Trojan Horse Dialer.22.AQ ? kommt immer wieder ! Wie ändere ich das ?

#0
15.04.2005, 11:01
...neu hier

Beiträge: 7
#1 Der o.g. Dialer kommt immer wieder und wird von meinem Virenscaner erkannt.
Wie kriege ich den los ?

Achja, mein Logfile Aktuell:

Logfile of HijackThis v1.99.1
Scan saved at 10:57:36, on 15.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Messenger\msmsgs.exe
C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Programme\SAGEM\SAGEM F@st840\DSLMON.exe
C:\Programme\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Programme\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Programme\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Coolspot\Dialer Control\dc.exe
C:\Programme\a2\a2guard.exe
C:\Programme\Avant Browser\avant.exe
C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\ws.js
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dialer Control] C:\Programme\Coolspot\Dialer Control\dc.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Quicknote] C:\Programme\Quicknote\quicknote.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Personal ID] C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
O4 - HKCU\..\Run: [a-squared] "C:\Programme\a2\a2guard.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\SAGEM\SAGEM F@st840\DSLMON.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Programme\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programme\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\googletoolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - C:\Programme\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Hervorheben - C:\Programme\Avant Browser\Highlight.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\googletoolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Suchen - C:\Programme\Avant Browser\Search.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\googletoolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - C:\Programme\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - C:\Programme\Avant Browser\OpenAllLinks.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CD9C3F0-CAB0-4D26-8FA7-8DBB38185A87}: NameServer = 62.27.27.62 62.27.53.66
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe

Danke Gruß Harald
Seitenanfang Seitenende
15.04.2005, 14:45
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@Harald ehall

•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/virus/savemode.shtml

und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory

-->und "Scan " klicken.

•Gehe wieder in den Normalmodus:

•mache bitte folgendes:
nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du "infected" ein

•jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
•und ganz unten steht die zusammenfassung, diese auch hier posten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.04.2005, 20:16
...neu hier

Themenstarter

Beiträge: 7
#3 Hallo @Sabina

hier die infested Zeilen plus das ergebnis von unten nach Escan

Apr 15 18:26:53 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Fri Apr 15 18:26:53 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
Fri Apr 15 18:29:28 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Fri Apr 15 18:29:28 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
Fri Apr 15 18:30:41 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
fri Apr 15 18:30:41 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
Fri Apr 15 18:33:14 2005 => File C:\DOKUME~1\Harald\LOKALE~1\Temp\sahagent.exe infected by "not-a-virus:AdWare.Sahat.h" Virus. Action Taken: No Action Taken.
Fri Apr 15 18:45:29 2005 => Scanning File C:\DOKUME~1\Harald\LOKALE~1\TEMPOR~1\Content.IE5\AHDANIT0\infected6xz[1].gif
Fri Apr 15 19:13:19 2005 => File C:\DOKUME~1\Harald\LOKALE~1\TEMPOR~1\Content.IE5\RH4JT30S\a775a972[1].js infected by "Trojan-Downloader.JS.Small.af" Virus. Action Taken: No Action Taken.
Fri Apr 15 19:14:30 2005 => File C:\DOKUME~1\Harald\LOKALE~1\TEMPOR~1\Content.IE5\RH4JT30S\ysb_prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: No Action Taken.
Fri Apr 15 19:14:30 2005 => File C:\DOKUME~1\Harald\LOKALE~1\TEMPOR~1\Content.IE5\RH4JT30S\ysb_prompt[2].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: No Action Taken.

Fri Apr 15 19:54:25 2005 => ***** Scanning complete. *****

Fri Apr 15 19:54:25 2005 => Total Objects Scanned: 64466
Fri Apr 15 19:54:26 2005 => Total Virus(es) Found: 5
Fri Apr 15 19:54:26 2005 => Total Disinfected Files: 0
Seitenanfang Seitenende
16.04.2005, 00:08
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Hallo@Harald ehall

CCleaner--> loesche alle *temp-Datein
http://www.ccleaner.com/ccdownload.asp



------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
loesche:
C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RH4JT30S\a775a972[1].js
C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RH4JT30S\ysb_prompt[1].htm
C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RH4JT30S\ysb_prompt[2].htm

suche/loesche:
sfbho.dll
sidefind.dll
srchfst.dll
C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Temp\\sidefind.exe
c:\program files\sidefind\update\sidefind.exe
c:\program files\sidefind\sidefind13.dll

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann

•Online-Scann (Panda)
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
(berichte bitte vom Scann)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.04.2005, 10:34
...neu hier

Themenstarter

Beiträge: 7
#5 Ad-Aware SE Build 1.05
Logfile Created on:Samstag, 16. April 2005 10:17:00
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R39 15.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


16.04.2005 10:17:00 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 372
ThreadCreationTime : 16.04.2005 08:15:52
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 420
ThreadCreationTime : 16.04.2005 08:15:56
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 444
ThreadCreationTime : 16.04.2005 08:15:58
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 16.04.2005 08:15:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 16.04.2005 08:15:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 640
ThreadCreationTime : 16.04.2005 08:15:59
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 16.04.2005 08:15:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 728
ThreadCreationTime : 16.04.2005 08:16:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 768
ThreadCreationTime : 16.04.2005 08:16:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [incdsrv.exe]
FilePath : C:\Programme\Ahead\InCD\
ProcessID : 788
ThreadCreationTime : 16.04.2005 08:16:00
BasePriority : Normal
FileVersion : 4, 3, 11, 1
ProductVersion : 4, 3, 11, 1
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 960
ThreadCreationTime : 16.04.2005 08:16:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1040
ThreadCreationTime : 16.04.2005 08:16:02
BasePriority : Normal


#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1112
ThreadCreationTime : 16.04.2005 08:16:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1120
ThreadCreationTime : 16.04.2005 08:16:02
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:15 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1240
ThreadCreationTime : 16.04.2005 08:16:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:16 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1356
ThreadCreationTime : 16.04.2005 08:16:03
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:17 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1424
ThreadCreationTime : 16.04.2005 08:16:06
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:18 [dcfssvc.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 1480
ThreadCreationTime : 16.04.2005 08:16:07
BasePriority : Normal
FileVersion : 1.1.4100.0
ProductVersion : 3.2.0400.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright (C) Eastman Kodak Co. 2000-1
OriginalFilename : DcFsSvc.exe

#:19 [kodakccs.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 1560
ThreadCreationTime : 16.04.2005 08:16:07
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright (C) Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1712
ThreadCreationTime : 16.04.2005 08:16:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1752
ThreadCreationTime : 16.04.2005 08:16:08
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:22 [realsched.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\
ProcessID : 1836
ThreadCreationTime : 16.04.2005 08:16:09
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:23 [jusched.exe]
FilePath : C:\Programme\Java\j2re1.4.2_05\bin\
ProcessID : 1844
ThreadCreationTime : 16.04.2005 08:16:09
BasePriority : Normal


#:24 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1860
ThreadCreationTime : 16.04.2005 08:16:09
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:25 [incd.exe]
FilePath : C:\Programme\Ahead\InCD\
ProcessID : 1880
ThreadCreationTime : 16.04.2005 08:16:10
BasePriority : Normal
FileVersion : 4, 3, 11, 1
ProductVersion : 4, 3, 11, 1
ProductName : Nero AG InCD
CompanyName : Nero AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : InCD.exe

#:26 [qttask.exe]
FilePath : C:\Programme\QuickTime\
ProcessID : 1896
ThreadCreationTime : 16.04.2005 08:16:10
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:27 [wcescomm.exe]
FilePath : C:\Programme\Microsoft ActiveSync\
ProcessID : 1904
ThreadCreationTime : 16.04.2005 08:16:10
BasePriority : Normal
FileVersion : 3.7.1.3244
ProductVersion : 3.7.3244
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2003 Microsoft Corp. Alle Rechte vorbehalten.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:28 [msmsgs.exe]
FilePath : C:\Programme\Messenger\
ProcessID : 1916
ThreadCreationTime : 16.04.2005 08:16:10
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:29 [pid.exe]
FilePath : C:\PROGRA~1\COOLSPOT\PERSON~1\
ProcessID : 1928
ThreadCreationTime : 16.04.2005 08:16:10
BasePriority : Normal
FileVersion : 1.3.2.93
ProductVersion : 1.1
ProductName : Personal ID
CompanyName : Coolspot AG
InternalName : PersonalID
LegalCopyright : © 2003 Coolspot AG
OriginalFilename : PID.EXE
Comments : Powered by Oleg Chensky

#:30 [mfindexer.exe]
FilePath : C:\Corel\Graphics8\Programs\
ProcessID : 132
ThreadCreationTime : 16.04.2005 08:16:11
BasePriority : Normal
FileVersion : 8.369
ProductVersion : 8.369
ProductName : CorelDRAW (TM)
CompanyName : Corel Corporation
FileDescription : Utility which indexes Corel Media Folders
InternalName : Corel Media Indexer
LegalCopyright : Copyright © 1988-1998 Corel Corporation.
LegalTrademarks : CorelDRAW (TM)
OriginalFilename : MFIndexer.exe

#:31 [dslmon.exe]
FilePath : C:\Programme\SAGEM\SAGEM F@st840\
ProcessID : 148
ThreadCreationTime : 16.04.2005 08:16:11
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DSLMON Application
FileDescription : ADIMON MFC Application
InternalName : DSLMON
LegalCopyright : Copyright (C) 2000
OriginalFilename : ADIMON.EXE

#:32 [hpobrt07.exe]
FilePath : C:\Programme\Hewlett-Packard\AiO\hp psc 700 series\Bin\
ProcessID : 140
ThreadCreationTime : 16.04.2005 08:16:11
BasePriority : Normal
FileVersion : 2.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBRT07
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOBRT07.EXE
Comments : HP OfficeJet PSC 7 Series COM Device Objects

#:33 [easyshare.exe]
FilePath : C:\Programme\KODAK\Kodak EasyShare software\bin\
ProcessID : 176
ThreadCreationTime : 16.04.2005 08:16:11
BasePriority : Normal
FileVersion : 5, 0, 4, 128
ProductVersion : 4, 0, 2, 134
ProductName : Kodak EasyShare software
CompanyName : Eastman Kodak Company
FileDescription : Kodak EasyShare software
InternalName : EasyShare
LegalCopyright : Copyright © Eastman Kodak Company 2002
LegalTrademarks : EasyShare
OriginalFilename : EasyShare.exe

#:34 [kodak software updater.exe]
FilePath : C:\Programme\KODAK\KODAK Software Updater\7288971\Program\
ProcessID : 184
ThreadCreationTime : 16.04.2005 08:16:12
BasePriority : Normal


#:35 [wzqkpick.exe]
FilePath : C:\Programme\WinZip\
ProcessID : 188
ThreadCreationTime : 16.04.2005 08:16:12
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028g)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: German

#:36 [hpoevm07.exe]
FilePath : C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\
ProcessID : 980
ThreadCreationTime : 16.04.2005 08:16:17
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM07
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOEVM07.EXE
Comments : HP OfficeJet COM Event Manager

#:37 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2072
ThreadCreationTime : 16.04.2005 08:16:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:38 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2264
ThreadCreationTime : 16.04.2005 08:16:37
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:39 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2268
ThreadCreationTime : 16.04.2005 08:16:37
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:40 [hposts07.exe]
FilePath : C:\Programme\Hewlett-Packard\AiO\Shared\bin\
ProcessID : 2352
ThreadCreationTime : 16.04.2005 08:16:47
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS07
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOCPY07.EXE
Comments : HP OfficeJet Status

#:41 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2400
ThreadCreationTime : 16.04.2005 08:16:55
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : wuauclt.exe

#:42 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 2492
ThreadCreationTime : 16.04.2005 08:16:57
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


10:31:00 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:00.593
Objects scanned:156560
Objects identified:0
Objects ignored:0
New critical objects:0

-----------------

Bericht vom Panda Scan :


Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\istactivex.???
Adware:Adware/PowerScan No disinfected Windows Registry
Adware:Adware/SideSearch No disinfected C:\Programme\Lycos
Adware:Adware/SideFind No disinfected Windows Registry
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\ISTactivex.inf
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmlparse.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmltok.dll [/b]
Dieser Beitrag wurde am 16.04.2005 um 11:49 Uhr von Harald ehall editiert.
Seitenanfang Seitenende
16.04.2005, 15:24
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Hallo@Harald ehall

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\Downloaded Program Files\istactivex.dll
C:\WINDOWS\Downloaded Program Files\ISTactivex.inf
C:\WINDOWS\system32\xmlparse.dll
C:\WINDOWS\system32\xmltok.dll

neustarten

FxIstbar.exe--> scannen
http://bilder.informationsarchiv.net/Nikitas_Tools/FxIstbar.exe

C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Temp\sahagent.exe<--loeschen

C:\WINDOWS\Temp\
C:\Temp\
leere diese Ordner

Onlinescanns (berichte)
http://www.pcpitstop.com/freescan/
http://www.bitdefender.de/scan/licence.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.04.2005, 19:41
...neu hier

Themenstarter

Beiträge: 7
#7 Hallo Sabina

erstmal vieln dank für die schnellen Antworten und deine Hilfe !!

Diese zwei kann ich über die Killbox nicht finden

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\Downloaded Program Files\istactivex.dll
C:\WINDOWS\Downloaded Program Files\ISTactivex.inf


Sind die dann schon geloescht ?
Seitenanfang Seitenende
16.04.2005, 20:47
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 scanne bitte noch mal mit panda (zur Ueberpruefung)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.04.2005, 21:35
...neu hier

Themenstarter

Beiträge: 7
#9 Onlinescanns (berichte)
http://www.pcpitstop.com/freescan/

McAfee FreeScan detected NO viruses!
With over 80,000 computer viruses identified and another 500 discovered each month,
Why take chances? Get immediate virus protection with McAfee VirusScan Online. Buy Now! Learn More...
Seitenanfang Seitenende
16.04.2005, 21:46
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 Harald ehall

•Onlinescann" eTrust Antivirus"(nur mit IE moeglich)
http://www.my-etrust.com/products/pestscan/pestscan.cfm?WebRefferalAffiliate=pscanca%20
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.04.2005, 22:04
...neu hier

Themenstarter

Beiträge: 7
#11 eTrust

Pest detecdet: 26

--

Kann aber nicht so gut englisch, was muß ich nach dem scannen bei eTrust machen ?

-----------------

Zitat

Sabina postete
scanne bitte noch mal mit panda (zur Ueberpruefung)



Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\istactivex.???
Adware:Adware/SideSearch No disinfected C:\Programme\Lycos
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\ISTactivex.inf


Das komische ist das dieser Istactivex immer wieder auftaucht, aber in c: windows so oder mit der Kilbox nicht zu finden ist.

Gibts da ne andere Lösung ?
Dieser Beitrag wurde am 17.04.2005 um 01:05 Uhr von Harald ehall editiert.
Seitenanfang Seitenende
17.04.2005, 22:43
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 Hallo@Harald ehall

C:\WINDOWS\Downloaded Program Files\

einfach alles loeschen, was du findest und nicht zuordnen kannst (im abgesicherten Modus)

------------

kann man im etrust die verseuchten Dateien sehen und abkopieren? Oder wird nur angezeigt, dass es 26 verseuchte Dateien gibt?

--------------
suche/loesche:

# C:\Program Files\Save
# rechts-->, doppelklick auf: SaveUninst.exe
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.04.2005, 00:14
...neu hier

Themenstarter

Beiträge: 7
#13

Zitat

Sabina postete
Hallo@Harald ehall

C:\WINDOWS\Downloaded Program Files\

einfach alles loeschen, was du findest und nicht zuordnen kannst (im abgesicherten Modus)

------------

kann man im etrust die verseuchten Dateien sehen und abkopieren? Oder wird nur angezeigt, dass es 26 verseuchte Dateien gibt?

--------------
suche/loesche:

# C:\Program Files\Save
# rechts-->, doppelklick auf: SaveUninst.exe



Also bei E-Trust wird angezeigt, kann man aber nicht kopieren.
Morgen wenn ich Zeit habe nach der Arbeit tippe ich das mal ab
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: