elitecdx32.exe, eliterrn32.exe, pokapoka70.exe entfernen

#1 Hallo kann mit vielleicht einer sagen wie ich diese Daten entferne.

Logfile of HijackThis v1.99.1
Scan saved at 21:56:46, on 26.09.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\etb\pokapoka70.exe
C:\Dokumente und Einstellungen\x\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [lsass] C:\windows\system32\elitecdx32.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliterrn32.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127760336358
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Keyboard Service System Files (Keyboard Service) - Unknown owner - C:\WINDOWS\System32\keyboard.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe

#2 Du hast zwei Virenscanner installiert. Das ist nicht gut.

Du hast Dich nicht um Windowsupdates bemüht. Das ist auch nicht gut.

HijackThis (HJT) hat offenbar nicht alle Informationen sammeln können.

Ich würde Dir empfehlen, Dein Windows neu zu installieren. Andernfalls versuche es damit:

Fixe im HJT folgende Einträge, indem Du ein Häkchen setzt und anschließend auf "fix checked" klickst:

O4 - HKLM\..\Run: [lsass] C:\windows\system32\elitecdx32.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliterrn32.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing)

Arbeite folgendes ab: http://managor.de/killbox.htm
die zu löschenden Dateien sind:

C:\WINDOWS\System32\SCardClnt.exe
C:\WINDOWS\etb\pokapoka70.exe
C:\windows\system32\eliterrn32.exe
C:\windows\system32\elitecdx32.exe

Der PC wird neugestartet. Arbeite folgendes ab:
http://virus-protect.org/datfindbat.html

Poste aus den daraus resultierenden vier Log-Dateien die Einträge der vergangenen drei Wochen (vor jedem Eintrag steht ein Datum).

Mache einen Scan mit eScanCheck: http://managor.de/escan.htm
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

#3 PC kommt vom bekannten und ich darf ihn wider heile machen
1 Virenscanner wurde eigentlich deaktiviert gucke ich aber noch mal nach.
da er noch mit modem surft erklärt sich das Problem mit den Automatischen Updates. bin gerade dabei das nach zu hollen.

habe die anderem 76 Viren und Würmer entfernen können

#4 Hallo@konmin

ich habe schon mal versucht, einen PC mit diesem Virus zu "heilen"...sehr, sehr schwer...Vielleicht hat ja der Virenscanner schon alles beseitigt.....

aber du kannst es versuchen:

CCleaner (loesche alle temp-Dateien)
http://virus-protect.org/temp.html

poste alle 4 Logs (mit der pfadangabe oben)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#5 ich glaube der virus ist jetzt weg

jedenfall kommt keine virenmeldung mehr und das ist noch mal die Logfile


Logfile of HijackThis v1.99.1
Scan saved at 18:25:31, on 27.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\x\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127764943764
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127760336358
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Keyboard Service System Files (Keyboard Service) - Unknown owner - C:\WINDOWS\System32\keyboard.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe

#6 Mache dennoch die Schritte, die Sabina vorgeschlagen hat. Außerdem einen Scan mit eScanCheck und poste das Ergebnis: http://managor.de/escan.htm
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

#7 hier erstmal die 4 Logs

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2664-1BFA

Verzeichnis von C:\WINDOWS\system32

27.09.2005 20:14 311.604 perfh009.dat
27.09.2005 20:14 48.156 perfc007.dat
27.09.2005 20:14 316.594 perfh007.dat
27.09.2005 20:14 723.744 PerfStringBackup.INI
27.09.2005 20:14 39.992 perfc009.dat
27.09.2005 18:11 13.060 wpa.dbl
27.09.2005 18:10 269 spupdwxp.log
27.09.2005 18:09 255.280 FNTCACHE.DAT
16.09.2005 23:24 552 d3d8caps.dat
10.09.2005 21:51 0 TFTP3700
09.09.2005 23:10 0 TFTP1416
08.09.2005 21:36 2.006.368 MRT.exe
08.09.2005 20:57 1.530 VFP8Rerr.log
28.07.2005 14:52 91.856 S32EVNT1.DLL
23.07.2005 00:05 0 TFTP3828
14.07.2005 16:45 98.304 CmdLineExt.dll
08.07.2005 23:12 0 TFTP3524
03.06.2005 14:05 86 HKLM_vba_del.reg
03.06.2005 13:29 142 HKLM_vba_idg.reg
03.06.2005 11:41 936 elektra.cer
26.05.2005 14:16 0 TFTP2896
26.05.2005 04:19 173.536 wuweb.dll
26.05.2005 04:19 178.408 muweb.dll
26.05.2005 04:16 18.200 wups2.dll
26.05.2005 04:16 41.240 wups.dll
26.05.2005 04:16 1.343.768 wuaueng.dll
26.05.2005 04:16 198.424 iuengine.dll
26.05.2005 04:16 75.544 cdm.dll
26.05.2005 04:16 174.872 wuauclt1.exe
26.05.2005 04:16 124.696 wuauclt.exe
26.05.2005 04:16 128.232 mucltui.dll
26.05.2005 04:16 128.280 wucltui.dll
26.05.2005 04:16 194.840 wuaueng1.dll
26.05.2005 04:16 466.200 wuapi.dll
26.05.2005 04:16 174.872 wuaucpl.cpl
08.05.2005 01:33 56 9C806BC632.sys
08.05.2005 01:33 10.022 KGyGaAvL.sys
05.05.2005 18:19 0 TFTP3276
05.05.2005 18:01 0 TFTP2768
05.04.2005 11:17 132.824 SymRedir.dll
05.04.2005 11:17 517.848 SymNeti.dll
31.03.2005 22:48 0 TFTP3476
31.03.2005 22:33 0 TFTP2520
31.03.2005 21:02 0 TFTP2724
20.03.2005 21:00 74.752 TFTP3032
20.03.2005 20:39 0 TFTP2676
20.03.2005 20:27 0 TFTP2608
31.01.2005 12:19 1.073.152 cdintf210.dll
26.01.2005 21:37 0 TFTP3640
26.01.2005 19:28 92.672 elitedoolsav.dat
26.01.2005 19:28 92.672 doolsav.dat
24.01.2005 19:47 17.212 SIntf32.dll
24.01.2005 19:47 21.840 SIntfNT.dll
24.01.2005 19:47 12.067 SIntf16.dll
21.01.2005 21:30 124.168 SymStore.dll
04.01.2005 22:17 23.392 nscompat.tlb
04.01.2005 22:17 16.832 amcompat.tlb
29.12.2004 17:23 118.797 AdobeFnt.lst
15.12.2004 13:09 48.128 TFTP2180
15.12.2004 12:52 1.081.344 TFTP2292
15.12.2004 12:41 54.784 TFTP2868
15.12.2004 11:46 0 TFTP2936
14.12.2004 15:15 16.896 TFTP2440
14.12.2004 12:24 466.944 capicom.dll
14.12.2004 11:56 0 TFTP3092
10.12.2004 14:11 0 TFTP2012
03.12.2004 07:20 122.880 pskill.exe
07.09.2004 02:51 49.152 cncisco.dll
07.09.2004 02:39 557.056 CNCC110.DLL
07.09.2004 02:38 90.112 CNCI110.DLL
27.08.2004 09:10 94.208 CNCL110.DLL
18.08.2004 09:34 442.368 vp6vfw.dll
16.08.2004 22:00 116.736 CNMLM6f.DLL
16.08.2004 22:00 7.680 CNMVS6f.DLL

--------------------------------------------------

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2664-1BFA

Verzeichnis von C:\DOKUME~1\x\LOKALE~1\Temp

----------------------------------------------------


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2664-1BFA

Verzeichnis von C:\WINDOWS

27.09.2005 20:24 412.239 WindowsUpdate.log
27.09.2005 20:10 159 wiadebug.log
27.09.2005 20:10 2.048 bootstat.dat
27.09.2005 20:09 32.560 SchedLgU.Txt
27.09.2005 20:09 50 wiaservc.log
27.09.2005 19:57 227 system.ini
27.09.2005 19:57 654 win.ini
27.09.2005 18:11 316.640 WMSysPr9.prx
26.09.2005 22:29 1.448.092 setupapi.log.0.old
26.09.2005 19:20 122 wininit.ini
25.09.2005 18:41 627 ODBC.INI
14.09.2005 21:18 67 _DelItA.bat
12.09.2005 21:32 12.854 ModemLog_Generic SoftK56.txt
10.09.2005 21:49 104 telephon.ini
04.09.2005 21:40 267 NSE_RD.INI
01.09.2005 23:24 463 NSERTS.INI
30.08.2005 19:10 3.554 GAUSS.INI
26.08.2005 21:29 4.352 ODBCINST.INI
26.08.2005 21:07 3.216 cmbtctl.ini
26.08.2005 17:12 18.470 GOTH_ILS.TXT
26.08.2005 17:11 312 BSTART.INI
20.06.2005 22:05 18.448 System32can4d
19.06.2005 01:18 516 MAXLINK.INI
13.06.2005 12:04 9.662 riverbell.ico
01.04.2005 08:49 20.480 Amyopt.exe
22.03.2005 15:48 622.592 GSPDeinstall.exe
22.03.2005 14:45 3.535 gspdeinstall.ini
15.03.2005 20:41 0 win64filex.inf
02.02.2005 21:24 0 winifile2534.inf
24.01.2005 16:37 595 SIERRA.INI
17.12.2004 14:37 333 rrm.ini
15.12.2004 21:36 766 CoD.INI
11.12.2004 13:39 1.922 eReg.dat
10.12.2004 15:36 56 CoverDes.INI
02.12.2004 18:47 393 DAYTONAD.INI
29.11.2004 21:17 27 TSD.INI
27.11.2004 16:25 299.552 WMSysPrx.prx
16.11.2004 18:41 2.615 ACROREAD.INI
08.11.2004 18:39 143.872 kfm2unins.exe

--------------------------------------------------------

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2664-1BFA

Verzeichnis von C:\

27.09.2005 20:30 0 sys.txt
27.09.2005 20:29 7.114 system.txt
27.09.2005 20:29 129 systemtemp.txt
27.09.2005 20:29 105.175 system32.txt
27.09.2005 20:27 4 AVPCallback.log
27.09.2005 20:10 401.842.176 pagefile.sys
27.09.2005 19:57 211 boot.ini
27.09.2005 12:43 47.564 NTDETECT.COM
27.09.2005 12:43 251.184 ntldr
26.09.2005 19:08 97.792 EliteToolBar version 60.dll
14.09.2005 21:05 56 FxSasser.log
13.09.2005 22:20 0 Debug.log
13.09.2005 21:08 55 FixBlast.log
12.09.2005 20:16 717 tmp.txt
26.08.2005 21:21 1 WALK
02.06.2005 14:21 132.217 rt.exe
11.02.2005 14:34 3.994 Audio1.nra
11.02.2005 14:34 690.139.468 Image.nrg
01.02.2005 22:15 236 lc.html
30.12.2004 22:37 4.620 baseclasses.log
29.12.2004 17:20 13.783 MP31.nr3
23.12.2004 20:22 4.713 log.txt
10.12.2004 15:13 714.537.044 DISK MP3.nrg
08.12.2004 20:25 399.603.382 Imageparis.nrg
08.09.2004 14:41 0 DBS.TXT
11.08.2004 00:05 17 PCGSTART.BAT
17.05.2004 21:03 13 win2.log
17.05.2004 18:20 147 streetflyter.sav
07.05.2004 12:20 11.308 EUGEN.MIX
06.05.2004 18:48 11.308 WOWA.MIX
05.05.2004 17:00 11.308 DENNIS.MIX
05.05.2004 16:49 11.308 MUSIK.MIX
03.05.2004 20:24 11.308 SIMS.EXE
02.05.2004 13:40 2.715.928 WindowsXP-KB835732-x86-DEU.EXE
02.05.2004 13:37 153.744 FxSasser.exe
22.04.2004 15:41 46.469 dxdiag.txt
23.03.2004 19:52 122 kidstation.sav
16.02.2004 14:05 245 debugInstaller.txt
25.11.2003 19:41 26.488 MDacLog.txt
24.11.2003 17:48 6.368 pltemp.ini
21.11.2003 21:10 0 AUTOEXEC.NAV


