\browserxtras\pn\remove.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\isrvs\edmond.exe
C:\WINDOWS\isrvs\ffisearch.exe
C:\WINDOWS\isrvs\isearch.xpi
C:\WINDOWS\isrvs\mfiltis.dll
C:\WINDOWS\isrvs\sysupd.dll
C:\WINDOWS\msxmidi.exe
C:\WINDOWS\system32\11yf05fg.exe
C:\WINDOWS\system32\64wu86rd.exe
C:\WINDOWS\system32\HeidiNorthcott_11yf05fg.exe
C:\WINDOWS\system32\patch.exe
C:\WINDOWS\system32\SHAgentNew.dll

C:\Dokumente und Einstellungen\Kname\Lokale Einstellungen\Temp\common.dll
C:\Dokumente und Einstellungen\Kname\Lokale Einstellungen\Temp\TBPS.exe
C:\Dokumente und Einstellungen\Kname\Lokale Einstellungen\Temp\toolbar.dll
C:\Dokumente und Einstellungen\Kname\Lokale Einstellungen\Temp\UpdatedUpdaterInstall.exe
C:\Dokumente und Einstellungen\name\Eigene Dateien\hijackthis199_beta\backups\backup-20050329-205151-631.dll
C:\Dokumente und Einstellungen\name\Lokale Einstellungen\Temp\ajdnjh.exe
C:\Dokumente und Einstellungen\name\Lokale Einstellungen\Temp\fonmco.exe
C:\Dokumente und Einstellungen\name\Lokale Einstellungen\Temp\ssvchst.exe

PC neustarten

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

loesche;)ueberpruefe, ob es noch da ist;)
C:\Dokumente und Einstellungen\Kname\Lokale Einstellungen\Temp\common.dll
C:\Dokumente und Einstellungen\Kname\Lokale Einstellungen\Temp\TBPS.exe
C:\Dokumente und Einstellungen\Kname\Lokale Einstellungen\Temp\toolbar.dll
C:\Dokumente und Einstellungen\Kname\Lokale Einstellungen\Temp\UpdatedUpdaterInstall.exe

C:\Dokumente und Einstellungen\name\Lokale Einstellungen\Temp\ajdnjh.exe
C:\Dokumente und Einstellungen\name\Lokale Einstellungen\Temp\fonmco.exe
C:\Dokumente und Einstellungen\name\Lokale Einstellungen\Temp\ssvchst.exe

Loesche: (am besten im abgesicherten Modus)
C:\WINDOWS\isrvs\

•Online-Scann (Panda)
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
(berichte vom Scann)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende