möglicher trojaner ?!! kann bitte jemand mein hijackthislogfile überprüfen?

#16 ich kann nichts mehr sehen
__________
MfG Sabina

rund um die PC-Sicherheit

#17 ok gut freut mich also wenn ich wieder ein problem habe weiss ich ja wo mir geholfen wird :-)
thx minaaa
schönes we noch

#18 hey freaks! könnte jemand bitte mein logfile mal angucken, was da so drauf ist und weg muss. beim öffnen von seiten mit dem internetexplorer (nicht mit firefox!!) öffnet sich immer ein fenster mit "errorsafe". war schon auf der seite von hijack und hab mein logfile darein kopiert und schon 2 sachen gelöscht, jedoch bin ich mir bei den anderen nicht sicher. kenn mich damit nicht aus, bitte helft mir.

mfg manu
hier nun das logfile:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\winfast.exe
C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.EXE
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\TV Movie\TV Movie ClickFinder\tvdbaccess.exe
C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\ICQLite\ICQLite.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Dokumente und Einstellungen\MS\Desktop\Neuer Ordner (2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [_WinProc] C:\WINDOWS\winfast.exe
O4 - HKLM\..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.EXE /m
O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] C:\Programme\Purgatio Pro22\checker.exe /check
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {5CF0F1D2-1D22-499D-93A1-8126F28412F4} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/12b59a1dbbc2c6658a05/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097566082250
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp05.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll
O20 - Winlogon Notify: ddaby - C:\WINDOWS\SYSTEM32\ddaby.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

#19 seaking

Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\SYSTEM32\ddaby.dll
__________
MfG Sabina

rund um die PC-Sicherheit

#20 jo tach! ja sorry mit den zweimal posten. war mir nur nicht so sicher,ob ich hier nochmal was reinschreiben hätte sollen. ** naja jezz is eh zu spät....

hier nun das ergebnis (wohl weniger vielversprechend oder?):

This is a report processed by VirusTotal on 01/20/2006 at 14:06:05 (CET) after scanning the file "hijackthis2" file.

Antivirus Version Update Result
AntiVir 6.33.0.77 01.20.2006 no virus found
Avast 4.6.695.0 01.18.2006 no virus found
AVG 718 01.19.2006 no virus found
Avira 6.33.0.77 01.20.2006 no virus found
BitDefender 7.2 01.20.2006 no virus found
CAT-QuickHeal 8.00 01.18.2006 no virus found
ClamAV devel-20051123 01.19.2006 no virus found
DrWeb 4.33 01.20.2006 no virus found
eTrust-InoculateIT 23.71.55 01.20.2006 no virus found
eTrust-Vet 12.4.2052 01.20.2006 no virus found
Ewido 3.5 01.20.2006 no virus found
Fortinet 2.54.0.0 01.20.2006 no virus found
F-Prot 3.16c 01.19.2006 no virus found
Ikarus 0.2.59.0 01.20.2006 no virus found
Kaspersky 4.0.2.24 01.20.2006 no virus found
McAfee 4678 01.19.2006 no virus found
NOD32v2 1.1372 01.19.2006 no virus found
Norman 5.70.10 01.19.2006 no virus found
Panda 9.0.0.4 01.19.2006 no virus found
Sophos 4.01.0 01.20.2006 no virus found
Symantec 8.0 01.20.2006 no virus found
TheHacker 5.9.2.077 01.20.2006 no virus found
UNA 1.83 01.19.2006 no virus found
VBA32 3.10.5 01.19.2006 no virus found

#21 ich weiss nicht, was du gemacht hast...aber das richtige war es nicht.

du musst scannen:
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\SYSTEM32\ddaby.dll

und nicht hijackthis2

Zitat

14:06:05 (CET) after scanning the file "hijackthis2" file.

ich weiss, dass es Viren sind
awvtt.dll
ddaby.dll
...aber ich will wissen...welche.
__________
MfG Sabina

rund um die PC-Sicherheit

#22 tach! ....ich sag doch ich kenn mich damit nicht aus ;-)

also hier der erste scan:

This is a report processed by VirusTotal on 01/21/2006 at 13:01:55 (CET) after scanning the file "awvtt.dll" file.

Antivirus Version Update Result
AntiVir 6.33.0.77 01.20.2006 ADSPY/Virtumonde.U
Avast 4.6.695.0 01.20.2006 no virus found
AVG 718 01.20.2006 no virus found
Avira 6.33.0.77 01.20.2006 ADSPY/Virtumonde.U
BitDefender 7.2 01.21.2006 no virus found
CAT-QuickHeal 8.00 01.21.2006 no virus found
ClamAV devel-20051123 01.21.2006 no virus found
DrWeb 4.33 01.20.2006 no virus found
eTrust-InoculateIT 23.71.56 01.21.2006 no virus found
eTrust-Vet 12.4.2052 01.20.2006 Win32/Vundo
Ewido 3.5 01.20.2006 no virus found
Fortinet 2.54.0.0 01.21.2006 suspicious
F-Prot 3.16c 01.20.2006 no virus found
Ikarus 0.2.59.0 01.20.2006 no virus found
Kaspersky 4.0.2.24 01.21.2006 not-a-virus:AdWare.Win32.Virtumonde.gen
McAfee 4679 01.20.2006 Vundo
NOD32v2 1.1373 01.20.2006 no virus found
Norman 5.70.10 01.20.2006 no virus found
Panda 9.0.0.4 01.21.2006 Suspicious file
Sophos 4.01.0 01.21.2006 no virus found
Symantec 8.0 01.21.2006 no virus found
TheHacker 5.9.2.078 01.20.2006 no virus found
UNA 1.83 01.21.2006 no virus found
VBA32 3.10.5 01.20.2006 no virus found


und der zweite:

This is a report processed by VirusTotal on 01/21/2006 at 13:03:53 (CET) after scanning the file "ddaby.dll" file.

Antivirus Version Update Result
AntiVir 6.33.0.77 01.20.2006 TR/Dldr.ConHook.Q.2
Avast 4.6.695.0 01.20.2006 no virus found
AVG 718 01.20.2006 no virus found
Avira 6.33.0.77 01.20.2006 TR/Dldr.ConHook.Q.2
BitDefender 7.2 01.21.2006 no virus found
CAT-QuickHeal 8.00 01.21.2006 no virus found
ClamAV devel-20051123 01.21.2006 no virus found
DrWeb 4.33 01.20.2006 no virus found
eTrust-InoculateIT 23.71.56 01.21.2006 no virus found
eTrust-Vet 12.4.2052 01.20.2006 Win32/Chisyne!generic
Ewido 3.5 01.20.2006 Adware.Virtumonde
Fortinet 2.54.0.0 01.21.2006 suspicious
F-Prot 3.16c 01.20.2006 no virus found
Ikarus 0.2.59.0 01.20.2006 no virus found
Kaspersky 4.0.2.24 01.21.2006 not-a-virus:AdWare.Win32.Virtumonde.gen
McAfee 4679 01.20.2006 potentially unwanted program Adware-Virtumundo
NOD32v2 1.1373 01.20.2006 a variant of Win32/TrojanDownloader.ConHook
Norman 5.70.10 01.20.2006 no virus found
Panda 9.0.0.4 01.21.2006 Spyware/Virtumonde
Sophos 4.01.0 01.21.2006 no virus found
Symantec 8.0 01.21.2006 no virus found
TheHacker 5.9.2.078 01.20.2006 no virus found
UNA 1.83 01.21.2006 no virus found
VBA32 3.10.5 01.20.2006 AdWare.Win32.Virtumonde.gen

#23 seaking

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#24 so ich hoffe, dass ich alles richtig gemacht habe.....

1.

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 083B-2EA7

Verzeichnis von C:\WINDOWS\system32

22.01.2006 13:08 311.707 ttvwa.ini
22.01.2006 13:06 311.621 ttvwa.bak2
22.01.2006 13:06 20.854 FFASTLOG.TXT
22.01.2006 13:06 21.332 nvapps.xml
22.01.2006 13:05 311.643 ttvwa.ini2
22.01.2006 12:56 2.206 wpa.dbl
11.01.2006 19:47 101.888 VB6STKIT.DLL
11.01.2006 19:47 89.360 VB5DB.DLL
11.01.2006 19:47 33.792 CMDLGDE.DLL
11.01.2006 19:47 65.539 ZGraph.ocx
11.01.2006 19:47 198.640 MCI32.OCX
11.01.2006 19:47 34.816 MCIDE.DLL
11.01.2006 19:47 118.784 MSSTDFMT.DLL
11.01.2006 19:47 6.656 STDFTDE.DLL
11.01.2006 19:47 125.712 VB6DE.DLL
05.01.2006 04:41 2.836.320 MRT.exe
29.12.2005 03:54 280.064 gdi32.dll

23.12.2005 19:26 27.661 mlljh.dll
23.12.2005 16:10 27.661 mljjj.dll
22.12.2005 18:54 27.661 awtqq.dll
22.12.2005 14:45 27.661 mljge.dll
21.12.2005 23:33 27.661 ddayx.dll
21.12.2005 20:16 27.661 ssqrr.dll
21.12.2005 17:00 27.661 jkhfd.dll
21.12.2005 13:44 27.661 awtqo.dll
20.12.2005 22:21 27.661 mljgd.dll
20.12.2005 14:54 27.661 ddcyy.dll
20.12.2005 14:21 27.661 jkhhh.dll
19.12.2005 19:07 27.661 pmnno.dll
18.12.2005 21:11 27.661 ssttq.dll
18.12.2005 17:55 27.661 gebcb.dll
18.12.2005 15:08 27.661 vtutr.dll
17.12.2005 17:48 27.661 pmnnn.dll
16.12.2005 17:53 27.661 ssttu.dll
16.12.2005 15:04 27.661 jkhhg.dll
16.12.2005 13:46 27.661 gebyx.dll
16.12.2005 12:35 27.661 awtqp.dll
15.12.2005 18:38 27.661 ssqpp.dll
15.12.2005 15:22 27.661 geedb.dll
14.12.2005 13:41 27.661 jkhhi.dll
13.12.2005 19:40 27.661 awvvt.dll
13.12.2005 17:55 27.661 awtsr.dll
13.12.2005 14:39 27.661 mlljg.dll
13.12.2005 12:02 27.661 ddccb.dll
12.12.2005 19:54 27.661 pmnnl.dll
12.12.2005 16:38 27.661 ddabb.dll
11.12.2005 19:51 27.661 vturp.dll
11.12.2005 16:08 27.661 vturo.dll
11.12.2005 15:57 27.661 vtsqr.dll
11.12.2005 12:41 27.661 ddcca.dll
10.12.2005 18:05 27.661 pmnll.dll
10.12.2005 14:49 27.661 gebya.dll
09.12.2005 15:33 27.661 vtutu.dll
09.12.2005 12:17 27.661 ddaby.dll
09.12.2005 12:15 557.108 awvtt.dll
08.12.2005 15:51 27.661 gebyy.dll
08.12.2005 12:09 27.661 pmnnm.dll
01.12.2005 04:31 1.492.480 shdocvw.dll
24.11.2005 00:58 1.022.464 browseui.dll
24.11.2005 00:58 3.013.632 mshtml.dll
14.11.2005 14:30 0 h323log.txt
12.11.2005 17:28 1.597.440 LibMyWitch.ocx
10.11.2005 21:22 254.272 FNTCACHE.DAT
05.11.2005 04:16 606.208 urlmon.dll
05.11.2005 04:16 1.056.256 danim.dll
30.10.2005 12:43 51.814 perfc009.dat
30.10.2005 12:43 62.578 perfc007.dat
30.10.2005 12:43 386.338 perfh007.dat
30.10.2005 12:43 376.016 perfh009.dat
30.10.2005 12:43 886.928 PerfStringBackup.INI
21.10.2005 04:40 664.064 wininet.dll
21.10.2005 04:40 474.112 shlwapi.dll
21.10.2005 04:40 39.424 pngfilt.dll
21.10.2005 04:40 448.512 mshtmled.dll
21.10.2005 04:40 530.944 mstime.dll
21.10.2005 04:40 146.432 msrating.dll
21.10.2005 04:40 96.768 inseng.dll
21.10.2005 04:40 152.064 cdfview.dll
21.10.2005 04:40 205.312 dxtrans.dll
21.10.2005 04:40 251.392 iepeers.dll
21.10.2005 04:40 55.808 extmgr.dll
20.10.2005 23:25 1.094.144 esent.dll
17.10.2005 22:20 80.896 fontsub.dll
17.10.2005 22:20 118.272 t2embed.dll
13.10.2005 00:11 15.584 spmsg.dll
13.10.2005 00:11 118.784 sirenacm.dll
11.10.2005 21:28 3.292 qtplugin.log
06.10.2005 04:08 1.839.616 win32k.sys

2.

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 083B-2EA7

Verzeichnis von C:\DOKUME~1\MS\LOKALE~1\Temp

22.01.2006 13:07 2.417.352 BIT1F.tmp
22.01.2006 13:07 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}1845.html
22.01.2006 13:07 16.384 ~DF9217.tmp
22.01.2006 13:07 16.384 ~DF5A33.tmp
22.01.2006 13:07 512 ~DF5A69.tmp
22.01.2006 13:06 16.384 ~DF8F2E.tmp
22.01.2006 12:57 16.384 ~DFDFF1.tmp
22.01.2006 12:57 16.384 ~DF7727.tmp
22.01.2006 12:57 16.384 ~DF3CC5.tmp
9 Datei(en) 2.517.151 Bytes
0 Verzeichnis(se), 22.383.169.536 Bytes frei

3.

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 083B-2EA7

Verzeichnis von C:\WINDOWS

22.01.2006 12:58 6.104 ModemLog_Bluetooth DUN Modem.txt
22.01.2006 12:58 6.098 ModemLog_Bluetooth Fax Modem.txt
22.01.2006 12:58 0 0.log
22.01.2006 12:58 4.246 ModemLog_Agere Systems PCI Soft Modem.txt
22.01.2006 12:57 1.427.752 WindowsUpdate.log
22.01.2006 12:57 159 wiadebug.log
22.01.2006 12:57 50 wiaservc.log
22.01.2006 12:56 2.048 bootstat.dat
21.01.2006 17:07 32.542 SchedLgU.Txt
21.01.2006 14:31 1.409 QTFont.for
21.01.2006 14:31 54.156 QTFont.qfn
20.01.2006 14:44 29 standard.sta
19.01.2006 20:30 229 NeroDigital.ini
19.01.2006 20:25 160 SCANREC.INI
19.01.2006 17:16 213.998 setupapi.log
17.01.2006 13:00 122.757 wmsetup.log
11.01.2006 19:47 79.875 ST6UNST.EXE
11.01.2006 19:47 258.051 SETUP1.EXE
10.01.2006 19:52 61.079 iis6.log
10.01.2006 19:52 84.190 ntdtcsetup.log
10.01.2006 19:52 163.616 tsoc.log
10.01.2006 19:52 137.186 comsetup.log
10.01.2006 19:52 22.258 ocmsn.log
10.01.2006 19:52 1.374 imsins.log
10.01.2006 19:52 10.183 KB908519.log
10.01.2006 19:52 20.300 msgsocm.log
10.01.2006 19:52 214.899 ocgen.log
10.01.2006 19:52 399.261 FaxSetup.log
10.01.2006 19:52 0 setuperr.log
06.01.2006 13:27 11.070 KB912919.log
06.01.2006 13:27 26.700 updspapi.log
03.01.2006 19:14 4.618 MKDEMSG.LOG
03.01.2006 19:13 4.096 MKDEWE.TRN
30.12.2005 00:24 231 system.ini
29.12.2005 17:53 35.139 DirectX.log
28.12.2005 13:40 5.224 mozver.dat
21.12.2005 18:00 155 winamp.ini
21.12.2005 15:10 107.132 UninstallFirefox.exe
16.12.2005 13:41 11.514 KB910437.log
16.12.2005 13:40 18.320 KB905915.log
25.11.2005 18:24 39.544 winfast.exe
10.11.2005 18:03 11.932 KB896424.log
15.10.2005 12:01 21.071 KB901017.log
15.10.2005 12:01 24.662 KB902400.log
15.10.2005 12:01 15.134 KB896688.log
15.10.2005 12:01 13.666 KB905414.log
15.10.2005 12:01 13.660 KB900725.log
15.10.2005 12:00 11.305 KB904706.log
15.10.2005 12:00 11.938 KB905749.log