-----------------------------------------------------------


UND HIER NOCH MAL DER SCAN CHECK




--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Tue Sep 27 20:34:58 2005 => Offending file found: C:\elitetoolbar version 60.dll
2: Tue Sep 27 20:34:58 2005 => System found infected with elite toolbar Spyware/Adware (elitetoolbar version 60.dll)! Action taken: No Action Taken.
3: Tue Sep 27 20:35:04 2005 => Offending file found: C:\Dokumente und Einstellungen\x\Desktop\schena\eigene dateien\nba live 2004\settings\settings.dat
4: Tue Sep 27 20:35:04 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
5: Tue Sep 27 20:35:04 2005 => Offending file found: C:\Dokumente und Einstellungen\x\Desktop\schena\eigene dateien\nba live 2004\saves\001\settings.dat
6: Tue Sep 27 20:35:04 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
7: Tue Sep 27 20:35:04 2005 => Offending file found: C:\Dokumente und Einstellungen\x\Desktop\schena\eigene dateien\nba live 2004\saves\000\settings.dat
8: Tue Sep 27 20:35:04 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
9: Tue Sep 27 20:35:43 2005 => File C:\WINDOWS\system32\log32.dat infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
10: Tue Sep 27 20:38:00 2005 => File C:\WINDOWS\system32\csrss_log.dat infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
11: Tue Sep 27 20:38:47 2005 => File C:\WINDOWS\system32\eliteerror32.dat infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
12: Tue Sep 27 20:38:47 2005 => File C:\WINDOWS\system32\temperror32.dat infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
13: Tue Sep 27 20:39:32 2005 => File C:\WINDOWS\system32\ShellExt\tcMGp.EXE infected by "Trojan.Win32.Delf.bj" Virus! Action Taken: No Action Taken.
14: Tue Sep 27 20:41:28 2005 => File C:\WINDOWS\system32\log32.dat infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
15: Tue Sep 27 20:45:16 2005 => File C:\WINDOWS\system32\csrss_log.dat infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
16: Tue Sep 27 20:46:14 2005 => File C:\WINDOWS\system32\eliteerror32.dat infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
17: Tue Sep 27 20:46:15 2005 => File C:\WINDOWS\system32\temperror32.dat infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
18: Tue Sep 27 21:46:43 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
19: Tue Sep 27 21:46:43 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\pokapoka70.VIR
20: Tue Sep 27 21:46:43 2005 => File C:\Programme\AVPersonal\INFECTED\pokapoka70.VIR tagged as "not-a-virus:AdWare.ToolBar.EliteBar.au". Action Taken: No Action Taken.
21: Tue Sep 27 21:46:43 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\wuampd.VIR
22: Tue Sep 27 21:46:45 2005 => File C:\Programme\AVPersonal\INFECTED\wuampd.VIR infected by "Backdoor.Win32.Rbot.c" Virus! Action Taken: No Action Taken.
23: Tue Sep 27 21:46:45 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\p6.VIR
24: Tue Sep 27 21:46:45 2005 => File C:\Programme\AVPersonal\INFECTED\p6.VIR infected by "Backdoor.Win32.Rbot.sh" Virus! Action Taken: No Action Taken.
25: Tue Sep 27 21:46:45 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\icp.VIR
26: Tue Sep 27 21:46:46 2005 => File C:\Programme\AVPersonal\INFECTED\icp.VIR infected by "Backdoor.Win32.Rbot.c" Virus! Action Taken: No Action Taken.
27: Tue Sep 27 21:46:46 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\wf32vbs.VIR
28: Tue Sep 27 21:46:46 2005 => File C:\Programme\AVPersonal\INFECTED\wf32vbs.VIR infected by "Trojan.Win32.Crypt.d" Virus! Action Taken: No Action Taken.
29: Tue Sep 27 21:46:46 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\ELITERRN32.EXE.VIR
30: Tue Sep 27 21:46:46 2005 => File C:\Programme\AVPersonal\INFECTED\ELITERRN32.EXE.VIR infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
31: Tue Sep 27 21:46:46 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\ELITECDX32.EXE.VIR
32: Tue Sep 27 21:46:46 2005 => File C:\Programme\AVPersonal\INFECTED\ELITECDX32.EXE.VIR infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
33: Tue Sep 27 21:46:46 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\PRE2[1].EXE.VIR
34: Tue Sep 27 21:46:46 2005 => File C:\Programme\AVPersonal\INFECTED\PRE2[1].EXE.VIR infected by "Trojan-Downloader.Win32.Small.bnd" Virus! Action Taken: No Action Taken.
35: Tue Sep 27 21:46:46 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\PRE2[2].EXE.VIR
36: Tue Sep 27 21:46:46 2005 => File C:\Programme\AVPersonal\INFECTED\PRE2[2].EXE.VIR infected by "Trojan-Downloader.Win32.Small.bnd" Virus! Action Taken: No Action Taken.
37: Tue Sep 27 21:46:47 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\PRE2[3].EXE.VIR
38: Tue Sep 27 21:46:47 2005 => File C:\Programme\AVPersonal\INFECTED\PRE2[3].EXE.VIR infected by "Trojan-Downloader.Win32.Small.bnd" Virus! Action Taken: No Action Taken.
39: Tue Sep 27 21:47:49 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0245080.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
40: Tue Sep 27 21:47:49 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0245081.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
41: Tue Sep 27 21:47:52 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0245126.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
42: Tue Sep 27 21:47:52 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0245127.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
43: Tue Sep 27 21:47:59 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0245172.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
44: Tue Sep 27 21:47:59 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0245173.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
45: Tue Sep 27 21:48:03 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0245218.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
46: Tue Sep 27 21:48:04 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0245219.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
47: Tue Sep 27 21:48:11 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0245264.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
48: Tue Sep 27 21:48:11 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0245265.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
49: Tue Sep 27 21:48:19 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0245310.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
50: Tue Sep 27 21:48:20 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0245311.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
51: Tue Sep 27 21:48:21 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0246292.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
52: Tue Sep 27 21:48:21 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0246293.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
53: Tue Sep 27 21:48:29 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0246335.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
54: Tue Sep 27 21:48:29 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0246336.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
55: Tue Sep 27 21:48:30 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0246354.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
56: Tue Sep 27 21:48:32 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0246385.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
57: Tue Sep 27 21:48:38 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247355.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
58: Tue Sep 27 21:48:45 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247381.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
59: Tue Sep 27 21:48:45 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247383.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
60: Tue Sep 27 21:48:47 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247433.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
61: Tue Sep 27 21:48:48 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247435.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
62: Tue Sep 27 21:48:55 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247492.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
63: Tue Sep 27 21:48:55 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247493.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
64: Tue Sep 27 21:49:03 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247538.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
65: Tue Sep 27 21:49:03 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247540.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
66: Tue Sep 27 21:49:03 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247541.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
67: Tue Sep 27 21:49:07 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247587.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
68: Tue Sep 27 21:49:13 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247630.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
69: Tue Sep 27 21:49:13 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247631.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
70: Tue Sep 27 21:49:14 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247632.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
71: Tue Sep 27 21:49:20 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247674.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
72: Tue Sep 27 21:49:21 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0247675.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
73: Tue Sep 27 21:49:23 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0248675.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
74: Tue Sep 27 21:49:23 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0248676.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
75: Tue Sep 27 21:49:23 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0248677.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
76: Tue Sep 27 21:49:29 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0248719.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
77: Tue Sep 27 21:49:29 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0248721.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
78: Tue Sep 27 21:49:30 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0248722.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
79: Tue Sep 27 21:49:31 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0249693.DLL infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
80: Tue Sep 27 21:49:32 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0249694.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
81: Tue Sep 27 21:49:38 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0249759.DLL infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
82: Tue Sep 27 21:49:39 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0249760.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
83: Tue Sep 27 21:49:39 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0249761.DLL infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
84: Tue Sep 27 21:49:41 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0249812.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
85: Tue Sep 27 21:49:41 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0249813.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
86: Tue Sep 27 21:49:45 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0249856.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
87: Tue Sep 27 21:49:45 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0249858.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
88: Tue Sep 27 21:49:46 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0249859.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
89: Tue Sep 27 21:49:50 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0250857.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
90: Tue Sep 27 21:49:50 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0250858.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
91: Tue Sep 27 21:49:51 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0250859.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
92: Tue Sep 27 21:49:59 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0250884.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
93: Tue Sep 27 21:49:59 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0250886.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
94: Tue Sep 27 21:50:00 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0250887.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
95: Tue Sep 27 21:50:06 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0250918.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
96: Tue Sep 27 21:50:07 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0250920.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
97: Tue Sep 27 21:50:07 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0250921.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
98: Tue Sep 27 21:50:14 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0251899.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
99: Tue Sep 27 21:50:14 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0251900.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
100: Tue Sep 27 21:50:15 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0251912.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
101: Tue Sep 27 21:50:15 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0251913.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
102: Tue Sep 27 21:50:18 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0251943.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
103: Tue Sep 27 21:50:18 2005 => File C:\System Volume Information\_restore{AEDD068B-F5E9-47A8-9E43-5DA5184A7819}\RP138\A0251944.dll infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
21:15 2005 => File C:\System Volume Information

#8 formatiere bitte, da ist nichts mehr zu retten...

C:\WINDOWS\system32\temperror32.dat
C:\WINDOWS\system32\csrss_log.dat
10.09.2005 21:51 0 TFTP3700
09.09.2005 23:10 0 TFTP1416
23.07.2005 00:05 0 TFTP3828
08.07.2005 23:12 0 TFTP3524
26.05.2005 14:16 0 TFTP2896
05.05.2005 18:19 0 TFTP3276
05.05.2005 18:01 0 TFTP2768
31.03.2005 22:48 0 TFTP3476
31.03.2005 22:33 0 TFTP2520
31.03.2005 21:02 0 TFTP2724
20.03.2005 21:00 74.752 TFTP3032
20.03.2005 20:39 0 TFTP2676
20.03.2005 20:27 0 TFTP2608
26.01.2005 21:37 0 TFTP3640
26.01.2005 19:28 92.672 elitedoolsav.dat
26.01.2005 19:28 92.672 doolsav.dat
15.12.2004 13:09 48.128 TFTP2180
15.12.2004 12:52 1.081.344 TFTP2292
15.12.2004 12:41 54.784 TFTP2868
15.12.2004 11:46 0 TFTP2936
14.12.2004 15:15 16.896 TFTP2440
14.12.2004 11:56 0 TFTP3092
10.12.2004 14:11 0 TFTP2012
03.12.2004 07:20 122.880 pskill.exe

26.09.2005 19:08 97.792 EliteToolBar version 60.dll
01.02.2005 22:15 236 lc.html
02.06.2005 14:21 132.217 rt.exe

und dann bitte die WindowsUpdates laden, damit sich nicht Viren und BACKDOOR und Wuermer auf deinem PC wie zu Hause fuehlen.....
__________
MfG Sabina

rund um die PC-Sicherheit