mein Browser öffnet immer selbstständig mit lästiger Werbung

#16 Lore

- Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

- als naechstes arbeite das hier ab (nur die delf.bfu)--> kopiere dann hier den scanreport
http://virus-protect.org/artikel/bfu/delf_bfu.html

- in der killbox unter C:\ musst du alles loeschen, was da ist.

- wenn du die bfu abgearbeitet hast....poste bitte die 4 Textdateien von datfindbat noch einmal.
dann sehen wir weiter
__________
MfG Sabina

rund um die PC-Sicherheit

#17 Hallo Sabina,

… sorry für die verspätete Reaktion, … hab die 2. Seite hier übersehn.

Stand der „Dinge“:


Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 7C6F-CA0D
BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 11:24:16 µµ, on 15/2/2006

Option pause between commands: 100 ms
Failed: FileDelete C:\DOKUME~1\user\LOKALE~1\Temp\~DF3536.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\user\LOKALE~1\Temp\~DF6703.tmp (operation failed)
Failed: FolderDelete C:\Programme\Network Monitor (folder not found)
Failed: FolderDelete C:\Programme\SurfSideKick 3 (folder not found)
Failed: FolderDelete C:\Programme\TheSearchAccelerator (folder not found)
Failed: FolderDelete C:\Programme\rsss (folder not found)
Script completed.

---------------------------------------------------------------------------------

datfind.bad:

Verzeichnis von C:\WINDOWS\system32

15/02/2006 11:34 ææ 36.630 nvModes.001
15/02/2006 11:33 ææ 17.112 nvapps.xml
15/02/2006 11:22 ææ 501.252 perfh009.dat
15/02/2006 11:22 ææ 136.234 perfc009.dat
15/02/2006 11:22 ææ 562.782 perfh007.dat
15/02/2006 11:22 ææ 159.672 perfc007.dat
15/02/2006 11:22 ææ 2.656 PerfStringBackup.INI
14/02/2006 08:23 ææ 0 lo2.txtt
14/02/2006 01:40 pæ 25.088 Thumbs.db
14/02/2006 01:36 pæ 2.206 wpa.dbl
27/01/2006 12:05 pæ 7.006 jupdate-1.5.0_06-b05.log
26/01/2006 11:33 ææ 43.254 oemlogo.bmp
26/01/2006 09:41 ææ 20.006 eule.jpg
26/01/2006 09:20 ææ 320 OEMINFO.INI
26/01/2006 08:23 ææ 31.020 eule_index.jpg
05/01/2006 04:41 pæ 2.836.320 MRT.exe
29/12/2005 05:17 ææ 56 66650F0E31.sys
29/12/2005 03:54 pæ 280.064 gdi32.dll
14/12/2005 09:24 pæ 118.784 sirenacm.dll
01/12/2005 04:31 pæ 1.492.480 shdocvw.dll
27/11/2005 12:37 ææ 5.618 jupdate-1.5.0_05-b05.log
24/11/2005 12:58 pæ 3.013.632 mshtml.dll
24/11/2005 12:58 pæ 1.022.464 browseui.dll
16/11/2005 04:31 ææ 36.630 nvModes.dat
11/11/2005 11:58 pæ 11.322 KGyGaAvL.sys
11/11/2005 11:24 pæ 178.648 FNTCACHE.DAT
10/11/2005 01:03 ææ 127.078 javaws.exe
10/11/2005 01:03 ææ 49.265 jpicpl32.cpl
10/11/2005 11:27 pæ 49.250 javaw.exe
10/11/2005 11:27 pæ 49.248 java.exe
05/11/2005 04:16 pæ 606.208 urlmon.dll
05/11/2005 04:16 pæ 1.056.256 danim.dll


Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 7C6F-CA0D

Verzeichnis von C:\WINDOWS

15/02/2006 11:33 ææ 1.620.134 WindowsUpdate.log
15/02/2006 11:33 ææ 159 wiadebug.log
15/02/2006 11:33 ææ 50 wiaservc.log
15/02/2006 11:32 ææ 0 0.log
15/02/2006 11:32 ææ 2.048 bootstat.dat
15/02/2006 11:18 ææ 676.884 ntbtlog.txt
15/02/2006 11:16 ææ 32.544 SchedLgU.Txt
15/02/2006 10:42 ææ 9 tracert.lo_
15/02/2006 10:42 ææ 1.040 tracert.log
15/02/2006 12:13 ææ 155 winamp.ini
15/02/2006 03:22 pæ 2.003 wincmd.ini
15/02/2006 03:07 pæ 817 wcx_ftp.ini
14/02/2006 01:18 pæ 19.456 Thumbs.db
14/02/2006 01:17 pæ 26 Lic.xxx
13/02/2006 07:42 ææ 1.186.325 setupapi.log
13/02/2006 07:08 ææ 633 win.ini
13/02/2006 07:08 ææ 237 system.ini
13/02/2006 02:33 ææ 446 lexstat.ini
09/02/2006 12:07 ææ 122.907 wmsetup.log
26/01/2006 05:13 ææ 949 nsw.log
26/01/2006 04:41 ææ 3.274 ModemLog_Intracom NetMod USB ver 3.02.txt
26/01/2006 01:09 ææ 952.746 iis6.log
26/01/2006 01:09 ææ 211.738 comsetup.log
26/01/2006 01:09 ææ 138.819 ntdtcsetup.log
26/01/2006 01:09 ææ 313.298 tsoc.log
26/01/2006 01:09 ææ 4.696 imsins.log
26/01/2006 01:09 ææ 31.922 ocmsn.log
26/01/2006 01:09 ææ 28.839 tabletoc.log
26/01/2006 01:09 ææ 398.428 ocgen.log
26/01/2006 01:09 ææ 34.717 medctroc.Log
26/01/2006 01:09 ææ 33.634 msgsocm.log
26/01/2006 01:09 ææ 698.669 FaxSetup.log
26/01/2006 01:09 ææ 109.474 netfxocm.log
26/01/2006 01:09 ææ 246.054 msmqinst.log
23/01/2006 03:02 pæ 33 wininit.ini
16/01/2006 04:53 ææ 349 ulead32.ini
11/01/2006 01:06 ææ 1.374 imsins.BAK
11/01/2006 01:06 ææ 11.182 KB908519.log
07/01/2006 02:23 ææ 11.040 KB912919.log
07/01/2006 02:23 ææ 21.437 updspapi.log
05/01/2006 02:46 pæ 10.413 KB910437.log
05/01/2006 02:46 pæ 16.391 KB905915.log
28/12/2005 10:09 ææ 0 OpPrintServer.INI
28/12/2005 09:57 ææ 3.259 EPSTPLOG.BAK
28/12/2005 09:57 ææ 1.948 Windows Update.log
28/12/2005 09:50 ææ 25 CDER300Euro.ini
14/12/2005 03:20 ææ 1.647 ip.log
14/12/2005 03:20 ææ 9 ip.lo_
09/12/2005 12:15 pæ 184.922 setupact.log
07/12/2005 02:58 pæ 1.127.882 _detmp.1
22/11/2005 01:10 pæ 8.146 fsbwinst.log
22/11/2005 01:05 pæ 10.539 Q-Klez.log
22/11/2005 01:00 pæ 1.122 Active Setup Log.txt
22/11/2005 01:00 pæ 1.122 Active Setup Log.BAK
22/11/2005 12:51 pæ 3.902 ModemLog_Conexant D480 MDC V.92 Modem.txt
11/11/2005 11:22 pæ 11.841 KB896424.log


Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 7C6F-CA0D

Verzeichnis von C:\DOKUME~1\user\LOKALE~1\Temp


Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 7C6F-CA0D

Verzeichnis von C:\

15/02/2006 11:35 ææ 0 sys.txt
15/02/2006 11:35 ææ 12.403 system.txt
15/02/2006 11:35 ææ 125 systemtemp.txt
15/02/2006 11:35 ææ 124.826 system32.txt
15/02/2006 11:32 ææ 268.435.456 pagefile.sys
15/02/2006 10:27 pæ 0 cttest.txt
14/02/2006 01:16 pæ 2 AVPCallback.log
13/02/2006 07:08 ææ 211 boot.ini
11/02/2006 04:38 ææ 16 UsageTrack.txt
03/02/2006 10:07 ææ 20[img]7 IPH.PH
01/02/2006 07:10 ææ 363.105 treeinfo.wc
09/12/2005 02:09 ææ 192 BcBtRmv.log
03/12/2005 03:15 pæ 5.120 Thumbs.db
28/10/2005 11:26 ææ 0 DBS.TXT
07/10/2005 08:49 ææ 3.979 CtDrvStp.log
07/10/2005 08:48 ææ 326 CtDrvIns.log
02/10/2005 07:17 ææ 0 ASPI.LOG



killbox ist leer

Gruß

Lore

#18 Lore

scanne mit SpySweeper (trial) und poste den scanreport
http://virus-protect.org/spysweeper.html
__________
MfG Sabina

rund um die PC-Sicherheit

#19 Hallo erstmal hier ins Forum!

Wollte mit meinem Problem keinen neuen Thread aufmachen. Habe auch mit ständigen Popups gekämpft und bin durch googeln auf dieses Forum aufmerksam geworden. Nach sorgfältigem abarbeiten der Lösungsvorschläge war der letzte Post von Sabina meine Rettung. Spysweeper hat die adware look2me gefunden und erfolgreich ins Jenseits befördert. (Lavasoft Ad-Aware war übrigens trotz neuestem Stand nicht in der Lage diese adware zu finden).
Herzlichen Dank und ein RIESENLOB an dieses Forum

Grüße Carsten

#20 Hallo Sabina,

… hab nun wieder die Gelegenheit gefunden um zu Posten.

Report Spy Sweeper:

********
3:57 ìì: | Start of Session, ÐÝìðôç, 16 ÖåâñïõÜñéïò 2006 |
3:57 ìì: Spy Sweeper started
3:57 ìì: Sweep initiated using definitions version 615
3:57 ìì: Starting Memory Sweep
4:01 ìì: Memory Sweep Complete, Elapsed Time: 00:03:38
4:01 ìì: Starting Registry Sweep
4:01 ìì: Found Adware: look2me
4:01 ìì: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\smden\ (6 subtraces) (ID = 501239)
4:01 ìì: Registry Sweep Complete, Elapsed Time:00:00:28
4:01 ìì: Starting Cookie Sweep
4:01 ìì: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:01 ìì: Starting File Sweep

...............................
4:46 ìì: Warning: Failed to open file "g:\go-informatik\praktikum\data-media\studienarbeiten\linuxforen_de -- user helfen

usern - iptables fur ihk-prufung (bitte um hilfe).htm". Das System kann die angegebene Datei nicht finden
4:46 ìì: Warning: Failed to open file "g:\go-informatik\praktikum\data-media\projekt-ihk\opensource-sicherheitslosungen fur

unternehmen.pdf". Das System kann die angegebene Datei nicht finden
4:46 ìì: Warning: Failed to open file "g:\go-informatik\praktikum\data-media\projekt-ihk\bsi schulung it-grundschutz - 2_5

test - losungen.htm". Das System kann die angegebene Datei nicht finden
4:46 ìì: Warning: Failed to open file "g:\go-informatik\praktikum\data-media\projekt-ihk\erstellung von regelsatzen fur

paketfilter.pdf". Das System kann die angegebene Datei nicht finden
4:46 ìì: Warning: Failed to open file "g:\go-informatik\praktikum\data-media\projekt-ihk\eigene


dlt, lto vogon international (munchen, koln).htm". Das System kann die angegebene Datei nicht finden
5:38 ìì: Warning: Failed to open file "g:\www.mike.de\best\web-bsp\vogon2\datenrettung - festplatten, raid, magnetbandern,

dlt, lto vogon international (munchen, koln).htm". Das System kann die angegebene Datei nicht finden

....
.... das ging dann weiter, denke aber diese info ist nich relevant.

---------------------------------


6:05 ìì: File Sweep Complete, Elapsed Time: 02:03:12
6:05 ìì: Full Sweep has completed. Elapsed time 02:07:32
6:05 ìì: Traces Found: 7
********
3:41 ìì: | Start of Session, ÐÝìðôç, 16 ÖåâñïõÜñéïò 2006 |
3:41 ìì: Spy Sweeper started
3:43 ìì: Your spyware definitions have been updated.
3:46 ìì: Updating spyware definitions
3:46 ìì: Your definitions are up to date.
3:52 ìì: IE Tracking Cookies Shield: Removed advertising cookie
3:52 ìì: IE Tracking Cookies Shield: Removed atlas dmt cookie
3:52 ìì: IE Tracking Cookies Shield: Removed atwola cookie
3:52 ìì: IE Tracking Cookies Shield: Removed questionmarket cookie
3:57 ìì: | End of Session, ÐÝìðôç, 16 ÖåâñïõÜñéïò 2006 |


Spy Sweeper will provide you with detailed information about the operations being performed in this area.