4.

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 083B-2EA7

Verzeichnis von C:\

22.01.2006 13:09 0 sys.txt
22.01.2006 13:09 10.656 system.txt
22.01.2006 13:08 718 systemtemp.txt
22.01.2006 13:08 113.351 system32.txt
22.01.2006 12:56 536.399.872 hiberfil.sys
22.01.2006 12:56 805.306.368 pagefile.sys
21.01.2006 16:45 4.570 ffastun.ffa
21.01.2006 16:45 483.328 ffastun.ffo
21.01.2006 16:45 1.507.328 ffastun.ffl
21.01.2006 16:45 3.547.136 ffastun0.ffx
12.12.2004 16:47 179 CibRegSvr.log
18.11.2004 16:48 211 boot.ini
27.10.2004 18:48 150 AUTOEXEC.BAT
12.10.2004 13:32 102 Platform.ini
12.10.2004 09:05 776 IPH.PH
11.10.2004 19:57 0 MSDOS.SYS
11.10.2004 19:57 0 CONFIG.SYS
11.10.2004 19:57 0 IO.SYS
04.08.2004 13:00 4.952 bootfont.bin
04.08.2004 13:00 251.184 ntldr
04.08.2004 13:00 47.564 NTDETECT.COM
21 Datei(en) 1.347.678.445 Bytes
0 Verzeichnis(se), 22.383.153.152 Bytes frei

#25 seaking
http://virus-protect.org/artikel/tools/vundofix.html

lade und entpacke auf dem Desktop
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

---------------------------------------------------------------------
VundoFix.exe
http://www.atribune.org/downloads/VundoFix.exe

* Lade und auf dem Desktop entpacken
* boote in den abgesicherten Modus (F8 druecken, wenn er PC hochfaehrt)
* Double-click VundoFix.exe
* Klicke KillVundo.bat

* gebe nun ein:

C:\WINDOWS\system32\awvtt.dll

* druecke [Enter], und dann die F6 Taste, dann wieder [Enter]

*nun wird folgendes erscheinen:

Please type in the second filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix.

* dann gib ein:

C:\WINDOWS\system32\ttvwa.*

* druecke [Enter], und dann die F6 Taste, dann wieder [Enter]

* dann wird sich HijackThis oeffnen:

* In HiJackThis, click FIX CHECKED:

O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll
O20 - Winlogon Notify: ddaby - C:\WINDOWS\SYSTEM32\ddaby.dll

* dach starte den PC neu

* es wird ein "Blue Screen of Death" sein, das ist normal ......

---------------------------------------------------------------------
KILLBOX - Pocket KillBox

Options: Delete on Reboot --> anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\pmnnm.dll

PC neustarten

dann kopiere hier das neue Log vom HijackThis + die 4 Textdateien von datfindbat

----------------------------------------------------------


25.11.2005 18:24 39.544 winfast.exe

Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\winfast.exe

**
__________
MfG Sabina

rund um die PC-Sicherheit

#26 Hab da was gefunden was beim Identifiziern evtl. hilft.
http://www.wintotal.de/Spyware/index.php?Filter=J ,hatte nach der ddaby.dll gesucht, und deshalb is der filter da noch eingestellt.
Da man da schnell nach den dll's suchen kann, hat man schnell das Gegenmittel parat.

#27 Hausgeist

danke, aber ich weiss, welche Verseuchung es ist und wintotal basiert oft seine Erkenntnisse auf meinen Daten
Ich muss nicht googeln
__________
MfG Sabina

rund um die PC-Sicherheit

#28 tach! da bin ich wieder....also nach anfänglichen schwierigkeiten hab ich's hoffentlich geschafft bzw. alles richtig gemacht...mfg
1.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\winfast.exe
C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.EXE
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\TV Movie\TV Movie ClickFinder\tvdbaccess.exe
C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Outlook Express\msimn.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\MS\Desktop\Neuer Ordner (2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [_WinProc] C:\WINDOWS\winfast.exe
O4 - HKLM\..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.EXE /m
O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] C:\Programme\Purgatio Pro22\checker.exe /check
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {5CF0F1D2-1D22-499D-93A1-8126F28412F4} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/12b59a1dbbc2c6658a05/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097566082250
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp05.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll
O20 - Winlogon Notify: ddaby - C:\WINDOWS\SYSTEM32\ddaby.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

2.

Verzeichnis von C:\WINDOWS\system32

23.01.2006 15:29 332.108 ttvwa.ini
23.01.2006 15:24 21.930 FFASTLOG.TXT
23.01.2006 15:24 21.332 nvapps.xml
23.01.2006 15:12 331.289 ttvwa.bak1
22.01.2006 12:56 2.206 wpa.dbl
11.01.2006 19:47 89.360 VB5DB.DLL
11.01.2006 19:47 101.888 VB6STKIT.DLL
11.01.2006 19:47 65.539 ZGraph.ocx
11.01.2006 19:47 33.792 CMDLGDE.DLL
11.01.2006 19:47 34.816 MCIDE.DLL
11.01.2006 19:47 198.640 MCI32.OCX
11.01.2006 19:47 6.656 STDFTDE.DLL
11.01.2006 19:47 125.712 VB6DE.DLL
11.01.2006 19:47 118.784 MSSTDFMT.DLL
05.01.2006 04:41 2.836.320 MRT.exe
29.12.2005 03:54 280.064 gdi32.dll
23.12.2005 19:26 27.661 mlljh.dll
23.12.2005 16:10 27.661 mljjj.dll
22.12.2005 18:54 27.661 awtqq.dll
22.12.2005 14:45 27.661 mljge.dll
21.12.2005 23:33 27.661 ddayx.dll
21.12.2005 20:16 27.661 ssqrr.dll
21.12.2005 17:00 27.661 jkhfd.dll
21.12.2005 13:44 27.661 awtqo.dll
20.12.2005 22:21 27.661 mljgd.dll
20.12.2005 14:54 27.661 ddcyy.dll
20.12.2005 14:21 27.661 jkhhh.dll
19.12.2005 19:07 27.661 pmnno.dll
18.12.2005 21:11 27.661 ssttq.dll
18.12.2005 17:55 27.661 gebcb.dll
18.12.2005 15:08 27.661 vtutr.dll
17.12.2005 17:48 27.661 pmnnn.dll
16.12.2005 17:53 27.661 ssttu.dll
16.12.2005 15:04 27.661 jkhhg.dll
16.12.2005 13:46 27.661 gebyx.dll
16.12.2005 12:35 27.661 awtqp.dll
15.12.2005 18:38 27.661 ssqpp.dll
15.12.2005 15:22 27.661 geedb.dll
14.12.2005 13:41 27.661 jkhhi.dll
14.12.2005 09:24 118.784 sirenacm.dll
13.12.2005 19:40 27.661 awvvt.dll
13.12.2005 17:55 27.661 awtsr.dll
13.12.2005 14:39 27.661 mlljg.dll
13.12.2005 12:02 27.661 ddccb.dll
12.12.2005 19:54 27.661 pmnnl.dll
12.12.2005 16:38 27.661 ddabb.dll
11.12.2005 19:51 27.661 vturp.dll
11.12.2005 16:08 27.661 vturo.dll
11.12.2005 15:57 27.661 vtsqr.dll
11.12.2005 12:41 27.661 ddcca.dll
10.12.2005 18:05 27.661 pmnll.dll
10.12.2005 14:49 27.661 gebya.dll
09.12.2005 15:33 27.661 vtutu.dll
09.12.2005 12:17 27.661 ddaby.dll
09.12.2005 12:15 557.108 awvtt.dll
01.12.2005 04:31 1.492.480 shdocvw.dll
24.11.2005 00:58 3.013.632 mshtml.dll
24.11.2005 00:58 1.022.464 browseui.dll
14.11.2005 14:30 0 h323log.txt
12.11.2005 17:28 1.597.440 LibMyWitch.ocx
10.11.2005 21:22 254.272 FNTCACHE.DAT
05.11.2005 04:16 606.208 urlmon.dll
05.11.2005 04:16 1.056.256 danim.dll
30.10.2005 12:43 51.814 perfc009.dat
30.10.2005 12:43 376.016 perfh009.dat
30.10.2005 12:43 62.578 perfc007.dat
30.10.2005 12:43 386.338 perfh007.dat
30.10.2005 12:43 886.928 PerfStringBackup.INI
21.10.2005 04:40 664.064 wininet.dll
21.10.2005 04:40 474.112 shlwapi.dll
21.10.2005 04:40 448.512 mshtmled.dll
21.10.2005 04:40 146.432 msrating.dll
21.10.2005 04:40 530.944 mstime.dll
21.10.2005 04:40 39.424 pngfilt.dll
21.10.2005 04:40 96.768 inseng.dll
21.10.2005 04:40 152.064 cdfview.dll
21.10.2005 04:40 251.392 iepeers.dll
21.10.2005 04:40 55.808 extmgr.dll
21.10.2005 04:40 205.312 dxtrans.dll
20.10.2005 23:25 1.094.144 esent.dll
17.10.2005 22:20 118.272 t2embed.dll
17.10.2005 22:20 80.896 fontsub.dll
13.10.2005 00:11 15.584 spmsg.dll
11.10.2005 21:28 3.292 qtplugin.log
06.10.2005 04:08 1.839.616 win32k.sys

3.
Verzeichnis von C:\DOKUME~1\MS\LOKALE~1\Temp

23.01.2006 15:24 16.384 ~DFF7A1.tmp
23.01.2006 15:11 16.384 ~DF897F.tmp
23.01.2006 15:11 16.384 ~DF1BCB.tmp
23.01.2006 15:02 10.120 ~WRS0001.tmp
23.01.2006 15:02 166.802 MSI9054a.LOG
23.01.2006 15:02 166.810 MSI90546.LOG
23.01.2006 15:01 16.384 ~WRF0000.tmp
23.01.2006 15:01 558 MSI7f9ef.LOG
23.01.2006 15:00 668 MSI7f9ee.LOG
23.01.2006 14:52 16.384 ~DFADF.tmp
23.01.2006 14:50 16.384 ~DF24A0.tmp
23.01.2006 14:47 16.384 ~DF87F0.tmp
23.01.2006 14:46 512 ~DF51F3.tmp
23.01.2006 14:46 16.384 ~DF51BF.tmp
23.01.2006 14:46 16.384 ~DFB98.tmp
23.01.2006 14:34 16.384 ~DF28BB.tmp
23.01.2006 13:29 0 90n48.tmp
23.01.2006 13:28 0 wil47.tmp
23.01.2006 13:27 0 v3r46.tmp
23.01.2006 13:27 0 dxw45.tmp
23.01.2006 13:26 0 8ho44.tmp
23.01.2006 12:46 16.384 ~DF5E3.tmp
22.01.2006 17:03 16.384 ~DF893A.tmp
22.01.2006 14:10 0 r7x82.tmp
22.01.2006 14:10 0 ktg81.tmp
22.01.2006 14:09 0 ga47D.tmp
22.01.2006 14:08 0 iq97C.tmp
22.01.2006 14:06 0 p707B.tmp
22.01.2006 14:05 0 n5e7A.tmp
22.01.2006 14:05 0 g2j79.tmp
22.01.2006 14:04 0 ouo75.tmp
22.01.2006 14:03 0 lc574.tmp
22.01.2006 14:02 0 89c73.tmp
22.01.2006 14:01 0 b1x72.tmp
22.01.2006 14:00 0 bus71.tmp
22.01.2006 14:00 0 hrd70.tmp
22.01.2006 13:06 16.384 ~DF8F2E.tmp
27.12.2005 03:04 71.680 KillBox.exe
38 Datei(en) 630.142 Bytes
0 Verzeichnis(se), 22.356.643.840 Bytes frei

4.

Verzeichnis von C:\WINDOWS

23.01.2006 15:25 6.104 ModemLog_Bluetooth DUN Modem.txt
23.01.2006 15:25 6.098 ModemLog_Bluetooth Fax Modem.txt
23.01.2006 15:25 0 0.log
23.01.2006 15:25 4.246 ModemLog_Agere Systems PCI Soft Modem.txt
23.01.2006 15:25 1.477.399 WindowsUpdate.log
23.01.2006 15:25 159 wiadebug.log
23.01.2006 15:24 50 wiaservc.log
23.01.2006 15:24 2.048 bootstat.dat
23.01.2006 15:23 32.542 SchedLgU.Txt
23.01.2006 15:06 245.394 ntbtlog.txt
22.01.2006 19:35 4.958 MKDEMSG.LOG
22.01.2006 19:34 4.096 MKDEWE.TRN
21.01.2006 14:31 54.156 QTFont.qfn
21.01.2006 14:31 1.409 QTFont.for
20.01.2006 14:44 29 standard.sta
19.01.2006 20:30 229 NeroDigital.ini
19.01.2006 20:25 160 SCANREC.INI
19.01.2006 17:16 213.998 setupapi.log
17.01.2006 13:00 122.757 wmsetup.log
11.01.2006 19:47 258.051 SETUP1.EXE
11.01.2006 19:47 79.875 ST6UNST.EXE
10.01.2006 19:52 84.190 ntdtcsetup.log
10.01.2006 19:52 163.616 tsoc.log
10.01.2006 19:52 61.079 iis6.log
10.01.2006 19:52 137.186 comsetup.log
10.01.2006 19:52 22.258 ocmsn.log
10.01.2006 19:52 1.374 imsins.log
10.01.2006 19:52 10.183 KB908519.log
10.01.2006 19:52 20.300 msgsocm.log
10.01.2006 19:52 214.899 ocgen.log
10.01.2006 19:52 399.261 FaxSetup.log
10.01.2006 19:52 0 setuperr.log
06.01.2006 13:27 11.070 KB912919.log
06.01.2006 13:27 26.700 updspapi.log
30.12.2005 00:24 231 system.ini
29.12.2005 17:53 35.139 DirectX.log
28.12.2005 13:40 5.224 mozver.dat
21.12.2005 18:00 155 winamp.ini
21.12.2005 15:10 107.132 UninstallFirefox.exe
16.12.2005 13:41 11.514 KB910437.log
16.12.2005 13:40 18.320 KB905915.log
25.11.2005 18:24 39.544 winfast.exe
10.11.2005 18:03 11.932 KB896424.log
15.10.2005 12:01 21.071 KB901017.log
15.10.2005 12:01 24.662 KB902400.log
15.10.2005 12:01 15.134 KB896688.log
15.10.2005 12:01 13.666 KB905414.log
15.10.2005 12:01 13.660 KB900725.log
15.10.2005 12:00 11.305 KB904706.log
15.10.2005 12:00 11.938 KB905749.log

5.

Verzeichnis von C:\

23.01.2006 15:30 0 sys.txt
23.01.2006 15:30 10.705 system.txt
23.01.2006 15:30 2.060 systemtemp.txt
23.01.2006 15:29 113.209 system32.txt
23.01.2006 15:24 536.399.872 hiberfil.sys
23.01.2006 15:24 805.306.368 pagefile.sys
22.01.2006 19:07 4.570 ffastun.ffa
22.01.2006 19:07 483.328 ffastun.ffo
22.01.2006 19:07 1.507.328 ffastun.ffl
22.01.2006 19:07 3.563.520 ffastun0.ffx
12.12.2004 16:47 179 CibRegSvr.log
18.11.2004 16:48 211 boot.ini
27.10.2004 18:48 150 AUTOEXEC.BAT
12.10.2004 13:32 102 Platform.ini
12.10.2004 09:05 776 IPH.PH
11.10.2004 19:57 0 MSDOS.SYS
11.10.2004 19:57 0 CONFIG.SYS
11.10.2004 19:57 0 IO.SYS
04.08.2004 13:00 4.952 bootfont.bin
04.08.2004 13:00 251.184 ntldr
04.08.2004 13:00 47.564 NTDETECT.COM
21 Datei(en) 1.347.696.078 Bytes
0 Verzeichnis(se), 22.356.639.744 Bytes frei

6.
This is a report processed by VirusTotal on 01/23/2006 at 15:28:18 (CET) after scanning the file "winfast.exe" file.

Antivirus Version Update Result
AntiVir 6.33.0.77 01.23.2006 TR/Dldr.Agent.ZD.1
Avast 4.6.695.0 01.20.2006 Win32:Trojan-gen. {UPX!}
AVG 718 01.20.2006 Downloader.Agent.AUW
Avira 6.33.0.77 01.23.2006 TR/Dldr.Agent.ZD.1
BitDefender 7.2 01.23.2006 Trojan.Downloader.Agent.ZD
CAT-QuickHeal 8.00 01.23.2006 TrojanDownloader.Agent.zd
ClamAV devel-20051123 01.21.2006 Trojan.Downloader.Agent-217
DrWeb 4.33 01.23.2006 Trojan.DownLoader.5284
eTrust-InoculateIT 23.71.57 01.22.2006 no virus found
eTrust-Vet 12.4.2053 01.23.2006 Win32/Tactslay.U
Ewido 3.5 01.23.2006 Downloader.Small.cca
Fortinet 2.54.0.0 01.22.2006 W32/Small.CCA-dldr
F-Prot 3.16c 01.20.2006 no virus found
Ikarus 0.2.59.0 01.20.2006 no virus found
Kaspersky 4.0.2.24 01.23.2006 Trojan-Downloader.Win32.Small.cca
McAfee 4679 01.20.2006 Generic Downloader.k
NOD32v2 1.1375 01.23.2006 a variant of Win32/TrojanDownloader.Agent.KW
Norman 5.70.10 01.23.2006 W32/DLoader.NNN
Panda 9.0.0.4 01.23.2006 Trj/Downloader.FNJ
Sophos 4.01.0 01.23.2006 Troj/Small-FA
Symantec 8.0 01.23.2006 no virus found
TheHacker 5.9.2.078 01.20.2006 Trojan/Downloader.Agent.zd
UNA 1.83 01.21.2006 TrojanDownloader.Win32.Agent
VBA32 3.10.5 01.23.2006 Trojan.DownLoader.5284

#29 wende noch mal an (genau, wie oben erklart)
VundoFix.exe

Zitat

* gebe nun ein:

C:\WINDOWS\system32\awvtt.dll

* druecke [Enter], und dann die F6 Taste, dann wieder [Enter]

*nun wird folgendes erscheinen:

Please type in the second filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix.

* dann gib ein:

C:\WINDOWS\system32\ttvwa.*

* druecke [Enter], und dann die F6 Taste, dann wieder [Enter]

* dann wird sich HijackThis oeffnen:

* In HiJackThis, click FIX CHECKED:

O4 - HKLM\..\Run: [_WinProc] C:\WINDOWS\winfast.exe

O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll
O20 - Winlogon Notify: ddaby - C:\WINDOWS\SYSTEM32\ddaby.dll

PC neustarten

-----------------------------------------------------------
loesche mit der Killbox:

C:\WINDOWS\winfast.exe
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\ddaby.dll

pc neustarten

http://virus-protect.org/multiavtool.html
klicke "3" - McAfee -- es erscheint ein leeres DOS-Fenster.
- man muss eingeben, was gescannt werden soll
- C:\Windows\System32 dann beginnt der Scan, man sollte dann auch scannen lassen:
- C:\Windows
- C:\

klicke "6 --> der PC wird neustarten --> suche die 3 Scanreporte in C:\AV-CLS und kopiere sie hier.
__________
MfG Sabina

rund um die PC-Sicherheit

#30 VundoFix.exe

* gebe nun ein:

C:\WINDOWS\system32\awvtt.dll

* druecke [Enter], und dann die F6 Taste, dann wieder [Enter]

*nun wird folgendes erscheinen:

Please type in the second filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix.

* dann gib ein:

C:\WINDOWS\system32\ttvwa.*

* druecke [Enter], und dann die F6 Taste, dann wieder [Enter]

>>>>schon nach dem ersten enter drücken hier öffnete sich hijackthis. alle anderen fenster schließten sich. außerdem musste ich von hand scannen. und habe die dateien gelöscht. obs geklappt hat keine ahnung?!?!


* dann wird sich HijackThis oeffnen:

* In HiJackThis, click FIX CHECKED:

O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll
O20 - Winlogon Notify: ddaby - C:\WINDOWS\SYSTEM32\ddaby.dll

* dach starte den PC neu

* es wird ein "Blue Screen of Death" sein, das ist normal ......


>>>>>>pc neu gestartet (keine reset-taste also hauptschalter genommen)- taskleiste zum "normalen" neustarten war verschwunden. blue screen erschien nie..... .


** des weiteren gab es probleme beim öffnen von word-dokumenten, nachdem ich die schritte ausgeführt hatte>word öffnete sich nicht. word wollte dvd zur installation bzw. update oder so haben - hab ich dann reingepackt - jetzt läufts wieder.

hier jetzt die 3 scanreporte:

1.
01/23/2006 20:58:01


Options:
"C:\WINDOWS\SYSTEM32" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"

Scanning C: [BOOT]
C:\WINDOWS\SYSTEM32\awvtt.dll ... Found the Vundo trojan !!!
Scanning C:\WINDOWS\SYSTEM32\*.*
C:\WINDOWS\SYSTEM32\awvtt.dll ... Found the Vundo trojan !!!

A file(s) requires a reboot to complete the repair.
You are recommended to reboot the computer.

Summary report on C:\WINDOWS\SYSTEM32\*.*
File(s)
Total files: ........... 9654
Clean: ................. 9642
Possibly Infected: ..... 2
Cleaned: ............... 0
Non-critical Error(s): 1


Time: 00:06.05

2.
01/23/2006 21:06:56


Options:
"C:\WINDOWS" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"

Scanning C: [BOOT]
C:\WINDOWS\winfast.exe\winfast.exe ... Found the Generic Downloader.k trojan !!!
The file or process has been deleted.
Scanning C:\WINDOWS\*.*
C:\WINDOWS\system32\awvtt.dll ... Found the Vundo trojan !!!

A file(s) requires a reboot to complete the repair.
You are recommended to reboot the computer.

Summary report on C:\WINDOWS\*.*
File(s)
Total files: ........... 59310
Clean: ................. 59297
Possibly Infected: ..... 2
Cleaned: ............... 0
Deleted: ............... 1
Non-critical Error(s): 1


Time: 00:14.04

3.

01/23/2006 21:21:35


Options:
"C:" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"

Scanning C: [BOOT]
Scanning C:\*.*
C:\!KillBox\awtqq.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\awtsr.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\awvvt.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\ddabb.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\ddaby.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\ddayx.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\ddcca.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\ddccb.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\ddcyy.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\gebcb.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\gebya.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\gebyx.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\gebyy.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\geedb.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\jkhfd.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\jkhhg.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\jkhhh.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\jkhhi.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\mljgd.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\mljge.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\mljjj.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\mlljg.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\pmnll.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\pmnnl.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\pmnnm.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\pmnnn.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\pmnno.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\ssqpp.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\ssqrr.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\ssttq.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\ssttu.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\vtsqr.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\vturo.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\vturp.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\vtutr.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\!KillBox\vtutu.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Street Racing Syndicate\Play Street Racing Syndicate™ Online with GameSpy Arcade.url ... Found potentially unwanted program Adware-Url.gen.
The file or process has been deleted.
C:\Dokumente und Einstellungen\MS\Desktop\Neuer Ordner (2)\backups\backup-20060118-184557-757.dll ... Found the Vundo trojan !!!
The file or process has been deleted.
C:\Dokumente und Einstellungen\MS\Desktop\Neuer Ordner (2)\backups\backup-20060118-184557-977.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\Dokumente und Einstellungen\MS\Desktop\Neuer Ordner (2)\backups\backup-20060118-191837-669.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\Dokumente und Einstellungen\MS\Desktop\Neuer Ordner (2)\backups\backup-20060118-191837-835.dll ... Found the Vundo trojan !!!
The file or process has been deleted.
C:\Dokumente und Einstellungen\MS\Desktop\Neuer Ordner (2)\backups\backup-20060118-194713-422.dll ... Found potentially unwanted program Adware-Virtumundo.
The file or process has been deleted.
C:\Dokumente und Einstellungen\MS\Desktop\Neuer Ordner (2)\backups\backup-20060118-194713-473.dll ... Found the Vundo trojan !!!
The file or process has been deleted.
C:\Programme\Sierra\SWAT 4\Content\System\swat4_demo_with_gamespy.url ... Found potentially unwanted program Adware-Url.gen.
The file or process has been deleted.
C:\Programme\Sierra\SWAT 4\Content\System\swat4_with_gamespy.url ... Found potentially unwanted program Adware-Url.gen.
The file or process has been deleted.
C:\WINDOWS\system32\awvtt.dll ... Found the Vundo trojan !!!

A file(s) requires a reboot to complete the repair.
You are recommended to reboot the computer.

Summary report on C:\*.*
File(s)
Total files: ........... 209006
Clean: ................. 208918
Possibly Infected: ..... 4
Cleaned: ............... 0
Deleted: ............... 45
Non-critical Error(s): 3
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


Time: 00:58.30



Schon mal DANKE im voraus für Deine/Eure Hilfe/n.

mfg