Home » Viren, Trojaner & Malware Forum » Brauche Unterstützung bei: Backdoor.Nibu.L entfernen » Themenansicht
Brauche Unterstützung bei: Backdoor.Nibu.L entfernen |
||
|---|---|---|
| #0
| ||
|
13.08.2005, 21:14
...neu hier
Beiträge: 10 |
||
 
|
|
|
|
13.08.2005, 21:32
Ehrenmitglied
 Beiträge: 29434 |
#2
Hallo@henry-der-3
Start -- Ausführen -- reinschreiben : cmd -- DOS wird sich öffnen einzeln in das schwarze DOS-Fenster reinkopieren: cd\ cd %windir%\system32 dir /a:-d /o:-d > %systemdrive%\system32.txt start %systemdrive%\system32.txt cls exit nun wird sich automatisch der Texteditor öffnen und alle Daten einzeigen, die sich auf dem PC befinden. Kopiere bitte nur die letzten 30 Tage raus. Dann schliesse DOS und führe die gleiche Anweisungen aus für: cd\ cd %temp%\ dir /a:-d /o:-d > %systemdrive%\systemtemp.txt start %systemdrive%\systemtemp.txt cls exit cd\ cd %windir% dir /a:-d /o:-d > %systemdrive%\system.txt start %systemdrive%\system.txt cls exit cd\ dir /a:-d /o:-d > %systemdrive%\sys.txt start %systemdrive%\sys.txt cls exit Lade: rkfiles.zip http://bilder.informationsarchiv.net/Nikitas_Tools/rkfiles.zip -->entpacken--> gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml -->Doppelklick(Ausfuehren)-->rkfiles.bat--> warten bis sich das DOS-Fenster schliesst (auch wenn es lange dauert und angezeigt wird, dass kein pfad zu finden sei... ,)--->poste C:\log.txt HijackThis http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner -->None of the above, just start the program --> Save--> Savelog -->es öffnet sich der Editor --> oder: Do a system scan and save a logfile --> Save--> Savelog -->es öffnet sich der Editor --> nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
18.08.2005, 20:14
...neu hier
Beiträge: 3 |
#3
Habe auch Virus Backdoor.Nibu.L auf meinem Rechner.
Hallo Sabina, bin per Zufall auf Eure Seite gestossen. Habe Deine Anweisungen im Forum befolgt. Leider findet Norton AntiVirus den Virus immer noch, kann Ihn jedoch nicht löschen. Ich kenne mich leider nicht so gut mit PC`s aus. Brauche Deine Hilfe. Die Logfiles von mir habe ich Dir beigefügt. Gruss, Max (der verzweifelt ist)Tel. 0173 653 46 42 Logfile of HijackThis v1.99.1 Scan saved at 15:58:05, on 17.08.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\khooker.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\ASUS\WLAN Card Utilities\Center.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\ASUS\Power4 Gear\BatteryLife.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\SM1BG.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Java\jre1.5.0\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\System32\winldra.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programme\ASUS\ASUS Hotkey\Hotkey.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\VeriSign\NAVI\naviagent.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Hijack\HijackThis.exe C:\Programme\Symantec\LiveUpdate\AUpdate.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsg-pfaffenwiesbach.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_1.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Programme\Free Downloads Accelerator\fdabar99.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Control Center] C:\Programme\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O4 - Global Startup: Hotkey.lnk = C:\Programme\ASUS\ASUS Hotkey\Hotkey.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Programme\Free Downloads Accelerator\fdaie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra 'Tools' menuitem: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_1.dll O9 - Extra 'Tools' menuitem: Optionen für i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_1.dll O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt2_x.cab O16 - DPF: {00000000-5555-0704-0B53-2C8830E9FAEC} - http://install.questnet.de/soft/ieloader.cab O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0765954c7e00f4c2ac19/netzip/RdxIE601_de.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.moviegroup.tv/activex/DownloadMgr.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = workgroup O17 - HKLM\Software\..\Telephony: DomainName = workgroup O17 - HKLM\System\CCS\Services\Tcpip\..\{2886AD63-EA9C-4B12-836E-9146441A1E2C}: NameServer = ,194.25.2.129 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = workgroup O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programme\VeriSign\NAVI\naviagent.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
|
|
18.08.2005, 21:34
Member
 Beiträge: 4730 |
#4
Ahh! Mein Freund
C:\WINDOWS\System32\winldra.exe Fixe mit HijackThis (Häkchen setzen, "fix checked" klicken) O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0765954c7e00f4c2ac19/netzip/RdxIE601_de.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.moviegroup.tv/activex/DownloadMgr.cab Lade Dir Killbox, entpacke und starte es. Aktiviere "Delete on Reboot" und füge folgendes ein: C:\WINDOWS\System32\winldra.exe Bestätige alle Fragen mit YES - der PC wird neugestartet. Lade Dir eScan und führe einen Scan durch, so wie auf der Seite beschrieben. Berichte uns davon. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
|
|
18.08.2005, 23:27
Ehrenmitglied
Beiträge: 29434 |
#5
mstr81
und scanne bitte auch mit diesem Tool: Entfernungstool: Sunbelt-->poste bitte das Log vom Scan http://research.sunbelt-software.com/ssaclean.cfm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.08.2005, 22:33
...neu hier
Beiträge: 3 |
#6
Hallo Managor und Sabina,
vielen Dank für Eure Hilfe. Habe escan jetzt drüber laufen lassen. Hier ist das Scan-Ergebnis: Muss ich alle Files löschen oder wie gehe ich jetzt vor ? -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Sun Aug 21 20:51:34 2005 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken. 2: Sun Aug 21 21:02:12 2005 => Offending file found: C:\WINDOWS\gpinstall.exe 3: Sun Aug 21 21:02:12 2005 => System found infected with Conducent FlexPak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken. 4: Sun Aug 21 21:02:24 2005 => Offending file found: C:\DOKUME~1\GERHAR~1\LOKALE~1\Temp\insthelp.dll 5: Sun Aug 21 21:02:24 2005 => System found infected with RedV Spyware/Adware (insthelp.dll)! Action taken: No Action Taken. 6: Sun Aug 21 21:07:36 2005 => File C:\DOKUME~1\GERHAR~1\LOKALE~1\Temp\temp.fr28EC infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 7: Sun Aug 21 21:08:39 2005 => File C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\7BB8QTAS\2[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken. 8: Sun Aug 21 21:09:36 2005 => File C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\C4OEMJUN\3[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken. 9: Sun Aug 21 21:10:58 2005 => File C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\FESNZ1CT\2[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken. 10: Sun Aug 21 21:13:01 2005 => File C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\QPBWPC7Q\3[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken. 11: Sun Aug 21 21:28:10 2005 => File C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temp\temp.fr28EC infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 12: Sun Aug 21 21:28:55 2005 => File C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7BB8QTAS\2[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken. 13: Sun Aug 21 21:29:33 2005 => File C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C4OEMJUN\3[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken. 14: Sun Aug 21 21:30:31 2005 => File C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FESNZ1CT\2[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken. 15: Sun Aug 21 21:32:07 2005 => File C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QPBWPC7Q\3[1].exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken. 16: Sun Aug 21 21:46:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\257634D7.dll infected by "Trojan-Downloader.Win32.Agent.gf" Virus! Action Taken: No Action Taken. 17: Sun Aug 21 21:46:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\264D458B.tmp infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken. 18: Sun Aug 21 21:46:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2FED6F5D.DLL infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 19: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3DC84BDD.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 20: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4D462C4E.tmp infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken. 21: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4E8C576D.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 22: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\56541DB0.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 23: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\62344E9F.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 24: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6EC47688.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 25: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7A4258C8.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 26: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7A625D74.DLL infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 27: Sun Aug 21 22:00:43 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP435\A0140148.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 28: Sun Aug 21 22:00:47 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140155.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 29: Sun Aug 21 22:00:48 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140161.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 30: Sun Aug 21 22:00:49 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140167.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 31: Sun Aug 21 22:00:52 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140195.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 32: Sun Aug 21 22:00:53 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140201.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 33: Sun Aug 21 22:00:54 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140207.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 34: Sun Aug 21 22:00:55 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140213.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 35: Sun Aug 21 22:01:40 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140324.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 36: Sun Aug 21 22:02:16 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140459.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 37: Sun Aug 21 22:02:17 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140469.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 38: Sun Aug 21 22:02:20 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP437\A0140475.exe infected by "Trojan-Downloader.Win32.Small.bgp" Virus! Action Taken: No Action Taken. 39: Sun Aug 21 22:02:20 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP437\A0142466.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 40: Sun Aug 21 22:02:22 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP437\A0142478.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 41: Sun Aug 21 22:02:47 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142743.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 42: Sun Aug 21 22:02:48 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142749.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 43: Sun Aug 21 22:02:49 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142755.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 44: Sun Aug 21 22:02:50 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142761.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 45: Sun Aug 21 22:02:53 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP440\A0142764.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 46: Sun Aug 21 22:02:54 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142771.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 47: Sun Aug 21 22:02:56 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142788.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 48: Sun Aug 21 22:02:57 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142794.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 49: Sun Aug 21 22:02:59 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142806.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 50: Sun Aug 21 22:03:00 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142814.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 51: Sun Aug 21 22:03:01 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142822.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 52: Sun Aug 21 22:03:02 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142828.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 53: Sun Aug 21 22:03:03 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142834.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 54: Sun Aug 21 22:03:04 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142840.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 55: Sun Aug 21 22:03:08 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP442\A0142847.dll infected by "Backdoor.Win32.Dumador.dg" Virus! Action Taken: No Action Taken. 56: Sun Aug 21 22:03:10 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP442\A0142852.exe infected by "Backdoor.Win32.Dumador.do" Virus! Action Taken: No Action Taken. -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Sun Aug 21 21:24:08 2005 => File C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\thomas\setupcdripper.exe tagged as "not-a-virus:AdWare.NavExcel.d". Action Taken: No Action Taken. 2: Sun Aug 21 21:40:35 2005 => File C:\Programme\GrandVirtual\World Wide Online Casino\cstart.exe tagged as "not-a-virus:AdWare.Casino.b". Action Taken: No Action Taken. 3: Sun Aug 21 21:46:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\129E596C.dll tagged as "not-a-virus:AdWare.WinAD.i". Action Taken: No Action Taken. 4: Sun Aug 21 21:46:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\25730ADB.exe tagged as "not-a-virus:AdWare.Relevance.a". Action Taken: No Action Taken. 5: Sun Aug 21 21:46:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\257634D7.exe tagged as "not-a-virus:AdWare.SaveNow.z". Action Taken: No Action Taken. 6: Sun Aug 21 21:46:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\311740AC.exe tagged as "not-a-virus  orn-Dialer.Win32.ALifeDialer". Action Taken: No Action Taken.7: Sun Aug 21 21:46:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\311A6AA8.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken. 8: Sun Aug 21 21:46:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\311D14A4.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken. 9: Sun Aug 21 21:46:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\311D14A4.exe tagged as "not-a-virus:AdWare.NavExcel.i". Action Taken: No Action Taken. 10: Sun Aug 21 21:46:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\31213EA1.exe tagged as "not-a-virus:AdWare.WinAD.ac". Action Taken: No Action Taken. 11: Sun Aug 21 21:46:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\31213EA1.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 12: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3124689D.dll tagged as "not-a-virus:AdWare.WinAD.ac". Action Taken: No Action Taken. 13: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3124689D.exe tagged as "not-a-virus:AdWare.WinAD.ab". Action Taken: No Action Taken. 14: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3127129A.dll tagged as "not-a-virus:AdWare.WinAD.w". Action Taken: No Action Taken. 15: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\312A3C96.exe tagged as "not-a-virus:AdWare.WinAD.f". Action Taken: No Action Taken. 16: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\33770A3D.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken. 17: Sun Aug 21 21:46:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\41463F6E.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken. 18: Sun Aug 21 21:46:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5BC11993.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken. 19: Sun Aug 21 21:46:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7B7D616F.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken. 20: Sun Aug 21 21:50:45 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP389\A0129164.dll tagged as not-a-virus  ownloader.Win32.SpyGame. No Action Taken.21: Sun Aug 21 22:02:35 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142632.exe tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken. 22: Sun Aug 21 22:02:35 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142633.EXE tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken. 23: Sun Aug 21 22:02:41 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142704.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken. 24: Sun Aug 21 22:02:42 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142705.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken. 25: Sun Aug 21 22:02:42 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142706.DLL tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken. 26: Sun Aug 21 22:02:42 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142707.dll tagged as "not-a-virus:AdWare.Gator.3124". Action Taken: No Action Taken. 27: Sun Aug 21 22:02:42 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142708.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken. 28: Sun Aug 21 22:02:43 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142709.DLL tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken. 29: Sun Aug 21 22:02:43 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142710.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken. 30: Sun Aug 21 22:02:43 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142711.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken. 31: Sun Aug 21 22:02:43 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142712.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken. 32: Sun Aug 21 22:02:43 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142713.DLL tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken. 33: Sun Aug 21 22:02:44 2005 => File C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP438\A0142714.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Sun Aug 21 21:02:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken. 2: Sun Aug 21 21:02:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\inotes6.dll". Action Taken: No Action Taken. 3: Sun Aug 21 21:02:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaPassX.dll". Action Taken: No Action Taken. 4: Sun Aug 21 21:02:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken. 5: Sun Aug 21 21:02:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll". Action Taken: No Action Taken. 6: Sun Aug 21 21:02:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WMDownload.dll". Action Taken: No Action Taken. 7: Sun Aug 21 21:02:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken. 8: Sun Aug 21 21:02:51 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WMDownload.dll". Action Taken: No Action Taken. 9: Sun Aug 21 21:02:56 2005 => Entry "HKCR\CLSID\{16F2BD88-1F70-4D0F-94E0-3BC04427774C}" refers to invalid object "C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\Laura\Andreas\viren\CCleaner\CCListView.ocx". Action Taken: No Action Taken. 10: Sun Aug 21 21:03:04 2005 => Entry "HKCR\CLSID\{7CDBCF20-E412-46AA-A433-E44FC9F39022}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\EACCEL~1\dware.dll". Action Taken: No Action Taken. 11: Sun Aug 21 21:03:04 2005 => Entry "HKCR\CLSID\{7E752AAA-5A32-40AD-B150-4A2E85768E4D}" refers to invalid object "D:\BIN\WIN32\omgdwrap.dll". Action Taken: No Action Taken. 12: Sun Aug 21 21:03:07 2005 => Entry "HKCR\CLSID\{9C6487A8-2DC6-414E-A917-CFD4EA03A94B}" refers to invalid object "C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\Laura\Andreas\viren\CCleaner\CCTab.ocx". Action Taken: No Action Taken. 13: Sun Aug 21 21:03:09 2005 => Entry "HKCR\CLSID\{B171AC80-E642-441F-8FBB-46E1181779A9}" refers to invalid object "C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\Laura\Andreas\viren\CCleaner\CCTreeView.ocx". Action Taken: No Action Taken. 14: Sun Aug 21 21:03:10 2005 => Entry "HKCR\CLSID\{BFE89110-18C5-4537-AC21-BE14F8C9CE47}" refers to invalid object "C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\Laura\Andreas\viren\CCleaner\CCSubtimer.dll". Action Taken: No Action Taken. 15: Sun Aug 21 21:03:13 2005 => Entry "HKCR\CLSID\{D95DEB2F-4A47-467C-A78B-5D3038D089D5}" refers to invalid object "D:\BIN\WIN32\omgdbp.ocx". Action Taken: No Action Taken. 16: Sun Aug 21 21:03:13 2005 => Entry "HKCR\CLSID\{D96DCFF2-AF64-4156-81E3-5C892A643BB1}" refers to invalid object "C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\Laura\Andreas\viren\CCleaner\CCSubtimer.dll". Action Taken: No Action Taken. 17: Sun Aug 21 21:03:22 2005 => Entry "HKCR\CmdLineExt.CmdLineContextMenu" refers to invalid object "{9869EFB4-18E9-11D3-A837-00104B9E30B5}". Action Taken: No Action Taken. 18: Sun Aug 21 21:03:22 2005 => Entry "HKCR\CmdLineExt.CmdLineContextMenu.1" refers to invalid object "{9869EFB4-18E9-11D3-A837-00104B9E30B5}". Action Taken: No Action Taken. 19: Sun Aug 21 21:03:29 2005 => Entry "HKCR\MediaPassX.Installer" refers to invalid object "{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}". Action Taken: No Action Taken. 20: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Aconti.zip is Not Scanned 21: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip is Not Scanned 22: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Altnet.zip is Not Scanned 23: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Altnet1.zip is Not Scanned 24: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ConnectMFCApplication.zip is Not Scanned 25: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp.zip is Not Scanned 26: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip is Not Scanned 27: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp2.zip is Not Scanned 28: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration.zip is Not Scanned 29: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration1.zip is Not Scanned 30: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration10.zip is Not Scanned 31: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration11.zip is Not Scanned 32: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration12.zip is Not Scanned 33: Sun Aug 21 21:15:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration13.zip is Not Scanned 34: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration14.zip is Not Scanned 35: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration2.zip is Not Scanned 36: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration3.zip is Not Scanned 37: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration4.zip is Not Scanned 38: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration5.zip is Not Scanned 39: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration6.zip is Not Scanned 40: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration8.zip is Not Scanned 41: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\EAcceleration9.zip is Not Scanned 42: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\eGroupInstantAccess.zip is Not Scanned 43: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy.zip is Not Scanned 44: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy1.zip is Not Scanned 45: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator.zip is Not Scanned 46: Sun Aug 21 21:15:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator1.zip is Not Scanned 47: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator2.zip is Not Scanned 48: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MyWayMyBar.zip is Not Scanned 49: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MyWayMyBar1.zip is Not Scanned 50: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MyWayMyBar2.zip is Not Scanned 51: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MyWayMyBar3.zip is Not Scanned 52: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\OneBill.zip is Not Scanned 53: Sun Aug 21 21:15:54 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\OneBill1.zip is Not Scanned -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\DOKUME~1\GERHAR~1\LOKALE~1\Temp\temp.fr28EC => Backdoor.Win32.Dumador.dg 2: C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\7BB8QTAS\2[1].exe => Backdoor.Win32.Dumador.do 3: C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\C4OEMJUN\3[1].exe => Backdoor.Win32.Dumador.do 4: C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\FESNZ1CT\2[1].exe => Backdoor.Win32.Dumador.do 5: C:\DOKUME~1\GERHAR~1\LOKALE~1\TEMPOR~1\Content.IE5\QPBWPC7Q\3[1].exe => Backdoor.Win32.Dumador.do 6: C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temp\temp.fr28EC => Backdoor.Win32.Dumador.dg 7: C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7BB8QTAS\2[1].exe => Backdoor.Win32.Dumador.do 8: C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C4OEMJUN\3[1].exe => Backdoor.Win32.Dumador.do 9: C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FESNZ1CT\2[1].exe => Backdoor.Win32.Dumador.do 10: C:\Dokumente und Einstellungen\Gerhard Strohmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QPBWPC7Q\3[1].exe => Backdoor.Win32.Dumador.do 11: C:\Programme\Norton AntiVirus\Quarantine\257634D7.dll => Trojan-Downloader.Win32.Agent.gf 12: C:\Programme\Norton AntiVirus\Quarantine\264D458B.tmp => Email-Worm.Win32.NetSky.d 13: C:\Programme\Norton AntiVirus\Quarantine\2FED6F5D.DLL => Backdoor.Win32.Dumador.dg 14: C:\Programme\Norton AntiVirus\Quarantine\3DC84BDD.dll => Backdoor.Win32.Dumador.dg 15: C:\Programme\Norton AntiVirus\Quarantine\4D462C4E.tmp => Email-Worm.Win32.Sober.i 16: C:\Programme\Norton AntiVirus\Quarantine\4E8C576D.dll => Backdoor.Win32.Dumador.dg 17: C:\Programme\Norton AntiVirus\Quarantine\56541DB0.dll => Backdoor.Win32.Dumador.dg 18: C:\Programme\Norton AntiVirus\Quarantine\62344E9F.dll => Backdoor.Win32.Dumador.dg 19: C:\Programme\Norton AntiVirus\Quarantine\6EC47688.dll => Backdoor.Win32.Dumador.dg 20: C:\Programme\Norton AntiVirus\Quarantine\7A4258C8.dll => Backdoor.Win32.Dumador.dg 21: C:\Programme\Norton AntiVirus\Quarantine\7A625D74.DLL => Backdoor.Win32.Dumador.dg 22: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP389\A0129164.dll => tagged ownloader.Win32.SpyGame.23: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP435\A0140148.dll => Backdoor.Win32.Dumador.dg 24: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140155.dll => Backdoor.Win32.Dumador.dg 25: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140161.dll => Backdoor.Win32.Dumador.dg 26: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140167.dll => Backdoor.Win32.Dumador.dg 27: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140195.dll => Backdoor.Win32.Dumador.dg 28: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140201.dll => Backdoor.Win32.Dumador.dg 29: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140207.dll => Backdoor.Win32.Dumador.dg 30: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140213.dll => Backdoor.Win32.Dumador.dg 31: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140324.dll => Backdoor.Win32.Dumador.dg 32: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140459.dll => Backdoor.Win32.Dumador.dg 33: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP436\A0140469.dll => Backdoor.Win32.Dumador.dg 34: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP437\A0140475.exe => Trojan-Downloader.Win32.Small.bgp 35: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP437\A0142466.dll => Backdoor.Win32.Dumador.dg 36: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP437\A0142478.dll => Backdoor.Win32.Dumador.dg 37: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142743.dll => Backdoor.Win32.Dumador.dg 38: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142749.dll => Backdoor.Win32.Dumador.dg 39: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142755.dll => Backdoor.Win32.Dumador.dg 40: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP439\A0142761.dll => Backdoor.Win32.Dumador.dg 41: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP440\A0142764.dll => Backdoor.Win32.Dumador.dg 42: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142771.dll => Backdoor.Win32.Dumador.dg 43: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142788.dll => Backdoor.Win32.Dumador.dg 44: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142794.dll => Backdoor.Win32.Dumador.dg 45: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142806.dll => Backdoor.Win32.Dumador.dg 46: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142814.dll => Backdoor.Win32.Dumador.dg 47: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142822.dll => Backdoor.Win32.Dumador.dg 48: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142828.dll => Backdoor.Win32.Dumador.dg 49: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142834.dll => Backdoor.Win32.Dumador.dg 50: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP441\A0142840.dll => Backdoor.Win32.Dumador.dg 51: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP442\A0142847.dll => Backdoor.Win32.Dumador.dg 52: C:\System Volume Information\_restore{FF760F55-988A-4B21-90CC-0D7B6572E8CB}\RP442\A0142852.exe => Backdoor.Win32.Dumador.do -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Sun Aug 21 22:19:25 2005 => Total Objects Scanned: 95745 Sun Aug 21 22:19:25 2005 => Total Virus(es) Found: 101 Sun Aug 21 22:19:25 2005 => Total Errors: 53 Sun Aug 21 22:19:25 2005 => Virus Database Date: 2005/08/19 Sun Aug 21 22:19:25 2005 => Virus Database Count: 144368 Sun Aug 21 22:22:21 2005 => Total Objects Scanned: 95745 Sun Aug 21 22:22:21 2005 => Total Virus(es) Found: 101 Sun Aug 21 22:22:21 2005 => Total Errors: 53 Gruss und Danke, Max / Tel. 0173 653 46 42 |
|
|
|
|
|
|
22.08.2005, 00:37
Ehrenmitglied
Beiträge: 29434 |
#7
Hallo@mstr81
nun starte den PC neu...beim Booten sollte die Malware geloescht werden. loeschen: C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\thomas\setupcdripper.exe C:\Programme\GrandVirtual\World Wide Online Casino\cstart.exe t CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html Da aber ein Virenscanner nie alles findet...  Arbeite das bitte ab. http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
22.08.2005, 14:50
...neu hier
Beiträge: 3 |
#8
Hallo Sabina,
"nun starte den PC neu...beim Booten sollte die Malware geloescht werden." Was bedeutet Malware ?? Habe diesen Begriff noch nicht gehört. Wie lösche ich diese Malware oder geht das automatisch ?? Soll ich danach alle gefunden Files von escan löschen oder nur die beiden: C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\thomas\setupcdripper.exe C:\Programme\GrandVirtual\World Wide Online Casino\cstart.exe t ?? Gruss, Max |
|
|
|
|
|
|
22.08.2005, 15:51
Ehrenmitglied
Beiträge: 29434 |
#9
Zitat mstr81 posteteMalware bedeutet alles, was "schlecht, boese" ist, also Viren, Spyware usw. alle gefunden Files von escan löschen + die beiden:LOESCHEN: C:\Dokumente und Einstellungen\Gerhard Strohmann\Eigene Dateien\thomas\setupcdripper.exe C:\Programme\GrandVirtual\World Wide Online Casino\cstart.exe und dann arbeite auch ab: http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.08.2005, 10:17
Member
Beiträge: 23 |
#10
Hey ich hab das selbe Problem. Ich poste einfach mal die log:
Logfile of HijackThis v1.99.1 Scan saved at 10:14:27, on 26.08.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Logitech\iTouch\iTouch.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Spyware Doctor\swdoctor.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\WINDOWS\helper.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\Andre\Desktop\hijackthis\HijackThis.exe C:\Programme\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.odins.de.tt/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O1 - Hosts: 81.169.139.226 l2authd.lineage2.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {6DA975EA-CBB4-411B-97C0-DB0A892BF2C1} - C:\WINDOWS\System32\oovozeh.dll (file missing) O2 - BHO: (no name) - {7C420EE3-142B-5FE8-0D8C-850F91BDA818} - C:\WINDOWS\System32\gatekeo.dll O2 - BHO: (no name) - {90148C6B-DF21-CEF1-506C-6FD3CF1C52D3} - C:\WINDOWS\winscard.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [load32] C:\WINDOWS\system32\winldra.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121505564698 O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab O21 - SSODL: Network.ConnectionTray - {5AA4B278-B9EF-661E-9629-225A94A4B944} - C:\WINDOWS\help\agt0415.hlp O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe kommt im Prinzip das selbe wie bei ihm oben mit der winldra.exe. Ich hoffe ihr könnt mir genauso helfen log von SSA Cleaner: SSA Keylogger Cleaner Log (c) Sunbelt Software Inc. 2005 www.sunbelt-software.com Scan Running Processes: Scanning For Trojan Files: Searching for SSA files: C: C:\WINDOWS Delete file: netdx.dat Delete file: cmdid.dat Delete file: prntc.log C:\WINDOWS\System C:\WINDOWS\temp Delete file: fe43e701.htm C:\Program Files\Internet Explorer\SHTTP Cleaning HOSTS file: 127.0.0.1 www.trendmicro.com stripped from HOSTS file. 127.0.0.1 trendmicro.com stripped from HOSTS file. 127.0.0.1 rads.mcafee.com stripped from HOSTS file. 127.0.0.1 us.mcafee.com stripped from HOSTS file. 127.0.0.1 www.nai.com stripped from HOSTS file. 127.0.0.1 nai.com stripped from HOSTS file. 127.0.0.1 secure.nai.com stripped from HOSTS file. 127.0.0.1 dispatch.mcafee.com stripped from HOSTS file. 127.0.0.1 download.mcafee.com stripped from HOSTS file. 127.0.0.1 www.my-etrust.com stripped from HOSTS file. 127.0.0.1 my-etrust.com stripped from HOSTS file. 127.0.0.1 mast.mcafee.com stripped from HOSTS file. 127.0.0.1 ca.com stripped from HOSTS file. 127.0.0.1 www.ca.com stripped from HOSTS file. 127.0.0.1 networkassociates.com stripped from HOSTS file. 127.0.0.1 www.networkassociates.com stripped from HOSTS file. 127.0.0.1 avp.com stripped from HOSTS file. 127.0.0.1 www.kaspersky.com stripped from HOSTS file. 127.0.0.1 www.avp.com stripped from HOSTS file. 127.0.0.1 kaspersky.com stripped from HOSTS file. 127.0.0.1 www.f-secure.com stripped from HOSTS file. 127.0.0.1 f-secure.com stripped from HOSTS file. 127.0.0.1 viruslist.com stripped from HOSTS file. 127.0.0.1 www.viruslist.com stripped from HOSTS file. 127.0.0.1 mcafee.com stripped from HOSTS file. 127.0.0.1 www.mcafee.com stripped from HOSTS file. 127.0.0.1 sophos.com stripped from HOSTS file. 127.0.0.1 www.sophos.com stripped from HOSTS file. 127.0.0.1 us.mcafee.com/root/ stripped from HOSTS file. 127.0.0.1 www.trendmicro.com stripped from HOSTS file. 127.0.0.1 trendmicro.com stripped from HOSTS file. 127.0.0.1 rads.mcafee.com stripped from HOSTS file. 127.0.0.1 us.mcafee.com stripped from HOSTS file. 127.0.0.1 www.nai.com stripped from HOSTS file. 127.0.0.1 nai.com stripped from HOSTS file. 127.0.0.1 secure.nai.com stripped from HOSTS file. 127.0.0.1 dispatch.mcafee.com stripped from HOSTS file. 127.0.0.1 download.mcafee.com stripped from HOSTS file. 127.0.0.1 www.my-etrust.com stripped from HOSTS file. 127.0.0.1 my-etrust.com stripped from HOSTS file. 127.0.0.1 mast.mcafee.com stripped from HOSTS file. 127.0.0.1 ca.com stripped from HOSTS file. 127.0.0.1 www.ca.com stripped from HOSTS file. 127.0.0.1 networkassociates.com stripped from HOSTS file. 127.0.0.1 www.networkassociates.com stripped from HOSTS file. 127.0.0.1 avp.com stripped from HOSTS file. 127.0.0.1 www.kaspersky.com stripped from HOSTS file. 127.0.0.1 www.avp.com stripped from HOSTS file. 127.0.0.1 kaspersky.com stripped from HOSTS file. 127.0.0.1 www.f-secure.com stripped from HOSTS file. 127.0.0.1 f-secure.com stripped from HOSTS file. 127.0.0.1 viruslist.com stripped from HOSTS file. 127.0.0.1 www.viruslist.com stripped from HOSTS file. 127.0.0.1 mcafee.com stripped from HOSTS file. 127.0.0.1 www.mcafee.com stripped from HOSTS file. 127.0.0.1 sophos.com stripped from HOSTS file. 127.0.0.1 www.sophos.com stripped from HOSTS file. 127.0.0.1 us.mcafee.com/root/ stripped from HOSTS file. 127.0.0.1 www.trendmicro.com stripped from HOSTS file. 127.0.0.1 trendmicro.com stripped from HOSTS file. 127.0.0.1 rads.mcafee.com stripped from HOSTS file. 127.0.0.1 us.mcafee.com stripped from HOSTS file. 127.0.0.1 www.nai.com stripped from HOSTS file. 127.0.0.1 nai.com stripped from HOSTS file. 127.0.0.1 secure.nai.com stripped from HOSTS file. 127.0.0.1 dispatch.mcafee.com stripped from HOSTS file. 127.0.0.1 download.mcafee.com stripped from HOSTS file. 127.0.0.1 www.my-etrust.com stripped from HOSTS file. 127.0.0.1 my-etrust.com stripped from HOSTS file. 127.0.0.1 mast.mcafee.com stripped from HOSTS file. 127.0.0.1 ca.com stripped from HOSTS file. 127.0.0.1 www.ca.com stripped from HOSTS file. 127.0.0.1 networkassociates.com stripped from HOSTS file. 127.0.0.1 www.networkassociates.com stripped from HOSTS file. 127.0.0.1 avp.com stripped from HOSTS file. 127.0.0.1 www.kaspersky.com stripped from HOSTS file. 127.0.0.1 www.avp.com stripped from HOSTS file. 127.0.0.1 kaspersky.com stripped from HOSTS file. 127.0.0.1 www.f-secure.com stripped from HOSTS file. 127.0.0.1 f-secure.com stripped from HOSTS file. 127.0.0.1 viruslist.com stripped from HOSTS file. 127.0.0.1 www.viruslist.com stripped from HOSTS file. 127.0.0.1 mcafee.com stripped from HOSTS file. 127.0.0.1 www.mcafee.com stripped from HOSTS file. 127.0.0.1 sophos.com stripped from HOSTS file. 127.0.0.1 www.sophos.com stripped from HOSTS file. 127.0.0.1 us.mcafee.com/root/ stripped from HOSTS file. 127.0.0.1 www.trendmicro.com stripped from HOSTS file. 127.0.0.1 trendmicro.com stripped from HOSTS file. 127.0.0.1 rads.mcafee.com stripped from HOSTS file. 127.0.0.1 us.mcafee.com stripped from HOSTS file. 127.0.0.1 www.nai.com stripped from HOSTS file. 127.0.0.1 nai.com stripped from HOSTS file. 127.0.0.1 secure.nai.com stripped from HOSTS file. 127.0.0.1 dispatch.mcafee.com stripped from HOSTS file. 127.0.0.1 download.mcafee.com stripped from HOSTS file. 127.0.0.1 www.my-etrust.com stripped from HOSTS file. 127.0.0.1 my-etrust.com stripped from HOSTS file. 127.0.0.1 mast.mcafee.com stripped from HOSTS file. 127.0.0.1 ca.com stripped from HOSTS file. 127.0.0.1 www.ca.com stripped from HOSTS file. 127.0.0.1 networkassociates.com stripped from HOSTS file. 127.0.0.1 www.networkassociates.com stripped from HOSTS file. 127.0.0.1 avp.com stripped from HOSTS file. 127.0.0.1 www.kaspersky.com stripped from HOSTS file. 127.0.0.1 www.avp.com stripped from HOSTS file. 127.0.0.1 kaspersky.com stripped from HOSTS file. 127.0.0.1 www.f-secure.com stripped from HOSTS file. 127.0.0.1 f-secure.com stripped from HOSTS file. 127.0.0.1 viruslist.com stripped from HOSTS file. 127.0.0.1 www.viruslist.com stripped from HOSTS file. 127.0.0.1 mcafee.com stripped from HOSTS file. 127.0.0.1 www.mcafee.com stripped from HOSTS file. 127.0.0.1 sophos.com stripped from HOSTS file. 127.0.0.1 www.sophos.com stripped from HOSTS file. 127.0.0.1 us.mcafee.com/root/ stripped from HOSTS file. 127.0.0.1 www.trendmicro.com stripped from HOSTS file. 127.0.0.1 trendmicro.com stripped from HOSTS file. 127.0.0.1 rads.mcafee.com stripped from HOSTS file. 127.0.0.1 customer.symantec.com stripped from HOSTS file. 127.0.0.1 liveupdate.symantec.com stripped from HOSTS file. 127.0.0.1 us.mcafee.com stripped from HOSTS file. 127.0.0.1 updates.symantec.com stripped from HOSTS file. 127.0.0.1 update.symantec.com stripped from HOSTS file. 127.0.0.1 www.nai.com stripped from HOSTS file. 127.0.0.1 nai.com stripped from HOSTS file. 127.0.0.1 secure.nai.com stripped from HOSTS file. 127.0.0.1 dispatch.mcafee.com stripped from HOSTS file. 127.0.0.1 download.mcafee.com stripped from HOSTS file. 127.0.0.1 www.my-etrust.com stripped from HOSTS file. 127.0.0.1 my-etrust.com stripped from HOSTS file. 127.0.0.1 mast.mcafee.com stripped from HOSTS file. 127.0.0.1 ca.com stripped from HOSTS file. 127.0.0.1 www.ca.com stripped from HOSTS file. 127.0.0.1 networkassociates.com stripped from HOSTS file. 127.0.0.1 www.networkassociates.com stripped from HOSTS file. 127.0.0.1 avp.com stripped from HOSTS file. 127.0.0.1 www.kaspersky.com stripped from HOSTS file. 127.0.0.1 www.avp.com stripped from HOSTS file. 127.0.0.1 kaspersky.com stripped from HOSTS file. 127.0.0.1 www.f-secure.com stripped from HOSTS file. 127.0.0.1 f-secure.com stripped from HOSTS file. 127.0.0.1 viruslist.com stripped from HOSTS file. 127.0.0.1 www.viruslist.com stripped from HOSTS file. 127.0.0.1 liveupdate.symantecliveupdate.com stripped from HOSTS file. 127.0.0.1 mcafee.com stripped from HOSTS file. 127.0.0.1 www.mcafee.com stripped from HOSTS file. 127.0.0.1 sophos.com stripped from HOSTS file. 127.0.0.1 www.sophos.com stripped from HOSTS file. 127.0.0.1 symantec.com stripped from HOSTS file. 127.0.0.1 securityresponse.symantec.com stripped from HOSTS file. 127.0.0.1 us.mcafee.com/root/ stripped from HOSTS file. 127.0.0.1 www.symantec.com stripped from HOSTS file. Cleaning Registry. Deleted Reg Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\load32 Deleted Reg Key: Software\SARS Keylogger Found The SSA keylogger has been removed from your system. Dieser Beitrag wurde am 26.08.2005 um 10:36 Uhr von FresH editiert.
|
|
|
|
|
|
|
26.08.2005, 12:46
Ehrenmitglied
Beiträge: 29434 |
#11
Hallo@FresH
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten O2 - BHO: (no name) - {6DA975EA-CBB4-411B-97C0-DB0A892BF2C1} - C:\WINDOWS\System32\oovozeh.dll (file missing) O2 - BHO: (no name) - {7C420EE3-142B-5FE8-0D8C-850F91BDA818} - C:\WINDOWS\System32\gatekeo.dll O2 - BHO: (no name) - {90148C6B-DF21-CEF1-506C-6FD3CF1C52D3} - C:\WINDOWS\winscard.dll O4 - HKLM\..\Run: [load32] C:\WINDOWS\system32\winldra.exe Neustarten •KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\System32\oovozeh.dll C:\WINDOWS\System32\gatekeo.dll C:\WINDOWS\winscard.dll C:\WINDOWS\system32\winldra.exe PC neustarten CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html scanne noch einmal mit: SSA Keylogger Cleaner Log #oeffne noch mal das HijackThis Config< Misc Tools < Open Hosts file Manager < Delete line < loesche alles , lasse nur stehen: 127.1.1.0 localhost dann arbeite das hier ab und poste alles: http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.08.2005, 13:20
Member
Beiträge: 23 |
#12
Logfile of HijackThis v1.99.1
Scan saved at 13:13:28, on 26.08.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Logitech\iTouch\iTouch.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Spyware Doctor\swdoctor.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\helper.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\Andre\Desktop\hijackthis\HijackThis.exe C:\Programme\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.odins.de.tt/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121505564698 O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab O21 - SSODL: Network.ConnectionTray - {5AA4B278-B9EF-661E-9629-225A94A4B944} - C:\WINDOWS\help\agt0415.hlp O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe Das ist nun von HjackThis Und halt die 20 Tage alten Sachen kommen nun: 26.08.2005 10:05 1.158 wpa.dbl 16.08.2005 13:24 75 LuResult.txt 12.08.2005 17:26 3.741 jupdate-1.5.0_04-b05.log 11.08.2005 05:35 243 winldr.ini 11.08.2005 05:35 62 mail.dat 11.08.2005 05:34 8 dllsys.dll 02.08.2005 19:25 45 initdebug.nfo 26.08.2005 13:11 16.384 ~DFE619.tmp 26.08.2005 13:11 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}800.html 26.08.2005 13:06 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}14569.html 26.08.2005 13:06 16.384 Perflib_Perfdata_bc.dat 26.08.2005 13:06 512 ~DF91B8.tmp 26.08.2005 13:06 16.384 ~DF91C6.tmp 26.08.2005 13:06 512 ~DF91D2.tmp 26.08.2005 13:06 16.384 ~DF91AC.tmp 26.08.2005 13:06 512 ~DF919E.tmp 26.08.2005 13:06 512 ~DF917A.tmp 26.08.2005 13:06 16.384 ~DF918D.tmp 26.08.2005 13:06 16.384 ~DF916E.tmp 26.08.2005 13:06 16.384 ~DF68CE.tmp 26.08.2005 13:06 512 ~DF375D.tmp 26.08.2005 13:06 16.384 ~DF371C.tmp 26.08.2005 13:05 32.768 ~DFAC52.tmp 26.08.2005 13:04 197 kb.log 26.08.2005 13:03 16.384 ~DF1349.tmp 26.08.2005 13:01 16.384 ~DF5658.tmp 26.08.2005 13:01 16.384 ~DF8839.tmp 26.08.2005 13:01 32.768 ~DF31AE.tmp 26.08.2005 12:16 16.384 ~DFABDF.tmp 26.08.2005 12:16 16.384 ~DFAC15.tmp 26.08.2005 12:16 16.384 ~DFABF9.tmp 26.08.2005 12:16 16.384 ~DFAC2F.tmp 26.08.2005 12:02 16.384 ~DF40AD.tmp 26.08.2005 12:02 16.384 ~DF405D.tmp 26.08.2005 12:02 16.384 ~DF4093.tmp 26.08.2005 12:02 16.384 ~DF4079.tmp 26.08.2005 11:57 16.384 ~DF438A.tmp 26.08.2005 11:57 16.384 ~DF43A4.tmp 26.08.2005 11:57 16.384 ~DF4370.tmp 26.08.2005 11:57 16.384 ~DF4356.tmp 26.08.2005 10:06 4.954.418 drwtsn32.log 26.08.2005 10:06 16.384 ~DFAE1B.tmp 26.08.2005 10:06 16.384 ~DF83DA.tmp 26.08.2005 10:06 32.768 ~DF71E8.tmp 26.08.2005 09:59 16.384 ~DFAE0A.tmp 26.08.2005 09:59 16.384 ~DF7D7F.tmp 26.08.2005 09:59 795.705 b.cs 26.08.2005 09:59 32.768 ~DFC094.tmp 26.08.2005 01:18 0 aax4B.tmp 26.08.2005 01:13 0 aax4A.tmp 26.08.2005 01:13 0 aax49.tmp 26.08.2005 01:10 0 aax48.tmp 25.08.2005 21:26 73.728 ~17.tmp 25.08.2005 21:25 73.728 ~13.tmp 25.08.2005 21:20 73.728 ~11.tmp 25.08.2005 20:09 73.728 ~F.tmp 25.08.2005 16:03 49.152 ~DFAB90.tmp 25.08.2005 15:54 16.384 ~DF8ED6.tmp 25.08.2005 15:54 32.768 ~DF82B6.tmp 25.08.2005 15:23 16.384 ~DF31B8.tmp 25.08.2005 15:23 16.384 ~DF3208.tmp 25.08.2005 15:23 16.384 ~DF31EC.tmp 25.08.2005 15:23 16.384 ~DF31D2.tmp 25.08.2005 15:22 16.384 ~DFF310.tmp 25.08.2005 15:22 16.384 ~DFD97C.tmp 25.08.2005 15:15 0 aax296.tmp 25.08.2005 15:03 16.384 ~WRF0001.tmp 25.08.2005 14:46 73.728 ~292.tmp 25.08.2005 14:28 73.728 ~290.tmp 25.08.2005 11:07 73.728 ~28C.tmp 25.08.2005 10:23 73.728 ~289.tmp 24.08.2005 12:18 10.538 control.xml 23.08.2005 23:54 69.632 ~1F8.tmp 23.08.2005 23:50 69.632 ~1F6.tmp 23.08.2005 23:49 69.632 ~1F4.tmp 23.08.2005 23:39 69.632 ~1F2.tmp 23.08.2005 23:37 69.632 ~1F0.tmp 23.08.2005 23:16 69.632 ~1EE.tmp 23.08.2005 22:47 69.632 ~1EC.tmp 23.08.2005 22:31 69.632 ~1EA.tmp 23.08.2005 22:28 53.794 2084_appcompat.txt 23.08.2005 15:09 0 aax1CE.tmp 23.08.2005 13:55 69.632 ~F2.tmp 23.08.2005 12:01 69.632 ~E4.tmp 23.08.2005 06:08 69.632 ~C3.tmp 23.08.2005 03:50 69.632 ~AC.tmp 23.08.2005 03:38 69.632 ~AA.tmp 23.08.2005 02:48 69.632 ~A8.tmp 23.08.2005 02:45 69.632 ~A6.tmp 23.08.2005 01:01 69.632 ~A0.tmp 23.08.2005 00:54 69.632 ~9E.tmp 23.08.2005 00:05 69.632 ~9B.tmp 22.08.2005 23:30 69.632 ~99.tmp 22.08.2005 14:20 0 aax6E.tmp 22.08.2005 14:20 0 aax6D.tmp 22.08.2005 13:32 69.632 ~55.tmp 22.08.2005 13:13 69.632 ~52.tmp 22.08.2005 10:06 53.750 dc6c_appcompat.txt 22.08.2005 09:56 32.768 ~DF4E61.tmp 21.08.2005 19:45 93 DFC5A2B2.TMP 21.08.2005 19:32 191 EE6F7F28.TMP 21.08.2005 19:26 16.384 ~DFDB57.tmp 21.08.2005 19:26 16.384 ~DFC332.tmp 21.08.2005 16:31 69.632 ~A.tmp 21.08.2005 12:56 32.768 ~DF54AA.tmp 21.08.2005 12:39 16.384 ~DFB174.tmp 21.08.2005 12:39 512 ~DFB181.tmp 21.08.2005 12:39 512 ~DFB152.tmp 21.08.2005 12:39 512 ~DFB123.tmp 21.08.2005 12:39 16.384 ~DFB0AE.tmp 21.08.2005 12:39 16.384 ~DFB131.tmp 21.08.2005 12:39 512 ~DFB0A0.tmp 21.08.2005 12:39 16.384 ~DFB091.tmp 21.08.2005 12:37 512 ~DF7507.tmp 21.08.2005 12:37 16.384 ~DF74FB.tmp 21.08.2005 12:37 16.384 ~DF7515.tmp 21.08.2005 12:37 512 ~DF7521.tmp 21.08.2005 12:37 512 ~DF74ED.tmp 21.08.2005 12:37 512 ~DF74D3.tmp 21.08.2005 12:37 16.384 ~DF74C2.tmp 21.08.2005 12:37 16.384 ~DF74E1.tmp 21.08.2005 11:39 512 ~DF65D8.tmp 21.08.2005 11:39 512 ~DF659A.tmp 21.08.2005 11:39 16.384 ~DF65CC.tmp 21.08.2005 11:39 16.384 ~DF65A8.tmp 21.08.2005 11:39 512 ~DF65BE.tmp 21.08.2005 11:39 16.384 ~DF657F.tmp 21.08.2005 11:39 16.384 ~DF655C.tmp 21.08.2005 11:39 512 ~DF6571.tmp 21.08.2005 09:30 16.384 Perflib_Perfdata_3ac.dat 21.08.2005 09:30 16.384 ~DF3A31.tmp 21.08.2005 09:30 512 ~DF15B6.tmp 21.08.2005 09:30 16.384 ~DF15A3.tmp 21.08.2005 09:30 32.768 ~DF9BCA.tmp 20.08.2005 15:33 69.632 ~4FC.tmp 20.08.2005 14:09 69.632 ~4EF.tmp 19.08.2005 18:27 69.632 ~D9.tmp 19.08.2005 16:14 16.384 ~DF4916.tmp 19.08.2005 16:14 16.384 ~DF40EB.tmp 19.08.2005 07:35 0 aaxA1.tmp 19.08.2005 07:34 0 aaxA0.tmp 18.08.2005 20:53 69.632 ~54.tmp 18.08.2005 17:47 69.632 ~3E.tmp 18.08.2005 13:58 16.384 ~DF9F50.tmp 18.08.2005 13:58 16.384 ~DF9F78.tmp 18.08.2005 13:58 16.384 ~DF9F36.tmp 18.08.2005 13:58 16.384 ~DF9F1A.tmp 18.08.2005 13:25 6.224 java_install_reg.log 18.08.2005 13:15 16.384 ~DFC1F1.tmp 18.08.2005 13:15 16.384 ~DFC240.tmp 18.08.2005 13:15 16.384 ~DFC20C.tmp 18.08.2005 13:15 16.384 ~DFC226.tmp 18.08.2005 13:09 16.384 ~DF3C70.tmp 18.08.2005 13:09 16.384 ~DF3C8A.tmp 18.08.2005 13:09 16.384 ~DF3CA4.tmp 18.08.2005 13:09 16.384 ~DF3C56.tmp 18.08.2005 12:34 16.384 ~DFA441.tmp 18.08.2005 12:34 16.384 ~DFA425.tmp 18.08.2005 12:34 16.384 ~DFA408.tmp 18.08.2005 12:34 16.384 ~DFA3EC.tmp 18.08.2005 12:18 16.384 ~DF2646.tmp 18.08.2005 12:18 16.384 ~DFF7C6.tmp 18.08.2005 12:18 32.768 ~DFADE6.tmp 18.08.2005 01:31 16.384 ~DF6602.tmp 18.08.2005 01:31 16.384 ~DF65CE.tmp 18.08.2005 01:31 16.384 ~DF65E8.tmp 18.08.2005 01:31 16.384 ~DF65B4.tmp 18.08.2005 00:14 69.632 ~45.tmp 17.08.2005 23:44 69.632 ~43.tmp 17.08.2005 18:24 16.384 ~DF3C16.tmp 17.08.2005 18:24 16.384 ~DFDDD2.tmp 17.08.2005 18:24 32.768 ~DF999E.tmp 17.08.2005 18:17 16.384 ~DF3749.tmp 17.08.2005 18:17 16.384 ~DF372F.tmp 17.08.2005 18:17 16.384 ~DF3715.tmp 17.08.2005 18:17 16.384 ~DF36F9.tmp 17.08.2005 16:32 16.384 ~DFA69F.tmp 17.08.2005 16:32 16.384 ~DF8308.tmp 17.08.2005 16:32 32.768 ~DF1351.tmp 17.08.2005 16:12 16.384 ~DF4BF0.tmp 17.08.2005 16:12 16.384 ~DF4BBC.tmp 17.08.2005 16:12 16.384 ~DF4BD5.tmp 17.08.2005 16:12 16.384 ~DF4BA3.tmp 17.08.2005 09:23 16.384 ~DF66AA.tmp 17.08.2005 09:22 16.384 ~DF3D3C.tmp 17.08.2005 09:22 32.768 ~DFA93C.tmp 16.08.2005 14:00 32.768 ~DF9989.tmp 16.08.2005 13:56 3.588 SNDSetup55.log 16.08.2005 13:56 8.200 IDSinst.LOG 16.08.2005 13:56 328.524 SNDUpdater55I.log 16.08.2005 13:53 16.384 ~DF216E.tmp 16.08.2005 13:53 16.384 ~DF2154.tmp 16.08.2005 13:53 16.384 ~DF2188.tmp 16.08.2005 13:53 16.384 ~DF2125.tmp 16.08.2005 13:52 16.384 ~DFE8FF.tmp 16.08.2005 13:52 16.384 ~DFB9A8.tmp 16.08.2005 13:48 32.768 ~DF5A69.tmp 16.08.2005 13:47 3.698.142 Norton AntiVirus 2005 8-16-2005 13h44m34s.log 16.08.2005 13:47 89.700 symcprop.dat 16.08.2005 13:47 172 AVRES_OPTRF_LiveUpdate.dat 16.08.2005 13:46 556 SymSCLiveUpdate.dat 16.08.2005 13:46 172 SSALiveUpdate.dat 16.08.2005 13:45 172 AVSTELiveUpdate.dat 16.08.2005 13:44 11.960 LSInstall.log 16.08.2005 13:44 286 PreScan.log 16.08.2005 13:41 16.384 ~DF5BD9.tmp 16.08.2005 13:41 16.384 ~DF5BF4.tmp 16.08.2005 13:41 16.384 ~DF5BA7.tmp 16.08.2005 13:41 16.384 ~DF5BC0.tmp 16.08.2005 13:41 16.384 ~DF50DE.tmp 16.08.2005 13:41 16.384 ~DF164A.tmp 16.08.2005 13:41 32.768 ~DFB4F7.tmp 16.08.2005 13:36 16.384 ~DFA5F5.tmp 16.08.2005 13:36 16.384 ~DFA60E.tmp 16.08.2005 13:36 16.384 ~DFA627.tmp 16.08.2005 13:36 16.384 ~DFA5DA.tmp 16.08.2005 13:31 16.384 ~DFD44D.tmp 16.08.2005 13:31 16.384 ~DFD498.tmp 16.08.2005 13:31 16.384 ~DFD47F.tmp 16.08.2005 13:31 16.384 ~DFD466.tmp 16.08.2005 13:30 352.146 SNDUpdater54U.log 16.08.2005 13:29 2.738 SNDunin.log 16.08.2005 13:28 16.384 ~DF8FDA.tmp 16.08.2005 13:28 16.384 ~DF76B5.tmp 16.08.2005 13:28 32.768 ~DFE25D.tmp 16.08.2005 13:26 3.121.518 Norton AntiVirus 2005 8-16-2005 13h23m45s.log 16.08.2005 13:06 0 aax3B5.tmp 16.08.2005 12:54 16.384 ~DF79CC.tmp 16.08.2005 12:54 16.384 ~DF79B2.tmp 16.08.2005 12:54 16.384 ~DF797C.tmp 16.08.2005 12:54 16.384 ~DF7996.tmp 16.08.2005 12:53 16.384 ~DFB844.tmp 16.08.2005 12:53 16.384 ~DFB82A.tmp 16.08.2005 12:53 16.384 ~DFB810.tmp 16.08.2005 12:53 16.384 ~DFB7F4.tmp 16.08.2005 12:42 16.384 ~DF33FC.tmp 16.08.2005 12:42 16.384 ~DF3416.tmp 16.08.2005 12:42 16.384 ~DF33C8.tmp 16.08.2005 12:42 16.384 ~DF33E2.tmp 16.08.2005 12:36 312 jar_cache30133.tmp 16.08.2005 03:45 16.384 ~DFCA28.tmp 16.08.2005 03:45 16.384 ~DFAB8B.tmp 16.08.2005 03:45 32.768 ~DF241.tmp 16.08.2005 03:37 16.384 ~DFF712.tmp 16.08.2005 03:37 16.384 ~DFD358.tmp 16.08.2005 03:37 32.768 ~DFB6C2.tmp 16.08.2005 03:14 3.698.162 Norton AntiVirus 2005 8-16-2005 3h2m51s.log 16.08.2005 02:54 16.384 ~DFE953.tmp 16.08.2005 02:54 16.384 ~DFE96C.tmp 16.08.2005 02:54 16.384 ~DFE93A.tmp 16.08.2005 02:54 16.384 ~DFE91F.tmp 16.08.2005 02:17 16.384 ~DF6819.tmp 16.08.2005 02:17 16.384 ~DF4A24.tmp 16.08.2005 02:17 32.768 ~DF7888.tmp 15.08.2005 02:35 0 aax47.tmp 15.08.2005 02:25 0 aax46.tmp 14.08.2005 23:13 0 aax32.tmp 14.08.2005 14:05 16.384 ~DFB8EE.tmp 14.08.2005 14:05 16.384 ~DF9A3F.tmp 14.08.2005 14:04 16.384 ~DFB2B4.tmp 14.08.2005 14:04 16.384 ~DFB268.tmp 14.08.2005 14:04 16.384 ~DFB282.tmp 14.08.2005 14:04 16.384 ~DFB29B.tmp 14.08.2005 13:57 16.384 ~DF6C11.tmp 14.08.2005 13:57 16.384 ~DF598F.tmp 14.08.2005 13:57 32.768 ~DF901C.tmp 14.08.2005 13:57 64.495 jusched.log 14.08.2005 06:03 0 aax13F.tmp 14.08.2005 05:45 16.384 ~DF8073.tmp 14.08.2005 05:45 16.384 ~DF8058.tmp 14.08.2005 05:45 16.384 ~DF803B.tmp 14.08.2005 05:45 16.384 ~DF801E.tmp 14.08.2005 05:20 16.384 ~DF9044.tmp 14.08.2005 05:20 16.384 ~DF9029.tmp 14.08.2005 05:20 16.384 ~DF900B.tmp 14.08.2005 05:20 16.384 ~DF8FF2.tmp 13.08.2005 23:45 16.384 ~DFC2C9.tmp 13.08.2005 23:45 16.384 ~DFC2A5.tmp 13.08.2005 23:45 16.384 ~DFC28B.tmp 13.08.2005 23:45 16.384 ~DFC271.tmp 13.08.2005 17:01 0 aax83.tmp 13.08.2005 00:22 3.554 dba9_appcompat.txt 12.08.2005 20:11 16.384 ~DF2749.tmp 12.08.2005 20:11 16.384 ~DF6B0.tmp 12.08.2005 20:11 32.768 ~DFBF8B.tmp 12.08.2005 19:24 512 ~DFC148.tmp 12.08.2005 19:24 512 ~DFC12A.tmp 12.08.2005 19:24 16.384 ~DFC13D.tmp 12.08.2005 19:24 16.384 ~DFC11B.tmp 12.08.2005 19:24 512 ~DFC10A.tmp 12.08.2005 19:24 16.384 ~DFC0F9.tmp 12.08.2005 19:24 512 ~DFC0EB.tmp 12.08.2005 19:24 16.384 ~DFC0DC.tmp 12.08.2005 18:45 512 ~DFF3B3.tmp 12.08.2005 18:45 16.384 ~DFF3A6.tmp 12.08.2005 18:45 512 ~DFF37E.tmp 12.08.2005 18:45 16.384 ~DFF36D.tmp 12.08.2005 18:45 512 ~DFF350.tmp 12.08.2005 18:45 16.384 ~DFF338.tmp 12.08.2005 18:45 512 ~DFF32A.tmp 12.08.2005 18:45 16.384 ~DFF31D.tmp 12.08.2005 18:00 512 ~DFABF4.tmp 12.08.2005 18:00 16.384 ~DFABD4.tmp 12.08.2005 18:00 512 ~DFABC6.tmp 12.08.2005 18:00 16.384 ~DFABAF.tmp 12.08.2005 18:00 512 ~DFABA0.tmp 12.08.2005 18:00 16.384 ~DFAB93.tmp 12.08.2005 18:00 512 ~DFAB85.tmp 12.08.2005 18:00 16.384 ~DFAB64.tmp 12.08.2005 17:26 98.377 java_install.log 12.08.2005 17:15 16.384 ~DF8F73.tmp 12.08.2005 17:15 512 ~DF8F7E.tmp 12.08.2005 17:15 512 ~DF8F65.tmp 12.08.2005 17:15 16.384 ~DF8F41.tmp 12.08.2005 17:15 512 ~DF8F4C.tmp 12.08.2005 17:15 16.384 ~DF8F5A.tmp 12.08.2005 17:15 512 ~DF8F2C.tmp 12.08.2005 17:15 16.384 ~DF8F21.tmp 12.08.2005 17:00 69.632 ~14.tmp 12.08.2005 16:49 16.384 ~DFB39.tmp 12.08.2005 16:49 512 ~DF580.tmp 12.08.2005 16:49 16.384 ~DF575.tmp 12.08.2005 13:45 32.768 ~DF9847.tmp 12.08.2005 10:59 16.384 ~DF13D.tmp 12.08.2005 10:59 16.384 ~DF122.tmp 12.08.2005 10:59 16.384 ~DF107.tmp 12.08.2005 10:59 16.384 ~DFE9.tmp 12.08.2005 10:29 16.384 ~DFF964.tmp 12.08.2005 10:29 16.384 ~DFF947.tmp 12.08.2005 10:29 16.384 ~DFF92B.tmp 12.08.2005 10:29 16.384 ~DFF910.tmp 12.08.2005 10:21 16.384 ~DFA7A8.tmp 12.08.2005 10:21 16.384 ~DFA78A.tmp 12.08.2005 10:21 16.384 ~DFA771.tmp 12.08.2005 10:21 16.384 ~DFA756.tmp 12.08.2005 09:54 16.384 ~DFB7C2.tmp 12.08.2005 09:54 16.384 ~DFB7A8.tmp 12.08.2005 09:54 16.384 ~DFB78C.tmp 12.08.2005 09:54 16.384 ~DFB772.tmp 12.08.2005 04:53 16.384 ~DF6C19.tmp 12.08.2005 04:53 16.384 ~DF6BF9.tmp 12.08.2005 04:53 16.384 ~DF6BDA.tmp 12.08.2005 04:53 16.384 ~DF6BBC.tmp 12.08.2005 04:48 16.384 ~DF9986.tmp 12.08.2005 04:48 16.384 ~DF999F.tmp 12.08.2005 04:48 16.384 ~DF996D.tmp 12.08.2005 04:48 16.384 ~DF9953.tmp 12.08.2005 03:37 16.384 ~DFF466.tmp 12.08.2005 03:37 16.384 ~DFEDAB.tmp 12.08.2005 03:30 32.768 ~DFCC62.tmp 12.08.2005 03:29 22.616 76af_appcompat.txt 12.08.2005 03:23 16.384 ~DF23CA.tmp 12.08.2005 03:23 16.384 ~DF23E3.tmp 12.08.2005 03:23 16.384 ~DF23FC.tmp 12.08.2005 03:23 16.384 ~DF23B0.tmp 12.08.2005 03:21 16.384 ~DFCB85.tmp 12.08.2005 03:21 16.384 ~DFAAEE.tmp 11.08.2005 20:35 32.768 ~DF9AE4.tmp 11.08.2005 20:23 0 31B616E.dmp 11.08.2005 20:12 512 ~DF558D.tmp 11.08.2005 20:12 512 ~DF5574.tmp 11.08.2005 20:12 16.384 ~DF5569.tmp 11.08.2005 20:12 16.384 ~DF5582.tmp 11.08.2005 20:12 512 ~DF5542.tmp 11.08.2005 20:12 16.384 ~DF5550.tmp 11.08.2005 20:12 512 ~DF555B.tmp 11.08.2005 20:12 16.384 ~DF5533.tmp 11.08.2005 19:53 49.152 ~DF245C.tmp 11.08.2005 19:20 16.384 ~DF2438.tmp 11.08.2005 19:20 16.384 ~DF2451.tmp 11.08.2005 19:20 16.384 ~DF246A.tmp 11.08.2005 19:20 512 ~DF2443.tmp 11.08.2005 19:20 512 ~DF242A.tmp 11.08.2005 19:20 512 ~DF2475.tmp 11.08.2005 19:20 16.384 ~DF241F.tmp 11.08.2005 18:57 0 aax52.tmp 11.08.2005 15:02 0 aax28.tmp 11.08.2005 15:01 16.384 ~DF7619.tmp 11.08.2005 15:01 512 ~DF7632.tmp 11.08.2005 15:01 16.384 ~DF7640.tmp 11.08.2005 15:01 512 ~DF764B.tmp 11.08.2005 15:01 512 ~DF760B.tmp 11.08.2005 15:01 16.384 ~DF75E5.tmp 11.08.2005 15:01 512 ~DF75F2.tmp 11.08.2005 15:01 16.384 ~DF7600.tmp 11.08.2005 13:30 16.384 Perflib_Perfdata_670.dat 11.08.2005 11:57 512 ~DFBD38.tmp 11.08.2005 11:57 16.384 ~DFBD2D.tmp 11.08.2005 11:57 512 ~DFBD1F.tmp 11.08.2005 11:57 16.384 ~DFBD14.tmp 11.08.2005 11:57 512 ~DFBD06.tmp 11.08.2005 11:57 16.384 ~DFBCFB.tmp 11.08.2005 11:57 512 ~DFBCED.tmp 11.08.2005 11:57 16.384 ~DFBCE0.tmp 11.08.2005 11:13 512 ~DF8E72.tmp 11.08.2005 11:13 16.384 ~DF8E67.tmp 11.08.2005 11:13 512 ~DF8E8B.tmp 11.08.2005 11:13 16.384 ~DF8E80.tmp 11.08.2005 11:13 16.384 ~DF8E4C.tmp 11.08.2005 11:13 512 ~DF8E59.tmp 11.08.2005 11:13 512 ~DF8E3E.tmp 11.08.2005 11:13 16.384 ~DF8E33.tmp 11.08.2005 05:55 16.384 ~DF6C91.tmp 11.08.2005 05:55 512 ~DF3004.tmp 11.08.2005 05:55 16.384 ~DF2CF9.tmp 11.08.2005 05:55 32.768 ~DF93CD.tmp 11.08.2005 05:34 26.112 3.exe 11.08.2005 04:38 16.384 ~DF4E79.tmp 11.08.2005 04:38 16.384 ~DF4747.tmp 11.08.2005 00:05 0 aax22.tmp 10.08.2005 23:59 0 aax21.tmp 10.08.2005 23:59 0 aax1E.tmp 10.08.2005 23:50 0 aax1C.tmp 10.08.2005 20:53 32.768 ~DF8E38.tmp 10.08.2005 15:41 16.384 Perflib_Perfdata_64c.dat 10.08.2005 15:14 0 aax152.tmp 10.08.2005 15:03 0 aax14F.tmp 10.08.2005 09:48 0 aax109.tmp 10.08.2005 00:27 0 aaxE6.tmp 10.08.2005 00:24 0 aaxE5.tmp 10.08.2005 00:22 0 aaxE4.tmp 09.08.2005 17:59 9.338 ICQCF.tmp 09.08.2005 17:59 3.698 ICQCE.tmp 09.08.2005 17:59 8.218 ICQCD.tmp 09.08.2005 17:59 2.990 ICQCC.tmp 09.08.2005 17:55 8.025 ICQC8.tmp 09.08.2005 17:55 2.858 ICQC7.tmp 09.08.2005 12:19 0 aax9F.tmp 09.08.2005 03:42 0 aax64.tmp 09.08.2005 03:39 0 aax63.tmp 09.08.2005 03:39 0 aax62.tmp 09.08.2005 03:39 0 aax61.tmp 09.08.2005 03:25 0 aax60.tmp 09.08.2005 03:18 0 aax5F.tmp 09.08.2005 03:18 0 aax5E.tmp 09.08.2005 03:11 0 aax5D.tmp 09.08.2005 03:02 0 aax5C.tmp 09.08.2005 03:02 0 aax5B.tmp 08.08.2005 22:40 32.768 ~DF8FFE.tmp 08.08.2005 20:18 16.384 ~DF6E81.tmp 08.08.2005 20:18 16.384 ~DF6E9C.tmp 08.08.2005 20:18 512 ~DF6EA7.tmp 08.08.2005 20:18 512 ~DF6E8E.tmp 08.08.2005 20:18 16.384 ~DF6E67.tmp 08.08.2005 20:18 512 ~DF6E73.tmp 08.08.2005 20:18 512 ~DF6E59.tmp 08.08.2005 20:18 16.384 ~DF6E4B.tmp 08.08.2005 19:52 64.954 a.cs 08.08.2005 19:30 32.768 ~DFF4B7.tmp 08.08.2005 17:43 512 ~DFF485.tmp 08.08.2005 17:43 512 ~DFF4D0.tmp 08.08.2005 17:43 16.384 ~DFF4C5.tmp 08.08.2005 17:43 512 ~DFF49E.tmp 08.08.2005 17:43 16.384 ~DFF479.tmp 08.08.2005 17:43 16.384 ~DFF4AC.tmp 08.08.2005 17:43 16.384 ~DFF493.tmp 08.08.2005 17:20 512 ~DF8403.tmp 08.08.2005 17:20 16.384 ~DF83F8.tmp 08.08.2005 17:20 16.384 ~DF83DF.tmp 08.08.2005 17:20 512 ~DF83EA.tmp 08.08.2005 17:20 512 ~DF83D1.tmp 08.08.2005 17:20 16.384 ~DF83C4.tmp 08.08.2005 17:20 512 ~DF83B6.tmp 08.08.2005 17:20 16.384 ~DF83AB.tmp 08.08.2005 15:43 0 aax45.tmp 08.08.2005 15:23 512 ~DFAD40.tmp 08.08.2005 15:23 512 ~DFAD27.tmp 08.08.2005 15:23 512 ~DFAD0E.tmp 08.08.2005 15:23 16.384 ~DFAD35.tmp 08.08.2005 15:23 16.384 ~DFAD1C.tmp 08.08.2005 15:23 16.384 ~DFAD01.tmp 08.08.2005 15:23 512 ~DFACF3.tmp 08.08.2005 15:23 16.384 ~DFACE8.tmp 08.08.2005 13:18 0 aax44.tmp 08.08.2005 04:34 16.384 Perflib_Perfdata_6ec.dat 08.08.2005 03:49 16.384 ~DFB554.tmp 08.08.2005 03:49 512 ~DFABDE.tmp 08.08.2005 03:49 16.384 ~DFABD2.tmp 08.08.2005 03:45 0 aax1A.tmp 08.08.2005 03:07 0 aax19.tmp 08.08.2005 02:00 0 WMM4.tmp 08.08.2005 01:01 336 c.cs 08.08.2005 01:01 32.768 ~DFF701.tmp 07.08.2005 01:17 0 aaxF.tmp 06.08.2005 20:36 32.768 ~DF955B.tmp 06.08.2005 20:16 0 8DB4330.dmp 06.08.2005 20:16 0 8DB42B3.dmp 06.08.2005 20:16 0 8DB4226.dmp 06.08.2005 20:16 3.554 3aca_appcompat.txt 06.08.2005 15:00 32.768 ~DFED5C.tmp 06.08.2005 14:45 49.152 ~DFEDEB.tmp 06.08.2005 13:45 16.384 ~DFED6A.tmp 06.08.2005 13:45 16.384 ~DFED2C.tmp 06.08.2005 13:45 512 ~DFED0C.tmp 06.08.2005 13:45 16.384 ~DFECAE.tmp 06.08.2005 13:45 512 ~DFEC27.tmp 06.08.2005 13:45 16.384 ~DFEB7E.tmp 06.08.2005 12:29 512 ~DF7DE9.tmp 06.08.2005 12:29 512 ~DF7E1B.tmp 06.08.2005 12:29 16.384 ~DF7DBC.tmp 06.08.2005 12:29 512 ~DF7DD0.tmp 06.08.2005 12:29 16.384 ~DF7DF7.tmp 06.08.2005 12:29 512 ~DF7E02.tmp 06.08.2005 12:29 16.384 ~DF7DDE.tmp 06.08.2005 12:29 16.384 ~DF7E10.tmp 06.08.2005 12:05 16.384 ~DF332B.tmp 06.08.2005 12:05 16.384 ~DF3312.tmp 06.08.2005 12:05 512 ~DF3304.tmp 06.08.2005 12:05 512 ~DF331D.tmp 06.08.2005 12:05 16.384 ~DF32F9.tmp 06.08.2005 12:05 512 ~DF3336.tmp 06.08.2005 12:05 512 ~DF32EB.tmp 06.08.2005 12:05 16.384 ~DF32D7.tmp 06.08.2005 12:01 16.384 ~DF77E1.tmp 06.08.2005 12:01 512 ~DF6FEF.tmp 06.08.2005 12:01 16.384 ~DF6FE4.tmp 26.08.2005 13:06 0 0.log 26.08.2005 13:06 410.704 WindowsUpdate.log 26.08.2005 13:05 2.048 bootstat.dat 26.08.2005 13:05 32.634 SchedLgU.Txt 26.08.2005 09:59 50.365 ERRORLOG.TXT 26.08.2005 09:59 54.156 QTFont.qfn 25.08.2005 15:51 242 IE4 Error Log.txt 24.08.2005 12:19 32.776 wmsetup.log 22.08.2005 12:20 49 NeroDigital.ini 22.08.2005 12:09 192 winamp.ini 19.08.2005 16:17 285.224 setupapi.log 19.08.2005 16:01 43.826 iis6.log 19.08.2005 16:01 91.036 comsetup.log 19.08.2005 16:01 132.040 tsoc.log 19.08.2005 16:01 1.374 imsins.log 19.08.2005 16:01 12.179 ocmsn.log 19.08.2005 16:01 58.349 ntdtcsetup.log 19.08.2005 16:01 7.854 KB899588.log 19.08.2005 16:01 202.745 ocgen.log 19.08.2005 16:01 16.741 msgsocm.log 19.08.2005 16:01 350.585 FaxSetup.log 19.08.2005 16:00 7.843 updspapi.log 16.08.2005 14:00 21.489 LUINSTALL.LOG 16.08.2005 13:55 8.780 SYMEVENT.LOG 16.08.2005 02:16 216 wiadebug.log 16.08.2005 02:13 1.409 QTFont.for 16.08.2005 02:13 503 win.ini 16.08.2005 02:13 227 system.ini 16.08.2005 01:46 50 wiaservc.log 15.08.2005 04:57 0 WS_FTP.CNV 15.08.2005 04:57 6 WS_FTP.EXT 12.08.2005 20:11 57.344 helper.exe 26.08.2005 13:20 0 sys.txt 26.08.2005 13:19 9.560 system.txt 26.08.2005 13:19 90.139 systemtemp.txt 26.08.2005 13:19 101.513 system32.txt 26.08.2005 13:05 1.072.484.352 hiberfil.sys 26.08.2005 13:05 1.610.612.736 pagefile.sys 16.08.2005 02:13 211 boot.ini Und nun ? Danke schonmal jetzt DANKE DANKE |
|
|
|
|
|
|
26.08.2005, 13:32
Ehrenmitglied
Beiträge: 29434 |
#13
warum hast du die pfade nicht mit abkopiert ??????????? Ich bin kein Hellseher....
loesche:--> mit der killbox C:\WINDOWS\helper.exe C:\WINDOWS\System32\dllsys.dll c:\windows\url.dat c:\windows\system32\winldr.ini c:\windows\system32\mail.dat du solltest mit CCleaner alle temp-Dateien loeschen....aber hast es nicht gemacht . also. bitte durchfuehren und dann die bat-Dateien noch mal posten --> bis zum 10.08 !!!!!!!! __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.08.2005, 13:52
Member
Beiträge: 23 |
#14
Verzeichnis von C:\WINDOWS\system32
26.08.2005 10:05 1.158 wpa.dbl 16.08.2005 13:24 75 LuResult.txt 12.08.2005 17:26 3.741 jupdate-1.5.0_04-b05.log Verzeichnis von C:\DOKUME~1\Andre\LOKALE~1\Temp 26.08.2005 13:47 16.384 ~DFEC18.tmp 26.08.2005 13:47 16.384 Perflib_Perfdata_bc.dat 26.08.2005 13:47 512 ~DFC056.tmp 26.08.2005 13:47 16.384 ~DFBFCB.tmp 26.08.2005 13:46 32.768 ~DFB376.tmp Verzeichnis von C:\WINDOWS 26.08.2005 13:47 413.377 WindowsUpdate.log 26.08.2005 13:46 2.048 bootstat.dat 26.08.2005 13:45 32.634 SchedLgU.Txt 26.08.2005 09:59 54.156 QTFont.qfn 22.08.2005 12:20 49 NeroDigital.ini 22.08.2005 12:09 192 winamp.ini 16.08.2005 02:13 1.409 QTFont.for 16.08.2005 02:13 227 system.ini 16.08.2005 02:13 503 win.ini 15.08.2005 04:57 0 WS_FTP.CNV 15.08.2005 04:57 6 WS_FTP.EXT Verzeichnis von C:\ 26.08.2005 13:51 0 sys.txt 26.08.2005 13:51 4.418 system.txt 26.08.2005 13:51 495 systemtemp.txt 26.08.2005 13:50 101.371 system32.txt 26.08.2005 13:46 1.072.484.352 hiberfil.sys 26.08.2005 13:46 1.610.612.736 pagefile.sys 16.08.2005 02:13 211 boot.ini so ? |
|
|
|
|
|
|
26.08.2005, 14:14
Ehrenmitglied
Beiträge: 29434 |
#15
Hallo@FresH
sehr schoen nun deaktiviere noch die Systemwiederherstellung (dann wieder aktivieren) http://virus-protect.org/Systemwiederherstellung.html Klicke nicht mehr auf jede Mail, die du so bekommst, denn hast du auch keine Probleme mehr ... http://virus-protect.org/phishing1.html Alles Gute fuer dich + PC __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
mein Norton AntiVirus gibt mir folgende Meldung: Backdoor.Nibu.L
im Objetkt C:\Windows\dvpd.dll
Wer kann mir hierbei helfen???!!!
Grüsse
Alex