The shields above are available with this version of Spy Sweeper.

The shields above are available with this version of Spy Sweeper.
Automated check for new spyware definitions now underway.
Automated check for program update in progress.
Your Spy Sweeper application is up to date.
Automated check for news in progress.
... news is ready for your viewing.

Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware.

System Shields: These protect different parts of your Windows system.

Hosts File Shield: Protects you from malicious web sites that conduct address hijacking (diverting you to www.someothersite.com instead of www.google.com).
Updating spyware definitions from Webroot.com
Please wait... This may take a few minutes...
Your spyware definitions have been updated.
You are now protected against 125077 known traces.

No items will be ignored during sweeps.

No items will be removed without notification during sweeps.

Pressing a product button will provide more information about that product.

The shields above are available with this version of Spy Sweeper.

The shields above are available with this version of Spy Sweeper.

Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware.

System Shields: These protect different parts of your Windows system.

Hosts File Shield: Protects you from malicious web sites that conduct address hijacking (diverting you to www.someothersite.com instead of www.google.com).

Startup Shield: Protects your startup program list from unauthorized changes.

BHO Shield: Protects your IE from unauthorized changes by BHOs

The shields above are available with this version of Spy Sweeper.

BHO Shield: Protects your IE from unauthorized changes by BHOs

Startup Shield: Protects your startup program list from unauthorized changes.

Hosts File Shield: Protects you from malicious web sites that conduct address hijacking (diverting you to www.someothersite.com instead of www.google.com).

System Shields: These protect different parts of your Windows system.

Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware.

The shields above are available with this version of Spy Sweeper.
Spy News is provided to help you get the most out of Spy Sweeper by providing you with real-time information such as usability tips and news regarding the latest threats.

The shields above are available with this version of Spy Sweeper.

The shields above are available with this version of Spy Sweeper.
Launching browser to check for program updates.
Done.
Updating spyware definitions from Webroot.com
Please wait... This may take a few minutes...
Your definitions are up to date.

The shields above are available with this version of Spy Sweeper.

The shields above are available with this version of Spy Sweeper.

Startup Shield: Protects your startup program list from unauthorized changes.

The shields above are available with this version of Spy Sweeper.

No items will be ignored during sweeps.

No items will be removed without notification during sweeps.

Pressing a product button will provide more information about that product.

The shields above are available with this version of Spy Sweeper.

The shields above are available with this version of Spy Sweeper.

Startup Shield: Protects your startup program list from unauthorized changes.

Hosts File Shield: Protects you from malicious web sites that conduct address hijacking (diverting you to www.someothersite.com instead of www.google.com).

System Shields: These protect different parts of your Windows system.

Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware.

The shields above are available with this version of Spy Sweeper.

Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware.

The shields above are available with this version of Spy Sweeper.

Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware.
IE Hijack Shield is not activated

The shields above are available with this version of Spy Sweeper.

Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware.
IE Tracking Cookies Shield is activated
IE Tracking Cookies Shield: Removed advertising cookie
IE Tracking Cookies Shield: Removed atlas dmt cookie
IE Tracking Cookies Shield: Removed atwola cookie
IE Tracking Cookies Shield: Removed questionmarket cookie
IE Tracking Cookies Shield is not activated
IE Hijack Shield is activated
IE Tracking Cookies Shield is activated
IE Favorites Shield is not activated
IE Favorites Shield is activated
IE Security Shield is not activated
IE Security Shield is activated
IE Tracking Cookies Shield is not activated
IE Tracking Cookies Shield is activated

System Shields: These protect different parts of your Windows system.

Hosts File Shield: Protects you from malicious web sites that conduct address hijacking (diverting you to www.someothersite.com instead of www.google.com).

Startup Shield: Protects your startup program list from unauthorized changes.

BHO Shield: Protects your IE from unauthorized changes by BHOs

The shields above are available with this version of Spy Sweeper.

Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware.
IE Hijack Shield is not activated

The shields above are available with this version of Spy Sweeper.

Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware.
IE Hijack Shield is activated

To ensure proper removal of spyware, adware and other unwanted items, be sure to close any programs that are open.
Your Sweep Options indicate the following will be swept:
Drives: C: D: G:
Also sweeping: Memory, Cookies, Registry
Adware found: look2me
Full Sweep has completed. Elapsed time 02:07:32
Traces Found: 7


@ cadank stimme völlig überein. Hab hier aber erst mal nur das Ergebniss vom Report gepostet, auf weitere instruktionen warte ich dankend!

Grüß

Lore

#21 Lore

- Hoster.zip--> noch einmal
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

scanne mit Panda und kopiere den scanreport
http://virus-protect.org/onlinescan.html

Zitat

Look2Me ????????????

Internet advertising and online marketing solutions - banner ad network,
pay per click ads, search box affiliate program and xml search feeds.

Domain name: MAMMAMEDIASOLUTIONS.COM
Administrative Contact:
Lamantia, Joel joel_lamantia@mamma.com
388 St. Jaques West
Montreal, QC H2Y1S1
CA
+1.5148442700
Technical Contact:
Accad, Nicholas nicholas@mamma.com
9000-388 St. Jacques W.
Montreal, QC H2Y 1S1

Registration Service Provider:
Domain Direct
1-416-531-2084
http://www.domaindirect.com/supportform.html
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.

Registrar of Record: TUCOWS, INC.
Record last updated on 02-Feb-2006.
Record expires on 30-Jul-2011.
Record created on 31-Jul-1996.

Domain servers in listed order:
NS1.MAMMA.COM 63.236.25.90
NS3.MAMMA.COM 66.201.203.132

__________
MfG Sabina

rund um die PC-Sicherheit

#22 Hallo Sabina,

Report PandaOnlineScan:

Incident Status Location

Spyware:spyware/cws.olehelp Not disinfected Windows Registry
Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\rybdnuy3.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\rybdnuy3.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\rybdnuy3.default\cookies.txt[]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26b69f0a-718bcc50.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26b69f0a-718bcc50.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26b69f0a-718bcc50.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26b69f0a-718bcc50.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-58d8b149-11299139.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-58d8b149-11299139.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-58d8b149-11299139.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-58d8b149-11299139.zip[Installer.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-757a4c66.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-757a4c66.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-757a4c66.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-757a4c66.zip[NewURLClassLoader.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-430612bf.zip[InstallerApplet.class]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-6fd736c0.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-6fd736c0.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-6fd736c0.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-6fd736c0.zip[Parser.class]
Potentially unwanted tool:Application/IopusPass Not disinfected C:\Programme\iOpus Password Recovery XP\iopuspwd.exe
Virus:Eicar.Mod Renamed C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\eicar.html
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\Desktop\l2mfix.exe[Process.exe]
Virus:SymbOS/ComWar.A.worm Disinfected D:\Downloads\Firefox\commw.sis
Dialerialer.Gen Not disinfected D:\Downloads\Firefox\erdkunde.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\Downloads\Firefox\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected D:\Downloads\Firefox\lf\l2mfix\Process.exe
Virus:Exploit/WMF Not disinfected G:\Go-Data\CLIPART.rar[ZODIC113.WMF]
Virus:Exploit/WMF Not disinfected G:\Go-Data\CLIPART.rar[TCHSB117.WMF]
Virus:Exploit/WMF Disinfected G:\Go-Data\CLIPART\RECREATN\SPRTTEAM\SOCCR021.WMF
Virus:Exploit/WMF Disinfected G:\Go-Data\CLIPART\SYMBOLS\TECHSYMB\TCHSB117.WMF
Virus:Exploit/WMF Disinfected G:\Go-Data\CLIPART\SYMBOLS\ZODIAC\ZODIC113.WMF

Gruß

Lore

#23 Versteckte- und Systemdateien
http://virus-protect.org/invisible.html

loesche:

D:\Downloads\Firefox\erdkunde.exe
D:\Downloads\Firefox\commw.sis

alle Eintraege loeschen im Java-Cache:
C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar

dann scanne noch mal.
__________
MfG Sabina

rund um die PC-Sicherheit

#24 Hallo Sabina,

haben wir´s geschaft?

Incident Status Location

Spyware:spyware/cws.olehelp Not disinfected Windows Registry
Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\rybdnuy3.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\rybdnuy3.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\rybdnuy3.default\cookies.txt[]
Potentially unwanted tool:Application/IopusPass Not disinfected C:\Programme\iOpus Password Recovery XP\iopuspwd.exe
Virus:Eicar.Mod Renamed C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\eicar_html.vir
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\Desktop\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected D:\Downloads\Firefox\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected D:\Downloads\Firefox\lf\l2mfix\Process.exe
Virus:Exploit/WMF Not disinfected G:\Go-Data\CLIPART.rar[ZODIC113.WMF]
Virus:Exploit/WMF Not disinfected G:\Go-Data\CLIPART.rar[TCHSB117.WMF]


Gruß

Lore

#25 loesche:
G:\Go-Data\CLIPART.rar
C:\Programme\iOpus Password Recovery XP (?) ..hier weiss ich nicht...ist es ein legales Tool ?
__________
MfG Sabina

rund um die PC-Sicherheit

#26 Hallo Sabina,

G: u. C: gelöscht

...IOpus Shareware ...keine URL falls Werbung hier unerwünscht.. eingach googln

kann ich jetzt schon Online Banking usw?

oder kommen weitere Anweisungen?


besten Dank nochmal!!

Gruß

Lore

#27 zum Schluss buegel noch mal mit kaspersky drueber und berichte
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#28 Hallo Sabina,

Scan Statistics:
Total number of scanned objects: 390153
Number of viruses found: 11
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 03:42:08

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0192195.exe Infected: Trojan-Downloader.Win32.VB.vz skipped
C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0197162.exe Infected: Trojan-Downloader.Win32.VB.wr skipped
C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0197163.exe Infected: Trojan-Downloader.Win32.VB.wd skipped
C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0197256.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0197257.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0197258.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP390\A0200805.exe Infected: Trojan-Clicker.Win32.VB.lg skipped
C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP390\A0200806.exe Infected: Trojan.Win32.StartPage.ahg skipped
C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP390\A0200828.exe Infected: Trojan-Downloader.Win32.VB.wr skipped
C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP390\A0200829.exe Infected: Trojan-Downloader.Win32.VB.wd skipped
C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP391\A0202110.exe Infected: Trojan-Clicker.Win32.VB.le skipped
C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP391\A0202111.exe Infected: Trojan-Downloader.Win32.VB.wg skipped
C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP391\A0202112.exe Infected: Trojan-Downloader.Win32.VB.wd skipped
D:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0198540.exe/run.exe Infected: Trojan-Downloader.Win32.VB.vz skipped
D:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0198540.exe ZIP: infected - 1 skipped
G:\WINXP\Editoren\SwishMax\SwishMax03.zip/start.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped
G:\WINXP\Editoren\SwishMax\SwishMax03.zip ZIP: infected - 1 skipped
G:\WINXP\Analyse-Tools\Sicherheit\Pestpatrol\pestpatrol.all.versions.keyfile-rev.zip/start.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
G:\WINXP\Analyse-Tools\Sicherheit\Pestpatrol\pestpatrol.all.versions.keyfile-rev.zip ZIP: infected - 1 skipped
G:\WINXP\Analyse-Tools\Sicherheit\Pestpatrol\e-ppcv51.zip/start.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
G:\WINXP\Analyse-Tools\Sicherheit\Pestpatrol\e-ppcv51.zip ZIP: infected - 1 skipped

Scan process completed.


... alle manuel löschen?

Gruß

Lore [/img][/url]

#29 Lore

Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

neustarten
dann wieder aktivieren

P.s : SwishMax was ist das ? hast du das von einer sicheren Seite geladen ?
Am besten die .zip manuell loeschen, was kaspersky angezeigt hat
__________
MfG Sabina

rund um die PC-Sicherheit

#30 Hallo Sabina,

ok alles gelöscht.

SwisMax --> FlashTool... von Kumpel !? hmm

aja, nach Neustart und Häkchen weg --> Systenwiederherstellung --> Bluscreen "absturtz" gign sehr schnell konnte keine Details lesen. Nach Neustart war Häkchen auch weg bei Systemwiederherstellung. Alles scheint nun ok zu sein.

Oder!?

Gruß

Lore