Brauche Unterstützung bei: Backdoor.Nibu.L entfernen

#0
13.08.2005, 21:14
...neu hier

Beiträge: 10
#1 Hallo,

mein Norton AntiVirus gibt mir folgende Meldung: Backdoor.Nibu.L
im Objetkt C:\Windows\dvpd.dll


Wer kann mir hierbei helfen???!!!


Grüsse

Alex
Seitenanfang Seitenende
13.08.2005, 21:32
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@henry-der-3

Start -- Ausführen -- reinschreiben : cmd -- DOS wird sich öffnen

einzeln in das schwarze DOS-Fenster reinkopieren:

cd\
cd %windir%\system32
dir /a:-d /o:-d > %systemdrive%\system32.txt
start %systemdrive%\system32.txt
cls
exit

nun wird sich automatisch der Texteditor öffnen und alle Daten einzeigen, die sich auf dem PC befinden. Kopiere bitte nur die letzten 30 Tage raus.
Dann schliesse DOS und führe die gleiche Anweisungen aus für:


cd\
cd %temp%\
dir /a:-d /o:-d > %systemdrive%\systemtemp.txt
start %systemdrive%\systemtemp.txt
cls
exit

cd\
cd %windir%
dir /a:-d /o:-d > %systemdrive%\system.txt
start %systemdrive%\system.txt
cls
exit

cd\
dir /a:-d /o:-d > %systemdrive%\sys.txt
start %systemdrive%\sys.txt
cls
exit


Lade: rkfiles.zip
http://bilder.informationsarchiv.net/Nikitas_Tools/rkfiles.zip
-->entpacken-->
gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/virus/savemode.shtml
-->Doppelklick(Ausfuehren)-->rkfiles.bat--> warten bis sich
das DOS-Fenster schliesst (auch wenn es lange dauert und angezeigt wird, dass kein pfad zu finden sei... ,)--->poste C:\log.txt


HijackThis
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
-->None of the above,
just start the program --> Save--> Savelog -->es öffnet sich der
Editor -->
oder:
Do a system scan and save a logfile --> Save--> Savelog -->es öffnet sich der
Editor -->
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins
Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.08.2005, 20:14
...neu hier

Beiträge: 3
#3 Habe auch Virus Backdoor.Nibu.L auf meinem Rechner.

Hallo Sabina,
bin per Zufall auf Eure Seite gestossen. Habe Deine Anweisungen im Forum befolgt. Leider findet Norton AntiVirus den Virus immer noch, kann Ihn jedoch nicht löschen. Ich kenne mich leider nicht so gut mit PC`s aus.
Brauche Deine Hilfe. Die Logfiles von mir habe ich Dir beigefügt.
Gruss, Max (der verzweifelt ist)Tel. 0173 653 46 42

Logfile of HijackThis v1.99.1
Scan saved at 15:58:05, on 17.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\ASUS\Power4 Gear\BatteryLife.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\SM1BG.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\winldra.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\ASUS\ASUS Hotkey\Hotkey.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\VeriSign\NAVI\naviagent.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Hijack\HijackThis.exe
C:\Programme\Symantec\LiveUpdate\AUpdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsg-pfaffenwiesbach.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_1.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Programme\Free Downloads Accelerator\fdabar99.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Control Center] C:\Programme\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Hotkey.lnk = C:\Programme\ASUS\ASUS Hotkey\Hotkey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Programme\Free Downloads Accelerator\fdaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Optionen für i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_1.dll
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt2_x.cab
O16 - DPF: {00000000-5555-0704-0B53-2C8830E9FAEC} - http://install.questnet.de/soft/ieloader.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0765954c7e00f4c2ac19/netzip/RdxIE601_de.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.moviegroup.tv/activex/DownloadMgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\Software\..\Telephony: DomainName = workgroup
O17 - HKLM\System\CCS\Services\Tcpip\..\{2886AD63-EA9C-4B12-836E-9146441A1E2C}: NameServer = ,194.25.2.129
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = workgroup
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programme\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
Seitenanfang Seitenende
18.08.2005, 21:34
Member
Avatar Gool

Beiträge: 4730
#4 Ahh! Mein Freund
C:\WINDOWS\System32\winldra.exe

Fixe mit HijackThis (Häkchen setzen, "fix checked" klicken)
O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0765954c7e00f4c2ac19/netzip/RdxIE601_de.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.moviegroup.tv/activex/DownloadMgr.cab

Lade Dir Killbox, entpacke und starte es. Aktiviere "Delete on Reboot" und füge folgendes ein:

C:\WINDOWS\System32\winldra.exe

Bestätige alle Fragen mit YES - der PC wird neugestartet.

Lade Dir eScan und führe einen Scan durch, so wie auf der Seite beschrieben. Berichte uns davon.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
18.08.2005, 23:27
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5 mstr81

und scanne bitte auch mit diesem Tool:
Entfernungstool: Sunbelt-->poste bitte das Log vom Scan
http://research.sunbelt-software.com/ssaclean.cfm
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.08.2005, 22:33
...neu hier

Beiträge: 3
#6 Hallo Managor und Sabina,

vielen Dank für Eure Hilfe. Habe escan jetzt drüber laufen lassen. Hier ist das Scan-Ergebnis:
Muss ich alle Files löschen oder wie gehe ich jetzt vor ?

--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Sun Aug 21 20:51:34 2005 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken.
2: Sun Aug 21 21:02:12 2005 => Offending file found: C:\WINDOWS\gpinstall.exe
3: Sun Aug 21 21:02:12 2005 => System found infected with Conducent FlexPak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken.
4: Sun Aug 21 21:02:24 2005 => Offending file found: C:\DOKUME~1\GERHAR~1\LOKALE~1\Temp\insthelp.dll
5: Sun Aug 21 21:02:24 2005 => System found infected with RedV Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
6: Sun Aug 21 21:07:36 2005 => File C:\DOKUME~1\GERHAR~1\LOKALE~1\Temp\temp.fr28EC infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
7: Sun Aug 21 21:08:39 2005 => File C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\7BB8QTAS\2[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken.
8: Sun Aug 21 21:09:36 2005 => File C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\C4OEMJUN\3[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken.
9: Sun Aug 21 21:10:58 2005 => File C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\FESNZ1CT\2[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken.
10: Sun Aug 21 21:13:01 2005 => File C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\QPBWPC7Q\3[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken.
11: Sun Aug 21 21:28:10 2005 => File C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temp\temp.fr28EC infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
12: Sun Aug 21 21:28:55 2005 => File C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7BB8QTAS\2[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken.
13: Sun Aug 21 21:29:33 2005 => File C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C4OEMJUN\3[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken.
14: Sun Aug 21 21:30:31 2005 => File C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FESNZ1CT\2[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken.
15: Sun Aug 21 21:32:07 2005 => File C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QPBWPC7Q\3[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken.
16: Sun Aug 21 21:46:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\257634D7.dll infected by "Trojan-Downloader.Win32.Agent.gf" Virus! Action Taken: No Action Taken.
17: Sun Aug 21 21:46:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\264D458B.tmp infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
18: Sun Aug 21 21:46:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2FED6F5D.DLL infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
19: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3DC84BDD.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
20: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4D462C4E.tmp infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
21: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4E8C576D.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
22: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\56541DB0.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
23: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\62344E9F.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
24: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6EC47688.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
25: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7A4258C8.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
26: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7A625D74.DLL infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
27: Sun Aug 21 22:00:43 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP435\A0140148.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
28: Sun Aug 21 22:00:47 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140155.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
29: Sun Aug 21 22:00:48 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140161.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
30: Sun Aug 21 22:00:49 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140167.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
31: Sun Aug 21 22:00:52 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140195.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
32: Sun Aug 21 22:00:53 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140201.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
33: Sun Aug 21 22:00:54 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140207.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
34: Sun Aug 21 22:00:55 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140213.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
35: Sun Aug 21 22:01:40 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140324.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
36: Sun Aug 21 22:02:16 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140459.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
37: Sun Aug 21 22:02:17 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140469.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
38: Sun Aug 21 22:02:20 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP437\A0140475.exe infected by "Trojan-Downloader.Win32.Small.bgp" Virus! Action Taken: No Action Taken.
39: Sun Aug 21 22:02:20 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP437\A0142466.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
40: Sun Aug 21 22:02:22 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP437\A0142478.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
41: Sun Aug 21 22:02:47 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142743.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
42: Sun Aug 21 22:02:48 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142749.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
43: Sun Aug 21 22:02:49 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142755.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
44: Sun Aug 21 22:02:50 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142761.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
45: Sun Aug 21 22:02:53 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP440\A0142764.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
46: Sun Aug 21 22:02:54 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142771.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
47: Sun Aug 21 22:02:56 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142788.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
48: Sun Aug 21 22:02:57 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142794.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
49: Sun Aug 21 22:02:59 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142806.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
50: Sun Aug 21 22:03:00 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142814.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
51: Sun Aug 21 22:03:01 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142822.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
52: Sun Aug 21 22:03:02 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142828.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
53: Sun Aug 21 22:03:03 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142834.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
54: Sun Aug 21 22:03:04 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142840.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
55: Sun Aug 21 22:03:08 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP442\A0142847.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken.
56: Sun Aug 21 22:03:10 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP442\A0142852.exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Sun Aug 21 21:24:08 2005 => File C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\thomas\setupcdripper.exe tagged as "not-a-virus:AdWare.NavExcel.d". Action Taken: No Action Taken.
2: Sun Aug 21 21:40:35 2005 => File C:\Programme\GrandVirtual\World Wide Online Casino\cstart.exe tagged as "not-a-virus:AdWare.Casino.b". Action Taken: No Action Taken.
3: Sun Aug 21 21:46:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\129E596C.dll tagged as "not-a-virus:AdWare.WinAD.i". Action Taken: No Action Taken.
4: Sun Aug 21 21:46:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\25730ADB.exe tagged as "not-a-virus:AdWare.Relevance.a". Action Taken: No Action Taken.
5: Sun Aug 21 21:46:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\257634D7.exe tagged as "not-a-virus:AdWare.SaveNow.z". Action Taken: No Action Taken.
6: Sun Aug 21 21:46:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\311740AC.exe tagged as "not-a-virus:porn-Dialer.Win32.ALifeDialer". Action Taken: No Action Taken.
7: Sun Aug 21 21:46:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\311A6AA8.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.
8: Sun Aug 21 21:46:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\311D14A4.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.
9: Sun Aug 21 21:46:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\311D14A4.exe tagged as "not-a-virus:AdWare.NavExcel.i". Action Taken: No Action Taken.
10: Sun Aug 21 21:46:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\31213EA1.exe tagged as "not-a-virus:AdWare.WinAD.ac". Action Taken: No Action Taken.
11: Sun Aug 21 21:46:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\31213EA1.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
12: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3124689D.dll tagged as "not-a-virus:AdWare.WinAD.ac". Action Taken: No Action Taken.
13: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3124689D.exe tagged as "not-a-virus:AdWare.WinAD.ab". Action Taken: No Action Taken.
14: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3127129A.dll tagged as "not-a-virus:AdWare.WinAD.w". Action Taken: No Action Taken.
15: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\312A3C96.exe tagged as "not-a-virus:AdWare.WinAD.f". Action Taken: No Action Taken.
16: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\33770A3D.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.
17: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\41463F6E.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.
18: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5BC11993.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.
19: Sun Aug 21 21:46:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7B7D616F.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.
20: Sun Aug 21 21:50:45 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP389\A0129164.dll tagged as not-a-virus;)ownloader.Win32.SpyGame. No Action Taken.
21: Sun Aug 21 22:02:35 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142632.exe tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.
22: Sun Aug 21 22:02:35 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142633.EXE tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.
23: Sun Aug 21 22:02:41 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142704.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
24: Sun Aug 21 22:02:42 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142705.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
25: Sun Aug 21 22:02:42 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142706.DLL tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
26: Sun Aug 21 22:02:42 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142707.dll tagged as "not-a-virus:AdWare.Gator.3124". Action Taken: No Action Taken.
27: Sun Aug 21 22:02:42 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142708.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
28: Sun Aug 21 22:02:43 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142709.DLL tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
29: Sun Aug 21 22:02:43 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142710.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
30: Sun Aug 21 22:02:43 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142711.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
31: Sun Aug 21 22:02:43 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142712.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
32: Sun Aug 21 22:02:43 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142713.DLL tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
33: Sun Aug 21 22:02:44 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142714.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Sun Aug 21 21:02:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
2: Sun Aug 21 21:02:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\inotes6.dll". Action Taken: No Action Taken.
3: Sun Aug 21 21:02:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaPassX.dll". Action Taken: No Action Taken.
4: Sun Aug 21 21:02:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
5: Sun Aug 21 21:02:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll". Action Taken: No Action Taken.
6: Sun Aug 21 21:02:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WMDownload.dll". Action Taken: No Action Taken.
7: Sun Aug 21 21:02:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
8: Sun Aug 21 21:02:51 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WMDownload.dll". Action Taken: No Action Taken.
9: Sun Aug 21 21:02:56 2005 => Entry "HKCR\CLSID\{16F2BD88-1F70-4D0F-94E0-3BC04427774C}" refers to invalid object "C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\Laura\Andreas\viren\CCleaner\CCListView.ocx". Action Taken: No Action Taken.
10: Sun Aug 21 21:03:04 2005 => Entry "HKCR\CLSID\{7CDBCF20-E412-46AA-A433-E44FC9F39022}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\EACCEL~1\dware.dll". Action Taken: No Action Taken.
11: Sun Aug 21 21:03:04 2005 => Entry "HKCR\CLSID\{7E752AAA-5A32-40AD-B150-4A2E85768E4D}" refers to invalid object "D:\BIN\WIN32\omgdwrap.dll". Action Taken: No Action Taken.
12: Sun Aug 21 21:03:07 2005 => Entry "HKCR\CLSID\{9C6487A8-2DC6-414E-A917-CFD4EA03A94B}" refers to invalid object "C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\Laura\Andreas\viren\CCleaner\CCTab.ocx". Action Taken: No Action Taken.
13: Sun Aug 21 21:03:09 2005 => Entry "HKCR\CLSID\{B171AC80-E642-441F-8FBB-46E1181779A9}" refers to invalid object "C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\Laura\Andreas\viren\CCleaner\CCTreeView.ocx". Action Taken: No Action Taken.
14: Sun Aug 21 21:03:10 2005 => Entry "HKCR\CLSID\{BFE89110-18C5-4537-AC21-BE14F8C9CE47}" refers to invalid object "C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\Laura\Andreas\viren\CCleaner\CCSubtimer.dll". Action Taken: No Action Taken.
15: Sun Aug 21 21:03:13 2005 => Entry "HKCR\CLSID\{D95DEB2F-4A47-467C-A78B-5D3038D089D5}" refers to invalid object "D:\BIN\WIN32\omgdbp.ocx". Action Taken: No Action Taken.
16: Sun Aug 21 21:03:13 2005 => Entry "HKCR\CLSID\{D96DCFF2-AF64-4156-81E3-5C892A643BB1}" refers to invalid object "C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\Laura\Andreas\viren\CCleaner\CCSubtimer.dll". Action Taken: No Action Taken.
17: Sun Aug 21 21:03:22 2005 => Entry "HKCR\CmdLineExt.CmdLineContextMenu" refers to invalid object "{9869EFB4-18E9-11D3-A837-00104B9E30B5}". Action Taken: No Action Taken.
18: Sun Aug 21 21:03:22 2005 => Entry "HKCR\CmdLineExt.CmdLineContextMenu.1" refers to invalid object "{9869EFB4-18E9-11D3-A837-00104B9E30B5}". Action Taken: No Action Taken.
19: Sun Aug 21 21:03:29 2005 => Entry "HKCR\MediaPassX.Installer" refers to invalid object "{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}". Action Taken: No Action Taken.
20: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Aconti.zip is Not Scanned
21: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip is Not Scanned
22: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Altnet.zip is Not Scanned
23: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Altnet1.zip is Not Scanned
24: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ConnectMFCApplication.zip is Not Scanned
25: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp.zip is Not Scanned
26: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip is Not Scanned
27: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp2.zip is Not Scanned
28: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration.zip is Not Scanned
29: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration1.zip is Not Scanned
30: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration10.zip is Not Scanned
31: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration11.zip is Not Scanned
32: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration12.zip is Not Scanned
33: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration13.zip is Not Scanned
34: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration14.zip is Not Scanned
35: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration2.zip is Not Scanned
36: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration3.zip is Not Scanned
37: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration4.zip is Not Scanned
38: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration5.zip is Not Scanned
39: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration6.zip is Not Scanned
40: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration8.zip is Not Scanned
41: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration9.zip is Not Scanned
42: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\eGroupInstantAccess.zip is Not Scanned
43: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy.zip is Not Scanned
44: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy1.zip is Not Scanned
45: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator.zip is Not Scanned
46: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator1.zip is Not Scanned
47: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator2.zip is Not Scanned
48: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MyWayMyBar.zip is Not Scanned
49: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MyWayMyBar1.zip is Not Scanned
50: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MyWayMyBar2.zip is Not Scanned
51: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MyWayMyBar3.zip is Not Scanned
52: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\OneBill.zip is Not Scanned
53: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\OneBill1.zip is Not Scanned

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\DOKUME~1\GERHAR~1\LOKALE~1\Temp\temp.fr28EC => Backdoor.Win32.Dumador.dg
2: C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\7BB8QTAS\2[1].exe => Backdoor.Win32.Dumador.do
3: C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\C4OEMJUN\3[1].exe => Backdoor.Win32.Dumador.do
4: C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\FESNZ1CT\2[1].exe => Backdoor.Win32.Dumador.do
5: C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\QPBWPC7Q\3[1].exe => Backdoor.Win32.Dumador.do
6: C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temp\temp.fr28EC => Backdoor.Win32.Dumador.dg
7: C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7BB8QTAS\2[1].exe => Backdoor.Win32.Dumador.do
8: C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C4OEMJUN\3[1].exe => Backdoor.Win32.Dumador.do
9: C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FESNZ1CT\2[1].exe => Backdoor.Win32.Dumador.do
10: C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QPBWPC7Q\3[1].exe => Backdoor.Win32.Dumador.do
11: C:\Programme\Norton AntiVirus\Quarantine\257634D7.dll => Trojan-Downloader.Win32.Agent.gf
12: C:\Programme\Norton AntiVirus\Quarantine\264D458B.tmp => Email-Worm.Win32.NetSky.d
13: C:\Programme\Norton AntiVirus\Quarantine\2FED6F5D.DLL => Backdoor.Win32.Dumador.dg
14: C:\Programme\Norton AntiVirus\Quarantine\3DC84BDD.dll => Backdoor.Win32.Dumador.dg
15: C:\Programme\Norton AntiVirus\Quarantine\4D462C4E.tmp => Email-Worm.Win32.Sober.i
16: C:\Programme\Norton AntiVirus\Quarantine\4E8C576D.dll => Backdoor.Win32.Dumador.dg
17: C:\Programme\Norton AntiVirus\Quarantine\56541DB0.dll => Backdoor.Win32.Dumador.dg
18: C:\Programme\Norton AntiVirus\Quarantine\62344E9F.dll => Backdoor.Win32.Dumador.dg
19: C:\Programme\Norton AntiVirus\Quarantine\6EC47688.dll => Backdoor.Win32.Dumador.dg
20: C:\Programme\Norton AntiVirus\Quarantine\7A4258C8.dll => Backdoor.Win32.Dumador.dg
21: C:\Programme\Norton AntiVirus\Quarantine\7A625D74.DLL => Backdoor.Win32.Dumador.dg
22: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP389\A0129164.dll => tagged;)ownloader.Win32.SpyGame.
23: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP435\A0140148.dll => Backdoor.Win32.Dumador.dg
24: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140155.dll => Backdoor.Win32.Dumador.dg
25: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140161.dll => Backdoor.Win32.Dumador.dg
26: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140167.dll => Backdoor.Win32.Dumador.dg
27: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140195.dll => Backdoor.Win32.Dumador.dg
28: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140201.dll => Backdoor.Win32.Dumador.dg
29: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140207.dll => Backdoor.Win32.Dumador.dg
30: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140213.dll => Backdoor.Win32.Dumador.dg
31: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140324.dll => Backdoor.Win32.Dumador.dg
32: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140459.dll => Backdoor.Win32.Dumador.dg
33: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140469.dll => Backdoor.Win32.Dumador.dg
34: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP437\A0140475.exe => Trojan-Downloader.Win32.Small.bgp
35: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP437\A0142466.dll => Backdoor.Win32.Dumador.dg
36: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP437\A0142478.dll => Backdoor.Win32.Dumador.dg
37: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142743.dll => Backdoor.Win32.Dumador.dg
38: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142749.dll => Backdoor.Win32.Dumador.dg
39: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142755.dll => Backdoor.Win32.Dumador.dg
40: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142761.dll => Backdoor.Win32.Dumador.dg
41: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP440\A0142764.dll => Backdoor.Win32.Dumador.dg
42: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142771.dll => Backdoor.Win32.Dumador.dg
43: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142788.dll => Backdoor.Win32.Dumador.dg
44: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142794.dll => Backdoor.Win32.Dumador.dg
45: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142806.dll => Backdoor.Win32.Dumador.dg
46: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142814.dll => Backdoor.Win32.Dumador.dg
47: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142822.dll => Backdoor.Win32.Dumador.dg
48: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142828.dll => Backdoor.Win32.Dumador.dg
49: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142834.dll => Backdoor.Win32.Dumador.dg
50: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142840.dll => Backdoor.Win32.Dumador.dg
51: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP442\A0142847.dll => Backdoor.Win32.Dumador.dg
52: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP442\A0142852.exe => Backdoor.Win32.Dumador.do

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Sun Aug 21 22:19:25 2005 => Total Objects Scanned: 95745
Sun Aug 21 22:19:25 2005 => Total Virus(es) Found: 101
Sun Aug 21 22:19:25 2005 => Total Errors: 53
Sun Aug 21 22:19:25 2005 => Virus Database Date: 2005/08/19
Sun Aug 21 22:19:25 2005 => Virus Database Count: 144368
Sun Aug 21 22:22:21 2005 => Total Objects Scanned: 95745
Sun Aug 21 22:22:21 2005 => Total Virus(es) Found: 101
Sun Aug 21 22:22:21 2005 => Total Errors: 53


Gruss und Danke,
Max / Tel. 0173 653 46 42
Seitenanfang Seitenende
22.08.2005, 00:37
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#7 Hallo@mstr81

nun starte den PC neu...beim Booten sollte die Malware geloescht werden.

loeschen:
C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\thomas\setupcdripper.exe
C:\Programme\GrandVirtual\World Wide Online Casino\cstart.exe t

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html

Da aber ein Virenscanner nie alles findet... ;)
Arbeite das bitte ab.
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.08.2005, 14:50
...neu hier

Beiträge: 3
#8 Hallo Sabina,

"nun starte den PC neu...beim Booten sollte die Malware geloescht werden."

Was bedeutet Malware ?? Habe diesen Begriff noch nicht gehört.
Wie lösche ich diese Malware oder geht das automatisch ??

Soll ich danach alle gefunden Files von escan löschen oder nur die beiden:
C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\thomas\setupcdripper.exe
C:\Programme\GrandVirtual\World Wide Online Casino\cstart.exe t ??

Gruss, Max
Seitenanfang Seitenende
22.08.2005, 15:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#9

Zitat

mstr81 postete
Hallo Sabina,

"nun starte den PC neu...beim Booten sollte die Malware geloescht werden."

Was bedeutet Malware ?? Habe diesen Begriff noch nicht gehört.
Wie lösche ich diese Malware oder geht das automatisch ??

Soll ich danach alle gefunden Files von escan löschen oder nur die beiden:
C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\thomas\setupcdripper.exe
C:\Programme\GrandVirtual\World Wide Online Casino\cstart.exe

Gruss, Max
Malware bedeutet alles, was "schlecht, boese" ist, also Viren, Spyware usw.

alle gefunden Files von escan löschen + die beiden:LOESCHEN:
C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\thomas\setupcdripper.exe
C:\Programme\GrandVirtual\World Wide Online Casino\cstart.exe

und dann arbeite auch ab:
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
26.08.2005, 10:17
Member

Beiträge: 23
#10 Hey ich hab das selbe Problem. Ich poste einfach mal die log:

Logfile of HijackThis v1.99.1
Scan saved at 10:14:27, on 26.08.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\WINDOWS\helper.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Andre\Desktop\hijackthis\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.odins.de.tt/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O1 - Hosts: 81.169.139.226 l2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {6DA975EA-CBB4-411B-97C0-DB0A892BF2C1} - C:\WINDOWS\System32\oovozeh.dll (file missing)
O2 - BHO: (no name) - {7C420EE3-142B-5FE8-0D8C-850F91BDA818} - C:\WINDOWS\System32\gatekeo.dll
O2 - BHO: (no name) - {90148C6B-DF21-CEF1-506C-6FD3CF1C52D3} - C:\WINDOWS\winscard.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [load32] C:\WINDOWS\system32\winldra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121505564698
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O21 - SSODL: Network.ConnectionTray - {5AA4B278-B9EF-661E-9629-225A94A4B944} - C:\WINDOWS\help\agt0415.hlp
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

kommt im Prinzip das selbe wie bei ihm oben mit der winldra.exe.

Ich hoffe ihr könnt mir genauso helfen ;)

log von SSA Cleaner:


SSA Keylogger Cleaner Log
(c) Sunbelt Software Inc. 2005
www.sunbelt-software.com

Scan Running Processes:


Scanning For Trojan Files:

Searching for SSA files:
C:
C:\WINDOWS
Delete file: netdx.dat
Delete file: cmdid.dat
Delete file: prntc.log
C:\WINDOWS\System
C:\WINDOWS\temp
Delete file: fe43e701.htm
C:\Program Files\Internet Explorer\SHTTP

Cleaning HOSTS file:

127.0.0.1 www.trendmicro.com stripped from HOSTS file.
127.0.0.1 trendmicro.com stripped from HOSTS file.
127.0.0.1 rads.mcafee.com stripped from HOSTS file.
127.0.0.1 us.mcafee.com stripped from HOSTS file.
127.0.0.1 www.nai.com stripped from HOSTS file.
127.0.0.1 nai.com stripped from HOSTS file.
127.0.0.1 secure.nai.com stripped from HOSTS file.
127.0.0.1 dispatch.mcafee.com stripped from HOSTS file.
127.0.0.1 download.mcafee.com stripped from HOSTS file.
127.0.0.1 www.my-etrust.com stripped from HOSTS file.
127.0.0.1 my-etrust.com stripped from HOSTS file.
127.0.0.1 mast.mcafee.com stripped from HOSTS file.
127.0.0.1 ca.com stripped from HOSTS file.
127.0.0.1 www.ca.com stripped from HOSTS file.
127.0.0.1 networkassociates.com stripped from HOSTS file.
127.0.0.1 www.networkassociates.com stripped from HOSTS file.
127.0.0.1 avp.com stripped from HOSTS file.
127.0.0.1 www.kaspersky.com stripped from HOSTS file.
127.0.0.1 www.avp.com stripped from HOSTS file.
127.0.0.1 kaspersky.com stripped from HOSTS file.
127.0.0.1 www.f-secure.com stripped from HOSTS file.
127.0.0.1 f-secure.com stripped from HOSTS file.
127.0.0.1 viruslist.com stripped from HOSTS file.
127.0.0.1 www.viruslist.com stripped from HOSTS file.
127.0.0.1 mcafee.com stripped from HOSTS file.
127.0.0.1 www.mcafee.com stripped from HOSTS file.
127.0.0.1 sophos.com stripped from HOSTS file.
127.0.0.1 www.sophos.com stripped from HOSTS file.
127.0.0.1 us.mcafee.com/root/ stripped from HOSTS file.
127.0.0.1 www.trendmicro.com stripped from HOSTS file.
127.0.0.1 trendmicro.com stripped from HOSTS file.
127.0.0.1 rads.mcafee.com stripped from HOSTS file.
127.0.0.1 us.mcafee.com stripped from HOSTS file.
127.0.0.1 www.nai.com stripped from HOSTS file.
127.0.0.1 nai.com stripped from HOSTS file.
127.0.0.1 secure.nai.com stripped from HOSTS file.
127.0.0.1 dispatch.mcafee.com stripped from HOSTS file.
127.0.0.1 download.mcafee.com stripped from HOSTS file.
127.0.0.1 www.my-etrust.com stripped from HOSTS file.
127.0.0.1 my-etrust.com stripped from HOSTS file.
127.0.0.1 mast.mcafee.com stripped from HOSTS file.
127.0.0.1 ca.com stripped from HOSTS file.
127.0.0.1 www.ca.com stripped from HOSTS file.
127.0.0.1 networkassociates.com stripped from HOSTS file.
127.0.0.1 www.networkassociates.com stripped from HOSTS file.
127.0.0.1 avp.com stripped from HOSTS file.
127.0.0.1 www.kaspersky.com stripped from HOSTS file.
127.0.0.1 www.avp.com stripped from HOSTS file.
127.0.0.1 kaspersky.com stripped from HOSTS file.
127.0.0.1 www.f-secure.com stripped from HOSTS file.
127.0.0.1 f-secure.com stripped from HOSTS file.
127.0.0.1 viruslist.com stripped from HOSTS file.
127.0.0.1 www.viruslist.com stripped from HOSTS file.
127.0.0.1 mcafee.com stripped from HOSTS file.
127.0.0.1 www.mcafee.com stripped from HOSTS file.
127.0.0.1 sophos.com stripped from HOSTS file.
127.0.0.1 www.sophos.com stripped from HOSTS file.
127.0.0.1 us.mcafee.com/root/ stripped from HOSTS file.
127.0.0.1 www.trendmicro.com stripped from HOSTS file.
127.0.0.1 trendmicro.com stripped from HOSTS file.
127.0.0.1 rads.mcafee.com stripped from HOSTS file.
127.0.0.1 us.mcafee.com stripped from HOSTS file.
127.0.0.1 www.nai.com stripped from HOSTS file.
127.0.0.1 nai.com stripped from HOSTS file.
127.0.0.1 secure.nai.com stripped from HOSTS file.
127.0.0.1 dispatch.mcafee.com stripped from HOSTS file.
127.0.0.1 download.mcafee.com stripped from HOSTS file.
127.0.0.1 www.my-etrust.com stripped from HOSTS file.
127.0.0.1 my-etrust.com stripped from HOSTS file.
127.0.0.1 mast.mcafee.com stripped from HOSTS file.
127.0.0.1 ca.com stripped from HOSTS file.
127.0.0.1 www.ca.com stripped from HOSTS file.
127.0.0.1 networkassociates.com stripped from HOSTS file.
127.0.0.1 www.networkassociates.com stripped from HOSTS file.
127.0.0.1 avp.com stripped from HOSTS file.
127.0.0.1 www.kaspersky.com stripped from HOSTS file.
127.0.0.1 www.avp.com stripped from HOSTS file.
127.0.0.1 kaspersky.com stripped from HOSTS file.
127.0.0.1 www.f-secure.com stripped from HOSTS file.
127.0.0.1 f-secure.com stripped from HOSTS file.
127.0.0.1 viruslist.com stripped from HOSTS file.
127.0.0.1 www.viruslist.com stripped from HOSTS file.
127.0.0.1 mcafee.com stripped from HOSTS file.
127.0.0.1 www.mcafee.com stripped from HOSTS file.
127.0.0.1 sophos.com stripped from HOSTS file.
127.0.0.1 www.sophos.com stripped from HOSTS file.
127.0.0.1 us.mcafee.com/root/ stripped from HOSTS file.
127.0.0.1 www.trendmicro.com stripped from HOSTS file.
127.0.0.1 trendmicro.com stripped from HOSTS file.
127.0.0.1 rads.mcafee.com stripped from HOSTS file.
127.0.0.1 us.mcafee.com stripped from HOSTS file.
127.0.0.1 www.nai.com stripped from HOSTS file.
127.0.0.1 nai.com stripped from HOSTS file.
127.0.0.1 secure.nai.com stripped from HOSTS file.
127.0.0.1 dispatch.mcafee.com stripped from HOSTS file.
127.0.0.1 download.mcafee.com stripped from HOSTS file.
127.0.0.1 www.my-etrust.com stripped from HOSTS file.
127.0.0.1 my-etrust.com stripped from HOSTS file.
127.0.0.1 mast.mcafee.com stripped from HOSTS file.
127.0.0.1 ca.com stripped from HOSTS file.
127.0.0.1 www.ca.com stripped from HOSTS file.
127.0.0.1 networkassociates.com stripped from HOSTS file.
127.0.0.1 www.networkassociates.com stripped from HOSTS file.
127.0.0.1 avp.com stripped from HOSTS file.
127.0.0.1 www.kaspersky.com stripped from HOSTS file.
127.0.0.1 www.avp.com stripped from HOSTS file.
127.0.0.1 kaspersky.com stripped from HOSTS file.
127.0.0.1 www.f-secure.com stripped from HOSTS file.
127.0.0.1 f-secure.com stripped from HOSTS file.
127.0.0.1 viruslist.com stripped from HOSTS file.
127.0.0.1 www.viruslist.com stripped from HOSTS file.
127.0.0.1 mcafee.com stripped from HOSTS file.
127.0.0.1 www.mcafee.com stripped from HOSTS file.
127.0.0.1 sophos.com stripped from HOSTS file.
127.0.0.1 www.sophos.com stripped from HOSTS file.
127.0.0.1 us.mcafee.com/root/ stripped from HOSTS file.
127.0.0.1 www.trendmicro.com stripped from HOSTS file.
127.0.0.1 trendmicro.com stripped from HOSTS file.
127.0.0.1 rads.mcafee.com stripped from HOSTS file.
127.0.0.1 customer.symantec.com stripped from HOSTS file.
127.0.0.1 liveupdate.symantec.com stripped from HOSTS file.
127.0.0.1 us.mcafee.com stripped from HOSTS file.
127.0.0.1 updates.symantec.com stripped from HOSTS file.
127.0.0.1 update.symantec.com stripped from HOSTS file.
127.0.0.1 www.nai.com stripped from HOSTS file.
127.0.0.1 nai.com stripped from HOSTS file.
127.0.0.1 secure.nai.com stripped from HOSTS file.
127.0.0.1 dispatch.mcafee.com stripped from HOSTS file.
127.0.0.1 download.mcafee.com stripped from HOSTS file.
127.0.0.1 www.my-etrust.com stripped from HOSTS file.
127.0.0.1 my-etrust.com stripped from HOSTS file.
127.0.0.1 mast.mcafee.com stripped from HOSTS file.
127.0.0.1 ca.com stripped from HOSTS file.
127.0.0.1 www.ca.com stripped from HOSTS file.
127.0.0.1 networkassociates.com stripped from HOSTS file.
127.0.0.1 www.networkassociates.com stripped from HOSTS file.
127.0.0.1 avp.com stripped from HOSTS file.
127.0.0.1 www.kaspersky.com stripped from HOSTS file.
127.0.0.1 www.avp.com stripped from HOSTS file.
127.0.0.1 kaspersky.com stripped from HOSTS file.
127.0.0.1 www.f-secure.com stripped from HOSTS file.
127.0.0.1 f-secure.com stripped from HOSTS file.
127.0.0.1 viruslist.com stripped from HOSTS file.
127.0.0.1 www.viruslist.com stripped from HOSTS file.
127.0.0.1 liveupdate.symantecliveupdate.com stripped from HOSTS file.
127.0.0.1 mcafee.com stripped from HOSTS file.
127.0.0.1 www.mcafee.com stripped from HOSTS file.
127.0.0.1 sophos.com stripped from HOSTS file.
127.0.0.1 www.sophos.com stripped from HOSTS file.
127.0.0.1 symantec.com stripped from HOSTS file.
127.0.0.1 securityresponse.symantec.com stripped from HOSTS file.
127.0.0.1 us.mcafee.com/root/ stripped from HOSTS file.
127.0.0.1 www.symantec.com stripped from HOSTS file.

Cleaning Registry.
Deleted Reg Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\load32
Deleted Reg Key: Software\SARS

Keylogger Found
The SSA keylogger has been removed from your system.
Dieser Beitrag wurde am 26.08.2005 um 10:36 Uhr von FresH editiert.
Seitenanfang Seitenende
26.08.2005, 12:46
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#11 Hallo@FresH

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

O2 - BHO: (no name) - {6DA975EA-CBB4-411B-97C0-DB0A892BF2C1} - C:\WINDOWS\System32\oovozeh.dll (file missing)
O2 - BHO: (no name) - {7C420EE3-142B-5FE8-0D8C-850F91BDA818} - C:\WINDOWS\System32\gatekeo.dll
O2 - BHO: (no name) - {90148C6B-DF21-CEF1-506C-6FD3CF1C52D3} - C:\WINDOWS\winscard.dll
O4 - HKLM\..\Run: [load32] C:\WINDOWS\system32\winldra.exe

Neustarten

•KillBox

http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\System32\oovozeh.dll
C:\WINDOWS\System32\gatekeo.dll
C:\WINDOWS\winscard.dll
C:\WINDOWS\system32\winldra.exe

PC neustarten

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html

scanne noch einmal mit:
SSA Keylogger Cleaner Log

#oeffne noch mal das HijackThis
Config< Misc Tools < Open Hosts file Manager < Delete line <
loesche alles , lasse nur stehen:
127.1.1.0 localhost

dann arbeite das hier ab und poste alles:

http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
26.08.2005, 13:20
Member

Beiträge: 23
#12 Logfile of HijackThis v1.99.1
Scan saved at 13:13:28, on 26.08.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\helper.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Andre\Desktop\hijackthis\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.odins.de.tt/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121505564698
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O21 - SSODL: Network.ConnectionTray - {5AA4B278-B9EF-661E-9629-225A94A4B944} - C:\WINDOWS\help\agt0415.hlp
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

Das ist nun von HjackThis

Und halt die 20 Tage alten Sachen kommen nun:

26.08.2005 10:05 1.158 wpa.dbl
16.08.2005 13:24 75 LuResult.txt
12.08.2005 17:26 3.741 jupdate-1.5.0_04-b05.log
11.08.2005 05:35 243 winldr.ini
11.08.2005 05:35 62 mail.dat
11.08.2005 05:34 8 dllsys.dll
02.08.2005 19:25 45 initdebug.nfo

26.08.2005 13:11 16.384 ~DFE619.tmp
26.08.2005 13:11 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}800.html
26.08.2005 13:06 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}14569.html
26.08.2005 13:06 16.384 Perflib_Perfdata_bc.dat
26.08.2005 13:06 512 ~DF91B8.tmp
26.08.2005 13:06 16.384 ~DF91C6.tmp
26.08.2005 13:06 512 ~DF91D2.tmp
26.08.2005 13:06 16.384 ~DF91AC.tmp
26.08.2005 13:06 512 ~DF919E.tmp
26.08.2005 13:06 512 ~DF917A.tmp
26.08.2005 13:06 16.384 ~DF918D.tmp
26.08.2005 13:06 16.384 ~DF916E.tmp
26.08.2005 13:06 16.384 ~DF68CE.tmp
26.08.2005 13:06 512 ~DF375D.tmp
26.08.2005 13:06 16.384 ~DF371C.tmp
26.08.2005 13:05 32.768 ~DFAC52.tmp
26.08.2005 13:04 197 kb.log
26.08.2005 13:03 16.384 ~DF1349.tmp
26.08.2005 13:01 16.384 ~DF5658.tmp
26.08.2005 13:01 16.384 ~DF8839.tmp
26.08.2005 13:01 32.768 ~DF31AE.tmp
26.08.2005 12:16 16.384 ~DFABDF.tmp
26.08.2005 12:16 16.384 ~DFAC15.tmp
26.08.2005 12:16 16.384 ~DFABF9.tmp
26.08.2005 12:16 16.384 ~DFAC2F.tmp
26.08.2005 12:02 16.384 ~DF40AD.tmp
26.08.2005 12:02 16.384 ~DF405D.tmp
26.08.2005 12:02 16.384 ~DF4093.tmp
26.08.2005 12:02 16.384 ~DF4079.tmp
26.08.2005 11:57 16.384 ~DF438A.tmp
26.08.2005 11:57 16.384 ~DF43A4.tmp
26.08.2005 11:57 16.384 ~DF4370.tmp
26.08.2005 11:57 16.384 ~DF4356.tmp
26.08.2005 10:06 4.954.418 drwtsn32.log
26.08.2005 10:06 16.384 ~DFAE1B.tmp
26.08.2005 10:06 16.384 ~DF83DA.tmp
26.08.2005 10:06 32.768 ~DF71E8.tmp
26.08.2005 09:59 16.384 ~DFAE0A.tmp
26.08.2005 09:59 16.384 ~DF7D7F.tmp
26.08.2005 09:59 795.705 b.cs
26.08.2005 09:59 32.768 ~DFC094.tmp
26.08.2005 01:18 0 aax4B.tmp
26.08.2005 01:13 0 aax4A.tmp
26.08.2005 01:13 0 aax49.tmp
26.08.2005 01:10 0 aax48.tmp
25.08.2005 21:26 73.728 ~17.tmp
25.08.2005 21:25 73.728 ~13.tmp
25.08.2005 21:20 73.728 ~11.tmp
25.08.2005 20:09 73.728 ~F.tmp
25.08.2005 16:03 49.152 ~DFAB90.tmp
25.08.2005 15:54 16.384 ~DF8ED6.tmp
25.08.2005 15:54 32.768 ~DF82B6.tmp
25.08.2005 15:23 16.384 ~DF31B8.tmp
25.08.2005 15:23 16.384 ~DF3208.tmp
25.08.2005 15:23 16.384 ~DF31EC.tmp
25.08.2005 15:23 16.384 ~DF31D2.tmp
25.08.2005 15:22 16.384 ~DFF310.tmp
25.08.2005 15:22 16.384 ~DFD97C.tmp
25.08.2005 15:15 0 aax296.tmp
25.08.2005 15:03 16.384 ~WRF0001.tmp
25.08.2005 14:46 73.728 ~292.tmp
25.08.2005 14:28 73.728 ~290.tmp
25.08.2005 11:07 73.728 ~28C.tmp
25.08.2005 10:23 73.728 ~289.tmp
24.08.2005 12:18 10.538 control.xml
23.08.2005 23:54 69.632 ~1F8.tmp
23.08.2005 23:50 69.632 ~1F6.tmp
23.08.2005 23:49 69.632 ~1F4.tmp
23.08.2005 23:39 69.632 ~1F2.tmp
23.08.2005 23:37 69.632 ~1F0.tmp
23.08.2005 23:16 69.632 ~1EE.tmp
23.08.2005 22:47 69.632 ~1EC.tmp
23.08.2005 22:31 69.632 ~1EA.tmp
23.08.2005 22:28 53.794 2084_appcompat.txt
23.08.2005 15:09 0 aax1CE.tmp
23.08.2005 13:55 69.632 ~F2.tmp
23.08.2005 12:01 69.632 ~E4.tmp
23.08.2005 06:08 69.632 ~C3.tmp
23.08.2005 03:50 69.632 ~AC.tmp
23.08.2005 03:38 69.632 ~AA.tmp
23.08.2005 02:48 69.632 ~A8.tmp
23.08.2005 02:45 69.632 ~A6.tmp
23.08.2005 01:01 69.632 ~A0.tmp
23.08.2005 00:54 69.632 ~9E.tmp
23.08.2005 00:05 69.632 ~9B.tmp
22.08.2005 23:30 69.632 ~99.tmp
22.08.2005 14:20 0 aax6E.tmp
22.08.2005 14:20 0 aax6D.tmp
22.08.2005 13:32 69.632 ~55.tmp
22.08.2005 13:13 69.632 ~52.tmp
22.08.2005 10:06 53.750 dc6c_appcompat.txt
22.08.2005 09:56 32.768 ~DF4E61.tmp
21.08.2005 19:45 93 DFC5A2B2.TMP
21.08.2005 19:32 191 EE6F7F28.TMP
21.08.2005 19:26 16.384 ~DFDB57.tmp
21.08.2005 19:26 16.384 ~DFC332.tmp
21.08.2005 16:31 69.632 ~A.tmp
21.08.2005 12:56 32.768 ~DF54AA.tmp
21.08.2005 12:39 16.384 ~DFB174.tmp
21.08.2005 12:39 512 ~DFB181.tmp
21.08.2005 12:39 512 ~DFB152.tmp
21.08.2005 12:39 512 ~DFB123.tmp
21.08.2005 12:39 16.384 ~DFB0AE.tmp
21.08.2005 12:39 16.384 ~DFB131.tmp
21.08.2005 12:39 512 ~DFB0A0.tmp
21.08.2005 12:39 16.384 ~DFB091.tmp
21.08.2005 12:37 512 ~DF7507.tmp
21.08.2005 12:37 16.384 ~DF74FB.tmp
21.08.2005 12:37 16.384 ~DF7515.tmp
21.08.2005 12:37 512 ~DF7521.tmp
21.08.2005 12:37 512 ~DF74ED.tmp
21.08.2005 12:37 512 ~DF74D3.tmp
21.08.2005 12:37 16.384 ~DF74C2.tmp
21.08.2005 12:37 16.384 ~DF74E1.tmp
21.08.2005 11:39 512 ~DF65D8.tmp
21.08.2005 11:39 512 ~DF659A.tmp
21.08.2005 11:39 16.384 ~DF65CC.tmp
21.08.2005 11:39 16.384 ~DF65A8.tmp
21.08.2005 11:39 512 ~DF65BE.tmp
21.08.2005 11:39 16.384 ~DF657F.tmp
21.08.2005 11:39 16.384 ~DF655C.tmp
21.08.2005 11:39 512 ~DF6571.tmp
21.08.2005 09:30 16.384 Perflib_Perfdata_3ac.dat
21.08.2005 09:30 16.384 ~DF3A31.tmp
21.08.2005 09:30 512 ~DF15B6.tmp
21.08.2005 09:30 16.384 ~DF15A3.tmp
21.08.2005 09:30 32.768 ~DF9BCA.tmp
20.08.2005 15:33 69.632 ~4FC.tmp
20.08.2005 14:09 69.632 ~4EF.tmp
19.08.2005 18:27 69.632 ~D9.tmp
19.08.2005 16:14 16.384 ~DF4916.tmp
19.08.2005 16:14 16.384 ~DF40EB.tmp
19.08.2005 07:35 0 aaxA1.tmp
19.08.2005 07:34 0 aaxA0.tmp
18.08.2005 20:53 69.632 ~54.tmp
18.08.2005 17:47 69.632 ~3E.tmp
18.08.2005 13:58 16.384 ~DF9F50.tmp
18.08.2005 13:58 16.384 ~DF9F78.tmp
18.08.2005 13:58 16.384 ~DF9F36.tmp
18.08.2005 13:58 16.384 ~DF9F1A.tmp
18.08.2005 13:25 6.224 java_install_reg.log
18.08.2005 13:15 16.384 ~DFC1F1.tmp
18.08.2005 13:15 16.384 ~DFC240.tmp
18.08.2005 13:15 16.384 ~DFC20C.tmp
18.08.2005 13:15 16.384 ~DFC226.tmp
18.08.2005 13:09 16.384 ~DF3C70.tmp
18.08.2005 13:09 16.384 ~DF3C8A.tmp
18.08.2005 13:09 16.384 ~DF3CA4.tmp
18.08.2005 13:09 16.384 ~DF3C56.tmp
18.08.2005 12:34 16.384 ~DFA441.tmp
18.08.2005 12:34 16.384 ~DFA425.tmp
18.08.2005 12:34 16.384 ~DFA408.tmp
18.08.2005 12:34 16.384 ~DFA3EC.tmp
18.08.2005 12:18 16.384 ~DF2646.tmp
18.08.2005 12:18 16.384 ~DFF7C6.tmp
18.08.2005 12:18 32.768 ~DFADE6.tmp
18.08.2005 01:31 16.384 ~DF6602.tmp
18.08.2005 01:31 16.384 ~DF65CE.tmp
18.08.2005 01:31 16.384 ~DF65E8.tmp
18.08.2005 01:31 16.384 ~DF65B4.tmp
18.08.2005 00:14 69.632 ~45.tmp
17.08.2005 23:44 69.632 ~43.tmp
17.08.2005 18:24 16.384 ~DF3C16.tmp
17.08.2005 18:24 16.384 ~DFDDD2.tmp
17.08.2005 18:24 32.768 ~DF999E.tmp
17.08.2005 18:17 16.384 ~DF3749.tmp
17.08.2005 18:17 16.384 ~DF372F.tmp
17.08.2005 18:17 16.384 ~DF3715.tmp
17.08.2005 18:17 16.384 ~DF36F9.tmp
17.08.2005 16:32 16.384 ~DFA69F.tmp
17.08.2005 16:32 16.384 ~DF8308.tmp
17.08.2005 16:32 32.768 ~DF1351.tmp
17.08.2005 16:12 16.384 ~DF4BF0.tmp
17.08.2005 16:12 16.384 ~DF4BBC.tmp
17.08.2005 16:12 16.384 ~DF4BD5.tmp
17.08.2005 16:12 16.384 ~DF4BA3.tmp
17.08.2005 09:23 16.384 ~DF66AA.tmp
17.08.2005 09:22 16.384 ~DF3D3C.tmp
17.08.2005 09:22 32.768 ~DFA93C.tmp
16.08.2005 14:00 32.768 ~DF9989.tmp
16.08.2005 13:56 3.588 SNDSetup55.log
16.08.2005 13:56 8.200 IDSinst.LOG
16.08.2005 13:56 328.524 SNDUpdater55I.log
16.08.2005 13:53 16.384 ~DF216E.tmp
16.08.2005 13:53 16.384 ~DF2154.tmp
16.08.2005 13:53 16.384 ~DF2188.tmp
16.08.2005 13:53 16.384 ~DF2125.tmp
16.08.2005 13:52 16.384 ~DFE8FF.tmp
16.08.2005 13:52 16.384 ~DFB9A8.tmp
16.08.2005 13:48 32.768 ~DF5A69.tmp
16.08.2005 13:47 3.698.142 Norton AntiVirus 2005 8-16-2005 13h44m34s.log
16.08.2005 13:47 89.700 symcprop.dat
16.08.2005 13:47 172 AVRES_OPTRF_LiveUpdate.dat
16.08.2005 13:46 556 SymSCLiveUpdate.dat
16.08.2005 13:46 172 SSALiveUpdate.dat
16.08.2005 13:45 172 AVSTELiveUpdate.dat
16.08.2005 13:44 11.960 LSInstall.log
16.08.2005 13:44 286 PreScan.log
16.08.2005 13:41 16.384 ~DF5BD9.tmp
16.08.2005 13:41 16.384 ~DF5BF4.tmp
16.08.2005 13:41 16.384 ~DF5BA7.tmp
16.08.2005 13:41 16.384 ~DF5BC0.tmp
16.08.2005 13:41 16.384 ~DF50DE.tmp
16.08.2005 13:41 16.384 ~DF164A.tmp
16.08.2005 13:41 32.768 ~DFB4F7.tmp
16.08.2005 13:36 16.384 ~DFA5F5.tmp
16.08.2005 13:36 16.384 ~DFA60E.tmp
16.08.2005 13:36 16.384 ~DFA627.tmp
16.08.2005 13:36 16.384 ~DFA5DA.tmp
16.08.2005 13:31 16.384 ~DFD44D.tmp
16.08.2005 13:31 16.384 ~DFD498.tmp
16.08.2005 13:31 16.384 ~DFD47F.tmp
16.08.2005 13:31 16.384 ~DFD466.tmp
16.08.2005 13:30 352.146 SNDUpdater54U.log
16.08.2005 13:29 2.738 SNDunin.log
16.08.2005 13:28 16.384 ~DF8FDA.tmp
16.08.2005 13:28 16.384 ~DF76B5.tmp
16.08.2005 13:28 32.768 ~DFE25D.tmp
16.08.2005 13:26 3.121.518 Norton AntiVirus 2005 8-16-2005 13h23m45s.log
16.08.2005 13:06 0 aax3B5.tmp
16.08.2005 12:54 16.384 ~DF79CC.tmp
16.08.2005 12:54 16.384 ~DF79B2.tmp
16.08.2005 12:54 16.384 ~DF797C.tmp
16.08.2005 12:54 16.384 ~DF7996.tmp
16.08.2005 12:53 16.384 ~DFB844.tmp
16.08.2005 12:53 16.384 ~DFB82A.tmp
16.08.2005 12:53 16.384 ~DFB810.tmp
16.08.2005 12:53 16.384 ~DFB7F4.tmp
16.08.2005 12:42 16.384 ~DF33FC.tmp
16.08.2005 12:42 16.384 ~DF3416.tmp
16.08.2005 12:42 16.384 ~DF33C8.tmp
16.08.2005 12:42 16.384 ~DF33E2.tmp
16.08.2005 12:36 312 jar_cache30133.tmp
16.08.2005 03:45 16.384 ~DFCA28.tmp
16.08.2005 03:45 16.384 ~DFAB8B.tmp
16.08.2005 03:45 32.768 ~DF241.tmp
16.08.2005 03:37 16.384 ~DFF712.tmp
16.08.2005 03:37 16.384 ~DFD358.tmp
16.08.2005 03:37 32.768 ~DFB6C2.tmp
16.08.2005 03:14 3.698.162 Norton AntiVirus 2005 8-16-2005 3h2m51s.log
16.08.2005 02:54 16.384 ~DFE953.tmp
16.08.2005 02:54 16.384 ~DFE96C.tmp
16.08.2005 02:54 16.384 ~DFE93A.tmp
16.08.2005 02:54 16.384 ~DFE91F.tmp
16.08.2005 02:17 16.384 ~DF6819.tmp
16.08.2005 02:17 16.384 ~DF4A24.tmp
16.08.2005 02:17 32.768 ~DF7888.tmp
15.08.2005 02:35 0 aax47.tmp
15.08.2005 02:25 0 aax46.tmp
14.08.2005 23:13 0 aax32.tmp
14.08.2005 14:05 16.384 ~DFB8EE.tmp
14.08.2005 14:05 16.384 ~DF9A3F.tmp
14.08.2005 14:04 16.384 ~DFB2B4.tmp
14.08.2005 14:04 16.384 ~DFB268.tmp
14.08.2005 14:04 16.384 ~DFB282.tmp
14.08.2005 14:04 16.384 ~DFB29B.tmp
14.08.2005 13:57 16.384 ~DF6C11.tmp
14.08.2005 13:57 16.384 ~DF598F.tmp
14.08.2005 13:57 32.768 ~DF901C.tmp
14.08.2005 13:57 64.495 jusched.log
14.08.2005 06:03 0 aax13F.tmp
14.08.2005 05:45 16.384 ~DF8073.tmp
14.08.2005 05:45 16.384 ~DF8058.tmp
14.08.2005 05:45 16.384 ~DF803B.tmp
14.08.2005 05:45 16.384 ~DF801E.tmp
14.08.2005 05:20 16.384 ~DF9044.tmp
14.08.2005 05:20 16.384 ~DF9029.tmp
14.08.2005 05:20 16.384 ~DF900B.tmp
14.08.2005 05:20 16.384 ~DF8FF2.tmp
13.08.2005 23:45 16.384 ~DFC2C9.tmp
13.08.2005 23:45 16.384 ~DFC2A5.tmp
13.08.2005 23:45 16.384 ~DFC28B.tmp
13.08.2005 23:45 16.384 ~DFC271.tmp
13.08.2005 17:01 0 aax83.tmp
13.08.2005 00:22 3.554 dba9_appcompat.txt
12.08.2005 20:11 16.384 ~DF2749.tmp
12.08.2005 20:11 16.384 ~DF6B0.tmp
12.08.2005 20:11 32.768 ~DFBF8B.tmp
12.08.2005 19:24 512 ~DFC148.tmp
12.08.2005 19:24 512 ~DFC12A.tmp
12.08.2005 19:24 16.384 ~DFC13D.tmp
12.08.2005 19:24 16.384 ~DFC11B.tmp
12.08.2005 19:24 512 ~DFC10A.tmp
12.08.2005 19:24 16.384 ~DFC0F9.tmp
12.08.2005 19:24 512 ~DFC0EB.tmp
12.08.2005 19:24 16.384 ~DFC0DC.tmp
12.08.2005 18:45 512 ~DFF3B3.tmp
12.08.2005 18:45 16.384 ~DFF3A6.tmp
12.08.2005 18:45 512 ~DFF37E.tmp
12.08.2005 18:45 16.384 ~DFF36D.tmp
12.08.2005 18:45 512 ~DFF350.tmp
12.08.2005 18:45 16.384 ~DFF338.tmp
12.08.2005 18:45 512 ~DFF32A.tmp
12.08.2005 18:45 16.384 ~DFF31D.tmp
12.08.2005 18:00 512 ~DFABF4.tmp
12.08.2005 18:00 16.384 ~DFABD4.tmp
12.08.2005 18:00 512 ~DFABC6.tmp
12.08.2005 18:00 16.384 ~DFABAF.tmp
12.08.2005 18:00 512 ~DFABA0.tmp
12.08.2005 18:00 16.384 ~DFAB93.tmp
12.08.2005 18:00 512 ~DFAB85.tmp
12.08.2005 18:00 16.384 ~DFAB64.tmp
12.08.2005 17:26 98.377 java_install.log
12.08.2005 17:15 16.384 ~DF8F73.tmp
12.08.2005 17:15 512 ~DF8F7E.tmp
12.08.2005 17:15 512 ~DF8F65.tmp
12.08.2005 17:15 16.384 ~DF8F41.tmp
12.08.2005 17:15 512 ~DF8F4C.tmp
12.08.2005 17:15 16.384 ~DF8F5A.tmp
12.08.2005 17:15 512 ~DF8F2C.tmp
12.08.2005 17:15 16.384 ~DF8F21.tmp
12.08.2005 17:00 69.632 ~14.tmp
12.08.2005 16:49 16.384 ~DFB39.tmp
12.08.2005 16:49 512 ~DF580.tmp
12.08.2005 16:49 16.384 ~DF575.tmp
12.08.2005 13:45 32.768 ~DF9847.tmp
12.08.2005 10:59 16.384 ~DF13D.tmp
12.08.2005 10:59 16.384 ~DF122.tmp
12.08.2005 10:59 16.384 ~DF107.tmp
12.08.2005 10:59 16.384 ~DFE9.tmp
12.08.2005 10:29 16.384 ~DFF964.tmp
12.08.2005 10:29 16.384 ~DFF947.tmp
12.08.2005 10:29 16.384 ~DFF92B.tmp
12.08.2005 10:29 16.384 ~DFF910.tmp
12.08.2005 10:21 16.384 ~DFA7A8.tmp
12.08.2005 10:21 16.384 ~DFA78A.tmp
12.08.2005 10:21 16.384 ~DFA771.tmp
12.08.2005 10:21 16.384 ~DFA756.tmp
12.08.2005 09:54 16.384 ~DFB7C2.tmp
12.08.2005 09:54 16.384 ~DFB7A8.tmp
12.08.2005 09:54 16.384 ~DFB78C.tmp
12.08.2005 09:54 16.384 ~DFB772.tmp
12.08.2005 04:53 16.384 ~DF6C19.tmp
12.08.2005 04:53 16.384 ~DF6BF9.tmp
12.08.2005 04:53 16.384 ~DF6BDA.tmp
12.08.2005 04:53 16.384 ~DF6BBC.tmp
12.08.2005 04:48 16.384 ~DF9986.tmp
12.08.2005 04:48 16.384 ~DF999F.tmp
12.08.2005 04:48 16.384 ~DF996D.tmp
12.08.2005 04:48 16.384 ~DF9953.tmp
12.08.2005 03:37 16.384 ~DFF466.tmp
12.08.2005 03:37 16.384 ~DFEDAB.tmp
12.08.2005 03:30 32.768 ~DFCC62.tmp
12.08.2005 03:29 22.616 76af_appcompat.txt
12.08.2005 03:23 16.384 ~DF23CA.tmp
12.08.2005 03:23 16.384 ~DF23E3.tmp
12.08.2005 03:23 16.384 ~DF23FC.tmp
12.08.2005 03:23 16.384 ~DF23B0.tmp
12.08.2005 03:21 16.384 ~DFCB85.tmp
12.08.2005 03:21 16.384 ~DFAAEE.tmp
11.08.2005 20:35 32.768 ~DF9AE4.tmp
11.08.2005 20:23 0 31B616E.dmp
11.08.2005 20:12 512 ~DF558D.tmp
11.08.2005 20:12 512 ~DF5574.tmp
11.08.2005 20:12 16.384 ~DF5569.tmp
11.08.2005 20:12 16.384 ~DF5582.tmp
11.08.2005 20:12 512 ~DF5542.tmp
11.08.2005 20:12 16.384 ~DF5550.tmp
11.08.2005 20:12 512 ~DF555B.tmp
11.08.2005 20:12 16.384 ~DF5533.tmp
11.08.2005 19:53 49.152 ~DF245C.tmp
11.08.2005 19:20 16.384 ~DF2438.tmp
11.08.2005 19:20 16.384 ~DF2451.tmp
11.08.2005 19:20 16.384 ~DF246A.tmp
11.08.2005 19:20 512 ~DF2443.tmp
11.08.2005 19:20 512 ~DF242A.tmp
11.08.2005 19:20 512 ~DF2475.tmp
11.08.2005 19:20 16.384 ~DF241F.tmp
11.08.2005 18:57 0 aax52.tmp
11.08.2005 15:02 0 aax28.tmp
11.08.2005 15:01 16.384 ~DF7619.tmp
11.08.2005 15:01 512 ~DF7632.tmp
11.08.2005 15:01 16.384 ~DF7640.tmp
11.08.2005 15:01 512 ~DF764B.tmp
11.08.2005 15:01 512 ~DF760B.tmp
11.08.2005 15:01 16.384 ~DF75E5.tmp
11.08.2005 15:01 512 ~DF75F2.tmp
11.08.2005 15:01 16.384 ~DF7600.tmp
11.08.2005 13:30 16.384 Perflib_Perfdata_670.dat
11.08.2005 11:57 512 ~DFBD38.tmp
11.08.2005 11:57 16.384 ~DFBD2D.tmp
11.08.2005 11:57 512 ~DFBD1F.tmp
11.08.2005 11:57 16.384 ~DFBD14.tmp
11.08.2005 11:57 512 ~DFBD06.tmp
11.08.2005 11:57 16.384 ~DFBCFB.tmp
11.08.2005 11:57 512 ~DFBCED.tmp
11.08.2005 11:57 16.384 ~DFBCE0.tmp
11.08.2005 11:13 512 ~DF8E72.tmp
11.08.2005 11:13 16.384 ~DF8E67.tmp
11.08.2005 11:13 512 ~DF8E8B.tmp
11.08.2005 11:13 16.384 ~DF8E80.tmp
11.08.2005 11:13 16.384 ~DF8E4C.tmp
11.08.2005 11:13 512 ~DF8E59.tmp
11.08.2005 11:13 512 ~DF8E3E.tmp
11.08.2005 11:13 16.384 ~DF8E33.tmp
11.08.2005 05:55 16.384 ~DF6C91.tmp
11.08.2005 05:55 512 ~DF3004.tmp
11.08.2005 05:55 16.384 ~DF2CF9.tmp
11.08.2005 05:55 32.768 ~DF93CD.tmp
11.08.2005 05:34 26.112 3.exe
11.08.2005 04:38 16.384 ~DF4E79.tmp
11.08.2005 04:38 16.384 ~DF4747.tmp
11.08.2005 00:05 0 aax22.tmp
10.08.2005 23:59 0 aax21.tmp
10.08.2005 23:59 0 aax1E.tmp
10.08.2005 23:50 0 aax1C.tmp
10.08.2005 20:53 32.768 ~DF8E38.tmp
10.08.2005 15:41 16.384 Perflib_Perfdata_64c.dat
10.08.2005 15:14 0 aax152.tmp
10.08.2005 15:03 0 aax14F.tmp
10.08.2005 09:48 0 aax109.tmp
10.08.2005 00:27 0 aaxE6.tmp
10.08.2005 00:24 0 aaxE5.tmp
10.08.2005 00:22 0 aaxE4.tmp
09.08.2005 17:59 9.338 ICQCF.tmp
09.08.2005 17:59 3.698 ICQCE.tmp
09.08.2005 17:59 8.218 ICQCD.tmp
09.08.2005 17:59 2.990 ICQCC.tmp
09.08.2005 17:55 8.025 ICQC8.tmp
09.08.2005 17:55 2.858 ICQC7.tmp
09.08.2005 12:19 0 aax9F.tmp
09.08.2005 03:42 0 aax64.tmp
09.08.2005 03:39 0 aax63.tmp
09.08.2005 03:39 0 aax62.tmp
09.08.2005 03:39 0 aax61.tmp
09.08.2005 03:25 0 aax60.tmp
09.08.2005 03:18 0 aax5F.tmp
09.08.2005 03:18 0 aax5E.tmp
09.08.2005 03:11 0 aax5D.tmp
09.08.2005 03:02 0 aax5C.tmp
09.08.2005 03:02 0 aax5B.tmp
08.08.2005 22:40 32.768 ~DF8FFE.tmp
08.08.2005 20:18 16.384 ~DF6E81.tmp
08.08.2005 20:18 16.384 ~DF6E9C.tmp
08.08.2005 20:18 512 ~DF6EA7.tmp
08.08.2005 20:18 512 ~DF6E8E.tmp
08.08.2005 20:18 16.384 ~DF6E67.tmp
08.08.2005 20:18 512 ~DF6E73.tmp
08.08.2005 20:18 512 ~DF6E59.tmp
08.08.2005 20:18 16.384 ~DF6E4B.tmp
08.08.2005 19:52 64.954 a.cs
08.08.2005 19:30 32.768 ~DFF4B7.tmp
08.08.2005 17:43 512 ~DFF485.tmp
08.08.2005 17:43 512 ~DFF4D0.tmp
08.08.2005 17:43 16.384 ~DFF4C5.tmp
08.08.2005 17:43 512 ~DFF49E.tmp
08.08.2005 17:43 16.384 ~DFF479.tmp
08.08.2005 17:43 16.384 ~DFF4AC.tmp
08.08.2005 17:43 16.384 ~DFF493.tmp
08.08.2005 17:20 512 ~DF8403.tmp
08.08.2005 17:20 16.384 ~DF83F8.tmp
08.08.2005 17:20 16.384 ~DF83DF.tmp
08.08.2005 17:20 512 ~DF83EA.tmp
08.08.2005 17:20 512 ~DF83D1.tmp
08.08.2005 17:20 16.384 ~DF83C4.tmp
08.08.2005 17:20 512 ~DF83B6.tmp
08.08.2005 17:20 16.384 ~DF83AB.tmp
08.08.2005 15:43 0 aax45.tmp
08.08.2005 15:23 512 ~DFAD40.tmp
08.08.2005 15:23 512 ~DFAD27.tmp
08.08.2005 15:23 512 ~DFAD0E.tmp
08.08.2005 15:23 16.384 ~DFAD35.tmp
08.08.2005 15:23 16.384 ~DFAD1C.tmp
08.08.2005 15:23 16.384 ~DFAD01.tmp
08.08.2005 15:23 512 ~DFACF3.tmp
08.08.2005 15:23 16.384 ~DFACE8.tmp
08.08.2005 13:18 0 aax44.tmp
08.08.2005 04:34 16.384 Perflib_Perfdata_6ec.dat
08.08.2005 03:49 16.384 ~DFB554.tmp
08.08.2005 03:49 512 ~DFABDE.tmp
08.08.2005 03:49 16.384 ~DFABD2.tmp
08.08.2005 03:45 0 aax1A.tmp
08.08.2005 03:07 0 aax19.tmp
08.08.2005 02:00 0 WMM4.tmp
08.08.2005 01:01 336 c.cs
08.08.2005 01:01 32.768 ~DFF701.tmp
07.08.2005 01:17 0 aaxF.tmp
06.08.2005 20:36 32.768 ~DF955B.tmp
06.08.2005 20:16 0 8DB4330.dmp
06.08.2005 20:16 0 8DB42B3.dmp
06.08.2005 20:16 0 8DB4226.dmp
06.08.2005 20:16 3.554 3aca_appcompat.txt
06.08.2005 15:00 32.768 ~DFED5C.tmp
06.08.2005 14:45 49.152 ~DFEDEB.tmp
06.08.2005 13:45 16.384 ~DFED6A.tmp
06.08.2005 13:45 16.384 ~DFED2C.tmp
06.08.2005 13:45 512 ~DFED0C.tmp
06.08.2005 13:45 16.384 ~DFECAE.tmp
06.08.2005 13:45 512 ~DFEC27.tmp
06.08.2005 13:45 16.384 ~DFEB7E.tmp
06.08.2005 12:29 512 ~DF7DE9.tmp
06.08.2005 12:29 512 ~DF7E1B.tmp
06.08.2005 12:29 16.384 ~DF7DBC.tmp
06.08.2005 12:29 512 ~DF7DD0.tmp
06.08.2005 12:29 16.384 ~DF7DF7.tmp
06.08.2005 12:29 512 ~DF7E02.tmp
06.08.2005 12:29 16.384 ~DF7DDE.tmp
06.08.2005 12:29 16.384 ~DF7E10.tmp
06.08.2005 12:05 16.384 ~DF332B.tmp
06.08.2005 12:05 16.384 ~DF3312.tmp
06.08.2005 12:05 512 ~DF3304.tmp
06.08.2005 12:05 512 ~DF331D.tmp
06.08.2005 12:05 16.384 ~DF32F9.tmp
06.08.2005 12:05 512 ~DF3336.tmp
06.08.2005 12:05 512 ~DF32EB.tmp
06.08.2005 12:05 16.384 ~DF32D7.tmp
06.08.2005 12:01 16.384 ~DF77E1.tmp
06.08.2005 12:01 512 ~DF6FEF.tmp
06.08.2005 12:01 16.384 ~DF6FE4.tmp

26.08.2005 13:06 0 0.log
26.08.2005 13:06 410.704 WindowsUpdate.log
26.08.2005 13:05 2.048 bootstat.dat
26.08.2005 13:05 32.634 SchedLgU.Txt
26.08.2005 09:59 50.365 ERRORLOG.TXT
26.08.2005 09:59 54.156 QTFont.qfn
25.08.2005 15:51 242 IE4 Error Log.txt
24.08.2005 12:19 32.776 wmsetup.log
22.08.2005 12:20 49 NeroDigital.ini
22.08.2005 12:09 192 winamp.ini
19.08.2005 16:17 285.224 setupapi.log
19.08.2005 16:01 43.826 iis6.log
19.08.2005 16:01 91.036 comsetup.log
19.08.2005 16:01 132.040 tsoc.log
19.08.2005 16:01 1.374 imsins.log
19.08.2005 16:01 12.179 ocmsn.log
19.08.2005 16:01 58.349 ntdtcsetup.log
19.08.2005 16:01 7.854 KB899588.log
19.08.2005 16:01 202.745 ocgen.log
19.08.2005 16:01 16.741 msgsocm.log
19.08.2005 16:01 350.585 FaxSetup.log
19.08.2005 16:00 7.843 updspapi.log
16.08.2005 14:00 21.489 LUINSTALL.LOG
16.08.2005 13:55 8.780 SYMEVENT.LOG
16.08.2005 02:16 216 wiadebug.log
16.08.2005 02:13 1.409 QTFont.for
16.08.2005 02:13 503 win.ini
16.08.2005 02:13 227 system.ini
16.08.2005 01:46 50 wiaservc.log
15.08.2005 04:57 0 WS_FTP.CNV
15.08.2005 04:57 6 WS_FTP.EXT
12.08.2005 20:11 57.344 helper.exe

26.08.2005 13:20 0 sys.txt
26.08.2005 13:19 9.560 system.txt
26.08.2005 13:19 90.139 systemtemp.txt
26.08.2005 13:19 101.513 system32.txt
26.08.2005 13:05 1.072.484.352 hiberfil.sys
26.08.2005 13:05 1.610.612.736 pagefile.sys
16.08.2005 02:13 211 boot.ini

Und nun ? Danke schonmal jetzt DANKE DANKE
Seitenanfang Seitenende
26.08.2005, 13:32
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#13 warum hast du die pfade nicht mit abkopiert ??????????? Ich bin kein Hellseher....

loesche:--> mit der killbox

C:\WINDOWS\helper.exe
C:\WINDOWS\System32\dllsys.dll
c:\windows\url.dat
c:\windows\system32\winldr.ini
c:\windows\system32\mail.dat

du solltest mit CCleaner alle temp-Dateien loeschen....aber hast es nicht gemacht .

also. bitte durchfuehren und dann die bat-Dateien noch mal posten --> bis zum 10.08 !!!!!!!!
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
26.08.2005, 13:52
Member

Beiträge: 23
#14 Verzeichnis von C:\WINDOWS\system32

26.08.2005 10:05 1.158 wpa.dbl
16.08.2005 13:24 75 LuResult.txt
12.08.2005 17:26 3.741 jupdate-1.5.0_04-b05.log


Verzeichnis von C:\DOKUME~1\Andre\LOKALE~1\Temp

26.08.2005 13:47 16.384 ~DFEC18.tmp
26.08.2005 13:47 16.384 Perflib_Perfdata_bc.dat
26.08.2005 13:47 512 ~DFC056.tmp
26.08.2005 13:47 16.384 ~DFBFCB.tmp
26.08.2005 13:46 32.768 ~DFB376.tmp


Verzeichnis von C:\WINDOWS

26.08.2005 13:47 413.377 WindowsUpdate.log
26.08.2005 13:46 2.048 bootstat.dat
26.08.2005 13:45 32.634 SchedLgU.Txt
26.08.2005 09:59 54.156 QTFont.qfn
22.08.2005 12:20 49 NeroDigital.ini
22.08.2005 12:09 192 winamp.ini
16.08.2005 02:13 1.409 QTFont.for
16.08.2005 02:13 227 system.ini
16.08.2005 02:13 503 win.ini
15.08.2005 04:57 0 WS_FTP.CNV
15.08.2005 04:57 6 WS_FTP.EXT


Verzeichnis von C:\

26.08.2005 13:51 0 sys.txt
26.08.2005 13:51 4.418 system.txt
26.08.2005 13:51 495 systemtemp.txt
26.08.2005 13:50 101.371 system32.txt
26.08.2005 13:46 1.072.484.352 hiberfil.sys
26.08.2005 13:46 1.610.612.736 pagefile.sys
16.08.2005 02:13 211 boot.ini

so ?
Seitenanfang Seitenende
26.08.2005, 14:14
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#15 Hallo@FresH

sehr schoen ;)

nun deaktiviere noch die Systemwiederherstellung (dann wieder aktivieren)
http://virus-protect.org/Systemwiederherstellung.html

Klicke nicht mehr auf jede Mail, die du so bekommst, denn hast du auch keine Probleme mehr ...
http://virus-protect.org/phishing1.html

Alles Gute fuer dich + PC ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: