Trojaner Win32.Agent.xxx hat sich eingenistet

#0
10.06.2005, 21:59
...neu hier

Beiträge: 3
#1 Hallo
Ein HiJackThis-Scan brachte seltsame Einträge zu Tage - hab sie nach nem Online-Check gefixt aber sie kamen immer wieder oder andere. Norton sagte Alles ok, Antivir monierte 2-3 Trojaner, AdAware auch ein bisserl was - alles gelöscht, aber jedesmal wieder waren dann einfach andere Meldungen da.
Nach x-maligen Virenscans und HiJackFixes schien es ok, doch ein Scan mit eScan brachte doch noch einiges zutage...kann ich die einfach löschen und alles ist wieder in Butter? Gruss und Danke im voraus - Benny
Hier die Scan-Ergebnisse:
Logfile of HijackThis v1.99.0
Scan saved at 20:51:23, on 09.06.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Prog\CD\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
D:\Prog\Virus\NortonAV2004\navapsvc.exe
D:\Prog\Virus\NortonAV2004\SAVScan.exe
D:\Prog\Online\SIGNAL IDUNA Personal Firewall\driver\spfirewallsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\DCxxMjpgControl.exe
D:\Prog\Virus\PestPatrol\PPMemCheck.exe
D:\Prog\Virus\PestPatrol\CookiePatrol.exe
D:\Prog\Online\Atomzeit\PTBSync\PTBSync.exe
D:\prog\online\signal iduna personal firewall\bin\sppfw.exe
D:\Prog\CD\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\HDD Thermometer\HDD Thermometer.exe
C:\Programme\WinZip\WZQKPICK.EXE
D:\Prog\Online\OnlineCounter\OnlineCounter.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\iejs.exe
C:\WINDOWS\sdkml32.exe
D:\Prog\Virus\HiJackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {2A5D80E2-4EE2-47AD-FEB2-73CBFF84A720} - C:\WINDOWS\javagw32.dll
O2 - BHO: Class - {8B818F6C-9632-19DE-8680-233C397A97AD} - C:\WINDOWS\system32\iewi.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Prog\Virus\NortonAV2004\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DCxxCTRL] C:\WINDOWS\System32\DCxxMjpgControl.exe Autostart
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PPMemCheck] D:\Prog\Virus\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] D:\Prog\Virus\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [PTBSync] D:\Prog\Online\Atomzeit\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [Securepoint Personal Firewall] d:\prog\online\signal iduna personal firewall\bin\sppfw.exe
O4 - HKLM\..\Run: [InCD] D:\Prog\CD\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [sdkml32.exe] C:\WINDOWS\sdkml32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Programme\HDD Thermometer\HDD Thermometer.exe
O4 - Startup: Outlook.lnk = ?
O4 - Startup: OnlineCounter 2004-Autostart.lnk = D:\Prog\Online\OnlineCounter\OnlineCounter-Autostart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/ac.../ActiveData.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper - Ahead Software AG - D:\Prog\CD\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - D:\Prog\Virus\NortonAV2004\navapsvc.exe
O23 - Service: Sandra Data Service - SiSoftware - D:\Prog\Tools\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - D:\Prog\Tools\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Prog\Virus\NortonAV2004\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Securepoint Personal Firewall - Securepoint Latinoamerica S.A. de C.V. - D:\Prog\Online\SIGNAL IDUNA Personal Firewall\driver\spfirewallsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

Funde für "infected"
Fri Jun 10 12:54:34 2005 => File C:\WINDOWS\wxitqv.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:40 2005 => File C:\WINDOWS\pgsxfi.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:43 2005 => File C:\WINDOWS\vgrmpv.txt infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:43 2005 => File C:\WINDOWS\fivflh.txt infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:43 2005 => File C:\WINDOWS\xpnwsy.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:43 2005 => File C:\WINDOWS\xatqdb.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:45 2005 => File C:\WINDOWS\crte.dll infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:45 2005 => File C:\WINDOWS\ttoavi.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:45 2005 => File C:\WINDOWS\btwnby.log infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:45 2005 => File C:\WINDOWS\vjqzst.txt infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:45 2005 => File C:\WINDOWS\nkjeuv.txt infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:46 2005 => File C:\WINDOWS\qeuxhp.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:46 2005 => File C:\WINDOWS\uxmkxz.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:46 2005 => File C:\WINDOWS\rhnucv.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:46 2005 => File C:\WINDOWS\ngwomm.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:46 2005 => File C:\WINDOWS\xugogr.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:46 2005 => File C:\WINDOWS\avrhcm.txt infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:46 2005 => File C:\WINDOWS\leukxi.txt infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:46 2005 => File C:\WINDOWS\wgxvtv.log infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:46 2005 => File C:\WINDOWS\swngma.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:46 2005 => File C:\WINDOWS\tptawd.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:47 2005 => File C:\WINDOWS\wfrrrh.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:47 2005 => File C:\WINDOWS\qgpprx.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:47 2005 => File C:\WINDOWS\cqacjq.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:47 2005 => File C:\WINDOWS\nslvgd.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:47 2005 => File C:\WINDOWS\cxoncw.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:47 2005 => File C:\WINDOWS\cptpmz.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:47 2005 => File C:\WINDOWS\vizjpc.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:47 2005 => File C:\WINDOWS\vydlbm.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:48 2005 => File C:\WINDOWS\kpbpte.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:48 2005 => File C:\WINDOWS\mkzfro.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:48 2005 => File C:\WINDOWS\ndfhbr.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:48 2005 => File C:\WINDOWS\lyltir.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:48 2005 => File C:\WINDOWS\tqclrt.txt infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:48 2005 => File C:\WINDOWS\lrvztw.txt infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:48 2005 => File C:\WINDOWS\pmevxh.txt infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:48 2005 => File C:\WINDOWS\sghftc.log infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:48 2005 => File C:\WINDOWS\ifwars.txt infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:48 2005 => File C:\WINDOWS\lhotrw.log infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:54:49 2005 => File C:\WINDOWS\dzhhlg.log infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:56:55 2005 => File C:\WINDOWS\System32\old-mfcnn.dlx infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 12:58:42 2005 => File C:\WINDOWS\system32\old-mfcnn.dlx infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:03:49 2005 => File C:\WINDOWS\wxitqv.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:04:53 2005 => File C:\WINDOWS\pgsxfi.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:15 2005 => File C:\WINDOWS\vgrmpv.txt infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:15 2005 => File C:\WINDOWS\fivflh.txt infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:17 2005 => File C:\WINDOWS\xpnwsy.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:17 2005 => File C:\WINDOWS\xatqdb.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:19 2005 => File C:\WINDOWS\crte.dll infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:19 2005 => File C:\WINDOWS\ttoavi.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:19 2005 => File C:\WINDOWS\btwnby.log infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:20 2005 => File C:\WINDOWS\vjqzst.txt infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:20 2005 => File C:\WINDOWS\nkjeuv.txt infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:20 2005 => File C:\WINDOWS\qeuxhp.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:20 2005 => File C:\WINDOWS\uxmkxz.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:20 2005 => File C:\WINDOWS\rhnucv.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:20 2005 => File C:\WINDOWS\ngwomm.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:20 2005 => File C:\WINDOWS\xugogr.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:21 2005 => File C:\WINDOWS\avrhcm.txt infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:21 2005 => File C:\WINDOWS\leukxi.txt infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:21 2005 => File C:\WINDOWS\wgxvtv.log infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:21 2005 => File C:\WINDOWS\swngma.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:21 2005 => File C:\WINDOWS\tptawd.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:21 2005 => File C:\WINDOWS\wfrrrh.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:21 2005 => File C:\WINDOWS\qgpprx.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:21 2005 => File C:\WINDOWS\cqacjq.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:21 2005 => File C:\WINDOWS\nslvgd.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:21 2005 => File C:\WINDOWS\cxoncw.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:22 2005 => File C:\WINDOWS\cptpmz.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:22 2005 => File C:\WINDOWS\vizjpc.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:22 2005 => File C:\WINDOWS\vydlbm.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:22 2005 => File C:\WINDOWS\kpbpte.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:22 2005 => File C:\WINDOWS\mkzfro.dat infected by "Trojan-Downloader.Win32.Agent.pe" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:22 2005 => File C:\WINDOWS\ndfhbr.dat infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:22 2005 => File C:\WINDOWS\lyltir.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:23 2005 => File C:\WINDOWS\tqclrt.txt infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:23 2005 => File C:\WINDOWS\lrvztw.txt infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:23 2005 => File C:\WINDOWS\pmevxh.txt infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:23 2005 => File C:\WINDOWS\sghftc.log infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:23 2005 => File C:\WINDOWS\ifwars.txt infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:23 2005 => File C:\WINDOWS\lhotrw.log infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:05:23 2005 => File C:\WINDOWS\dzhhlg.log infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:24:09 2005 => File C:\mitiyxxx.chm infected by "Trojan.Win32.Dialer.ce" Virus! Action Taken: No Action Taken.
Fri Jun 10 13:24:10 2005 => File C:\haawa.chm infected by "Trojan.Win32.Dialer.bh" Virus! Action Taken: No Action Taken.
Fri Jun 10 14:45:03 2005 => File F:\Daten\PC-Dok\ex-sp.html infected by "Trojan.JS.StartPage.u" Virus! Action Taken: No Action Taken.

Funde für "tagged"

Fri Jun 10 12:56:51 2005 => File C:\WINDOWS\System32\unregister.exe tagged as "not-a-virus:AdWare.ToolBar.VB.f". Action Taken: No Action Taken.
Fri Jun 10 12:58:40 2005 => File C:\WINDOWS\system32\unregister.exe tagged as "not-a-virus:AdWare.ToolBar.VB.f". Action Taken: No Action Taken.
Fri Jun 10 13:30:42 2005 => File D:\Prog\Online\KaZaA Lite\My Shared Folder\download10781433776133108.dat tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 13:30:43 2005 => File D:\Prog\Online\KaZaA Lite\My Shared Folder\download111004787012629139.dat tagged as "not-a-virus:porn-Dialer.Win32.Intexdial". Action Taken: No Action Taken.
Fri Jun 10 13:58:32 2005 => File D:\Prog\Screensaver\Winter\uninstal.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Jun 10 14:44:59 2005 => File F:\Daten\PC-Dok\Aida32 3.75\aida32ee_375.zip tagged as not-a-virus:Tool.Win32.AIDA.3862. No Action Taken.

Fri Jun 10 18:02:57 2005 => File I:\Downloads\CD-DVD\DVD\DVD Shrink v.3.0.5.exe tagged as not-a-virus:Tool.Win32.Gendel.a. No Action Taken.
Fri Jun 10 18:03:41 2005 => File I:\Downloads\CD-DVD\DVD\NEU-April2002\Capture\PICVIDEO2.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 18:03:42 2005 => File I:\Downloads\CD-DVD\DVD\NEU-April2002\DivXPro5GAINBundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 18:37:42 2005 => File I:\Downloads\Grafik\Photomodeller-2d-3d\pmlt31a.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 18:39:15 2005 => File I:\Downloads\Lernen\Rechnen 1-4 Kl\bunny95p.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 18:39:15 2005 => File I:\Downloads\Lernen\Rechnen 1-4 Kl\einsp.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 18:39:16 2005 => File I:\Downloads\Lernen\Rechtschreiben\conp.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 18:40:15 2005 => File I:\Downloads\Media\DivX\DivX5.03\DivXPro503GAINBun dle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 18:44:03 2005 => File I:\Downloads\Media\Screensaver\LaetitiaCasta.exe tagged as "not-a-virusialer.Win32.gen". Action Taken: No Action Taken.
Fri Jun 10 18:44:04 2005 => File I:\Downloads\Media\Screensaver\waterfree.exe tagged as "not-a-virus:AdWare.SaveNow.aq". Action Taken: No Action Taken.
Fri Jun 10 18:46:37 2005 => File I:\Downloads\Media\Wav-to-mp3\setupwavtomp3.exe tagged as "not-a-virus:AdWare.Gator.1050". Action Taken: No Action Taken.
Fri Jun 10 18:47:57 2005 => File I:\Downloads\Mix\dcmsetup.zip tagged as not-a-virus:Tool.Win32.Gendel.a. No Action Taken.
Fri Jun 10 18:48:35 2005 => File I:\Downloads\Mix\gags\fun\Bierkrug.zip tagged as not-a-virus:Joke.Win16.HowDrunk. No Action Taken.
Fri Jun 10 18:48:35 2005 => File I:\Downloads\Mix\gags\fun\sheep.zip tagged as not-a-virus:Effect.Win16.Sheep. No Action Taken.
Fri Jun 10 18:49:55 2005 => File I:\Downloads\Mix\pinsetup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 18:50:04 2005 => File I:\Downloads\Mix\Screensaver\amazingsunset.exe tagged as "not-a-virus:AdWare.Gator.3103". Action Taken: No Action Taken.
Fri Jun 10 18:50:08 2005 => File I:\Downloads\Mix\Screensaver\villagefree4.exe tagged as "not-a-virus:AdWare.ToolBar.Exact". Action Taken: No Action Taken.
Fri Jun 10 18:50:10 2005 => File I:\Downloads\Mix\Screensaver\WeihanchtsScreensaver \wintersw.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 18:50:12 2005 => File I:\Downloads\Mix\Sprüche&Zitate\Sprc00.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 18:50:47 2005 => File I:\Downloads\Mix\xmp330at.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 18:57:27 2005 => File I:\Downloads\Office\Office-Zubehör\Office-Addon\DatumsAss\xldat2k.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 18:57:58 2005 => File I:\Downloads\Office\Office-Zubehör\Visitenkarten\Visit.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:00:27 2005 => File I:\Downloads\Online\Downloadmanager\GetRight 4.5d\getrt45d.exe tagged as "not-a-virus:AdWare.Gator.1050". Action Taken: No Action Taken.
Fri Jun 10 19:00:51 2005 => File I:\Downloads\Online\eDonkey59c.exe tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken.
Fri Jun 10 19:02:35 2005 => File I:\Downloads\Online\Tauschbörsen\EDonkey\eDonkey61 .exe tagged as "not-a-virus:AdWare.EZula.j". Action Taken: No Action Taken.
Fri Jun 10 19:03:41 2005 => File I:\Downloads\Spiele\Backgammon\Backgam.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:06:53 2005 => File I:\Downloads\Tools\doppelteDateien\morspc95.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:07:58 2005 => File I:\Downloads\Tools\System\VB Laufzeitdateien\Vbrun50.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:08:02 2005 => File I:\Downloads\Tools\SystemCheck\aida32ee_350.zip tagged as not-a-virus:Tool.Win32.AIDA.3862. No Action Taken.
Fri Jun 10 19:10:18 2005 => File I:\Downloads\Treiber\Updates+Bugfixes für DSL\befaster.exe tagged as "not-a-virus:AdWare.NavExcel". Action Taken: No Action Taken.
Fri Jun 10 19:10:31 2005 => File I:\Downloads\Updates\DivX\DivXPro502GAINBundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:10:45 2005 => File I:\Downloads\Updates\Microsoft-UPD-05.02\MicrosoftOffice\Rechtschreibung\spdeu9x.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:11:34 2005 => File I:\Downloads\Updates\Video\DivX501Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:17:15 2005 => File I:\NEU von CD\Babylon\Babylon-Upd-090401\babylon-update.exe tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken.
Fri Jun 10 19:17:15 2005 => File I:\NEU von CD\back32.zip\SETUP32.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:17:15 2005 => File I:\NEU von CD\Backup\BS-Backup-32\back32.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:17:53 2005 => File I:\NEU von CD\Email-Handy\dmail160.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:17:53 2005 => File I:\NEU von CD\Email-Handy\dmpro132.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:18:03 2005 => File I:\NEU von CD\Grafik\ImageWalker\imgwalk.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:18:05 2005 => File I:\NEU von CD\Grafik\UltimateFX1.3\ufx.zip tagged as "not-a-virus:AdWare.Aureate.a". Action Taken: No Action Taken.
Fri Jun 10 19:18:38 2005 => File I:\NEU von CD\ICQ\icq98a130.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:18:39 2005 => File I:\NEU von CD\ImageWalker\imgwalk.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:18:39 2005 => File I:\NEU von CD\Kal-Kat-Quiz\SFVi00.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:18:47 2005 => File I:\NEU von CD\LabelDesignExpress\SETUP.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:20:20 2005 => File I:\NEU von CD\NetzStartDisk\EBD.CAB tagged as not-a-virus:Tool.DOS.Restart. No Action Taken.
Fri Jun 10 19:20:33 2005 => File I:\NEU von CD\Online\CuteFTP\cftp32.exe tagged as "not-a-virus:AdWare.TimeSink". Action Taken: No Action Taken.
Fri Jun 10 19:20:33 2005 => File I:\NEU von CD\Online\dmpro302.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:20:34 2005 => File I:\NEU von CD\Online\Email-Handy\dmail160.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:20:35 2005 => File I:\NEU von CD\Online\Email-Handy\dmpro132.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:21:09 2005 => File I:\NEU von CD\Online\Opera 3.50\o350de32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:21:19 2005 => File I:\NEU von CD\Online\Webstripper\wbs1.exe tagged as "not-a-virus:AdWare.Aureate.a". Action Taken: No Action Taken.
Fri Jun 10 19:21:20 2005 => File I:\NEU von CD\Opera 3.50\o350de32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:21:20 2005 => File I:\NEU von CD\OutlookExpressmanager\oeman2.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:21:20 2005 => File I:\NEU von CD\OutlookExpressmanager\oemanu.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:21:27 2005 => File I:\NEU von CD\Photokopierer\cp.exe tagged as "not-a-virus:AdWare.TimeSinc". Action Taken: No Action Taken.
Fri Jun 10 19:21:33 2005 => File I:\NEU von CD\Screensaver\clinton.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:21:33 2005 => File I:\NEU von CD\Screensaver\Kamasut.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:21:53 2005 => File I:\NEU von CD\Spiele\Billard\poolsetup - Billard-Spiel.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:21:53 2005 => File I:\NEU von CD\Spiele\Billard\poolsetup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:22:56 2005 => File I:\NEU von CD\Spiele\Dart\dartsetup - Dart-Spiel.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:22:57 2005 => File I:\NEU von CD\Spiele\Dart\dartsetup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:25:44 2005 => File I:\NEU von CD\Spiele\dxball17.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:25:49 2005 => File I:\NEU von CD\Spiele\Elfen-Bowling\SuperEB_install_22.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:26:02 2005 => File I:\NEU von CD\Spiele\Flipper\pinsetup - Flipper-Spiel.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:26:03 2005 => File I:\NEU von CD\Spiele\Flipper\pinsetup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:27:23 2005 => File I:\NEU von CD\Spiele\Memory\memov100.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:27:24 2005 => File I:\NEU von CD\Spiele\Memory2\memov100.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:30:09 2005 => File I:\NEU von CD\Spiele\Stellwerksimulation\setuphsw.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:30:34 2005 => File I:\NEU von CD\Spiele\Weihnacht\Screensaver\winterliche Diashow\winterinst.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
Fri Jun 10 19:30:36 2005 => File I:\NEU von CD\Spiele\Weihnacht\Screensaver\wintersw.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:30:36 2005 => File I:\NEU von CD\Spiele\Weihnacht\Spiele\Elfen-Bowling\SuperEB_install_22.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:31:05 2005 => File I:\NEU von CD\SpruchLexikon\spruchlx.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:31:22 2005 => File I:\NEU von CD\Tools\back32.zip\SETUP32.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:32:24 2005 => File I:\NEU von CD\Updates\OutlookExpressmanager\oeman2.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:32:24 2005 => File I:\NEU von CD\Updates\OutlookExpressmanager\oemanu.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:32:29 2005 => File I:\NEU von CD\Updates\T-Online\TO-Update 2.05-09.98\to20upd5.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 19:42:58 2005 => File J:\Downloads2\Tools\verhindert Installationen\X-Stop.z.exe tagged as not-a-virus:Tool.VBS.X-Stop. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Fri Jun 10 19:46:37 2005 => Total Virus(es) Found: 656
Fri Jun 10 19:46:37 2005 => Total Errors: 273
Fri Jun 10 19:46:37 2005 => Time Elapsed: 06:47:46
Fri Jun 10 19:46:37 2005 => Total Objects Scanned: 671802
Fri Jun 10 12:51:34 2005 => Virus Database Date: 2005/06/09
Fri Jun 10 19:46:37 2005 => Virus Database Date: 2005/06/09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~
Seitenanfang Seitenende
12.06.2005, 00:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@bennyf

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {2A5D80E2-4EE2-47AD-FEB2-73CBFF84A720} - C:\WINDOWS\javagw32.dll
O2 - BHO: Class - {8B818F6C-9632-19DE-8680-233C397A97AD} - C:\WINDOWS\system32\iewi.dll
O4 - HKLM\..\Run: [sdkml32.exe] C:\WINDOWS\sdkml32.exe

PC neustarten

•KillBox
http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\wxitqv.dat
C:\WINDOWS\pgsxfi.dat
C:\WINDOWS\sdkml32.exe
C:\WINDOWS\javagw32.dll
C:\WINDOWS\system32\iewi.dll
C:\WINDOWS\system32\iejs.exe
C:\WINDOWS\vgrmpv.txt
C:\WINDOWS\fivflh.txt
C:\WINDOWS\xpnwsy.dat
C:\WINDOWS\xatqdb.dat
C:\WINDOWS\crte.dll
C:\WINDOWS\ttoavi.dat
C:\WINDOWS\btwnby.log
C:\WINDOWS\vjqzst.txt
C:\WINDOWS\nkjeuv.txt
C:\WINDOWS\qeuxhp.dat
C:\WINDOWS\uxmkxz.dat
C:\WINDOWS\rhnucv.dat
C:\WINDOWS\ngwomm.dat
C:\WINDOWS\xugogr.dat
C:\WINDOWS\avrhcm.txt
C:\WINDOWS\leukxi.txt
C:\WINDOWS\wgxvtv.log
C:\WINDOWS\swngma.dat
C:\WINDOWS\tptawd.dat
C:\WINDOWS\wfrrrh.dat
C:\WINDOWS\qgpprx.dat
C:\WINDOWS\cqacjq.dat
C:\WINDOWS\nslvgd.dat
C:\WINDOWS\cxoncw.dat
C:\WINDOWS\cptpmz.dat
C:\WINDOWS\vizjpc.dat
C:\WINDOWS\vydlbm.dat
C:\WINDOWS\kpbpte.dat
C:\WINDOWS\mkzfro.dat
C:\WINDOWS\ndfhbr.dat
C:\WINDOWS\lyltir.dat
C:\WINDOWS\tqclrt.txt
C:\WINDOWS\lrvztw.txt
C:\WINDOWS\pmevxh.txt
C:\WINDOWS\sghftc.log
C:\WINDOWS\ifwars.txt
C:\WINDOWS\lhotrw.log
C:\WINDOWS\dzhhlg.log
C:\WINDOWS\system32\old-mfcnn.dlx
C:\WINDOWS\wxitqv.dat
C:\WINDOWS\pgsxfi.dat
C:\WINDOWS\vgrmpv.txt
C:\WINDOWS\fivflh.txt
C:\WINDOWS\vgrmpv.txt
C:\WINDOWS\fivflh.txt
C:\WINDOWS\xpnwsy.dat
C:\WINDOWS\xatqdb.dat
C:\WINDOWS\btwnby.log
C:\WINDOWS\vjqzst.txt
C:\WINDOWS\nkjeuv.txt
C:\WINDOWS\qeuxhp.dat
C:\WINDOWS\uxmkxz.dat
C:\WINDOWS\rhnucv.dat
C:\WINDOWS\ngwomm.dat
C:\WINDOWS\xugogr.dat
C:\WINDOWS\avrhcm.txt
C:\WINDOWS\leukxi.txt
C:\WINDOWS\wgxvtv.log
C:\WINDOWS\swngma.dat
C:\WINDOWS\tptawd.dat
C:\WINDOWS\wfrrrh.dat
C:\WINDOWS\qgpprx.dat
C:\WINDOWS\cqacjq.dat
C:\WINDOWS\nslvgd.dat
C:\WINDOWS\cxoncw.dat
C:\WINDOWS\cptpmz.dat
C:\WINDOWS\vizjpc.dat
C:\WINDOWS\vydlbm.dat
C:\WINDOWS\kpbpte.dat
C:\WINDOWS\mkzfro.dat
C:\WINDOWS\ndfhbr.dat
C:\WINDOWS\lyltir.dat
C:\WINDOWS\tqclrt.txt
C:\WINDOWS\lrvztw.txt
C:\WINDOWS\pmevxh.txt
C:\WINDOWS\sghftc.log
C:\WINDOWS\ifwars.txt
C:\WINDOWS\lhotrw.log
C:\WINDOWS\dzhhlg.log
C:\WINDOWS\System32\unregister.exe
C:\Downloads\Media\Screensaver\waterfree.exe
C:\Downloads\Media\Wav-to-mp3\setupwavtomp3.exe
I:\Downloads\Treiber\Updates+Bugfixes für DSL\befaster.exe
I:\Downloads\Media\DivX\DivX5.03\DivXPro503GAINBun dle.exe
I:\Downloads\Media\Screensaver\LaetitiaCasta.exe
I:\Downloads\Media\Screensaver\waterfree.exe
I:\Downloads\Media\Wav-to-mp3\setupwavtomp3.exe
I:\Downloads\Mix\dcmsetup.zip
I:\Downloads\Mix\gags\fun\Bierkrug.zip
I:\Downloads\Mix\gags\fun\sheep.zip
I:\Downloads\Mix\pinsetup.exe
I:\Downloads\Mix\Screensaver\amazingsunset.exe
I:\Downloads\Mix\Screensaver\villagefree4.exe
I:\Downloads\Mix\Screensaver\WeihanchtsScreensaver \wintersw.exe
I:\Downloads\Mix\Sprüche&Zitate\Sprc00.EXE
I:\Downloads\Mix\xmp330at.exe


PC neustarten


C:\Downloads\Media\ <..loeschen
I:\Downloads\Mix\

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html



gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/virus/savemode.shtml
scanne dort mit allen Scannern, vor allem dem Antivirus )

mache zwei oder drei Onlinescans + berichte (wenn beim Panda eine Virenmeldung vom Antivirus kommt--> nicht beachten)
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
14.06.2005, 22:32
...neu hier

Themenstarter

Beiträge: 3
#3 Hallo Sabina
Hab Deinen Rat befolgt - händisch gelöscht - gescannt - gelöscht - gescannt mit Norton, Panda, Antivir6, escan, HiJackThis....jetzt ist Schluss mit Viren- und Trojanermeldungen, nur noch ein paar Fehlermeldungen (kannst Du mir hier auch noch nen Tip geben, wie ich die auch noch weg bekomme?)
Den Norton hab ich gelöscht und mir AntiVirenKit2005professional gekauft - der Systemscan läuft immer noch. Auf C hat er auch keine Viren mehr gefunden, dafür auf ner anderen Festplatte noch ein paar versteckte Viren in uralten Dateien (z.B. Mails) teils vom Jahr 2000 - die hat der Norton all die Jahre nie entdeckt und Antivir6 auch nicht - ist ja schon komisch.

Hier der Ausschnitt von escan:

Tue Jun 14 12:21:23 2005 => **********************************************************
Tue Jun 14 12:21:23 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Tue Jun 14 12:21:23 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Tue Jun 14 12:21:23 2005 =>
Tue Jun 14 12:21:23 2005 => Support: support@mwti.net
Tue Jun 14 12:21:23 2005 => Web: http://www.mwti.net
Tue Jun 14 12:21:23 2005 => **********************************************************
Tue Jun 14 12:21:23 2005 => Version 6.4.1 (C:\Bases_X\mwavscan.com)
Tue Jun 14 12:21:23 2005 => Log File: C:\Bases_X\MWAV.LOG
Tue Jun 14 12:21:23 2005 => User Account: Administrator
Tue Jun 14 12:21:23 2005 => Windows Root Folder: C:\WINDOWS
Tue Jun 14 12:21:23 2005 => Windows Sys32 Folder: C:\WINDOWS\System32
Tue Jun 14 12:21:23 2005 => OS: Windows NT
Tue Jun 14 12:21:23 2005 => Latest Date of files inside MWAV: 09 Jun 2005 07:04:52.

Tue Jun 14 12:21:23 2005 => Options Selected by User:
Tue Jun 14 12:21:23 2005 => Memory Check: Enabled
Tue Jun 14 12:21:23 2005 => Registry Check: Enabled
Tue Jun 14 12:21:23 2005 => StartUp Folder Check: Enabled
Tue Jun 14 12:21:23 2005 => System Folder Check: Enabled
Tue Jun 14 12:21:23 2005 => System Area Check: Disabled
Tue Jun 14 12:21:23 2005 => Services Check: Enabled
Tue Jun 14 12:21:23 2005 => Drive Check: Enabled
Tue Jun 14 12:21:23 2005 => All Drive Check ;)isabled
Tue Jun 14 12:21:23 2005 => Drive Selected = C:\
Tue Jun 14 12:21:23 2005 => Folder Check: Disabled

Tue Jun 14 12:21:23 2005 => ***** Scanning Memory Files *****
Tue Jun 14 12:21:27 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0

_x-ww_f7fb5805\comctl32.dll
Tue Jun 14 12:21:43 2005 => ***** Scanning Registry Files *****
Tue Jun 14 12:21:53 2005 => ***** Scanning StartUp Folders *****
Tue Jun 14 12:21:54 2005 => ***** Scanning Service Files *****
Tue Jun 14 12:21:56 2005 => ERROR!!! Invalid Entry C:\WINDOWS\System32\ImapiRox.exe in

SYSTEM\CurrentControlSet\Services\ImapiService...
Tue Jun 14 12:22:01 2005 => ERROR!!! Invalid Entry \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS in

SYSTEM\CurrentControlSet\Services\TVICHW32...
Tue Jun 14 12:22:02 2005 => ***** Scanning Registry and File system for Adware/Spyware *****

Tue Jun 14 12:22:06 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Tue Jun 14 12:22:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:

\WINDOWS\Downloaded Program Files\asinst.dll". Action Taken: No Action Taken.

Tue Jun 14 12:22:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:

\WINDOWS\Downloaded Program Files\ActiveData.dll". Action Taken: No Action Taken.

Tue Jun 14 12:22:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:

\WINDOWS\Downloaded Program Files\SymAData.dll". Action Taken: No Action Taken.

Tue Jun 14 12:22:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:

\WINDOWS\Downloaded Program Files\avsniff.dll". Action Taken: No Action Taken.

Tue Jun 14 12:22:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:

\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.

Tue Jun 14 12:22:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:

\WINDOWS\Downloaded Program Files\asinst.dll". Action Taken: No Action Taken.

Tue Jun 14 12:22:28 2005 => Entry "HKCR\CLSID\{000287CC-0000-0000-C000-000000000046}" refers to invalid object "apprclip.dll

". Action Taken: No Action Taken.

Tue Jun 14 12:22:39 2005 => Entry "HKCR\CLSID\{86FC1FD1-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "G:

\RUNTIME\rDxEmul.mom". Action Taken: No Action Taken.

Tue Jun 14 12:22:39 2005 => Entry "HKCR\CLSID\{86FC1FD3-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "G:

\RUNTIME\rDxEmul.mom". Action Taken: No Action Taken.

Tue Jun 14 12:22:41 2005 => Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll".

Action Taken: No Action Taken.

Tue Jun 14 12:22:42 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax".

Action Taken: No Action Taken.

Tue Jun 14 12:22:53 2005 => Entry "HKCR\Buzz.Document" refers to invalid object "{60ACE453-ED9E-11D0-A0F9-22D87E000000}".

Action Taken: No Action Taken.

Tue Jun 14 12:23:09 2005 => Entry "HKCR\VCDLayout.Document" refers to invalid object "{01668F03-0AC4-11CF-AB99-00C0F00683EB}

". Action Taken: No Action Taken.


Tue Jun 14 12:23:11 2005 => ***** Scanning System32 Folders *****
Tue Jun 14 12:25:30 2005 => ***** Scanning Drive C:\ *****
Seitenanfang Seitenende
14.06.2005, 22:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 das sind keine Viren mehr, sondern Eintraege in der Registry, die zwar noch da sind, aber ohne, dass die dateien dazu noch vorhanden sind.
Du kannst sie per Hand oder mit einem RegistryClaener loeschen oder lassen.
http://virus-protect.org/reinigungstoolsregistry.html

Mache folgendes:

Start--> Ausfuehren--> cmd--> kopiere nur die Eintraege der letzten 60 Tage raus

einzeln reinkopieren:

cd\
cd %windir%\system32
dir /a:-d /o:-d > %systemdrive%\system32.txt
start %systemdrive%\system32.txt
cls
exit

cd\
cd %temp%\
dir /a:-d /o:-d > %systemdrive%\systemtemp.txt
start %systemdrive%\systemtemp.txt
cls
exit

cd\
cd %windir%
dir /a:-d /o:-d > %systemdrive%\system.txt
start %systemdrive%\system.txt
cls
exit

cd\
dir /a:-d /o:-d > %systemdrive%\sys.txt
start %systemdrive%\sys.txt
cls
exit
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.06.2005, 20:14
...neu hier

Themenstarter

Beiträge: 3
#5 Merci Sabina - hast mir echt toll geholfen.
Viele Grüße
Benny
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: