mein Browser öffnet immer selbstständig mit lästiger WerbungThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
14.02.2006, 23:40
Ehrenmitglied
Beiträge: 29434 |
||
|
||
15.02.2006, 22:49
Member
Beiträge: 11 |
#17
Hallo Sabina,
… sorry für die verspätete Reaktion, … hab die 2. Seite hier übersehn. Stand der „Dinge“: Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 7C6F-CA0D BFU v1.00.9 Windows XP SP2 (WinNT 5.01.2600 SP2) Script started at 11:24:16 µµ, on 15/2/2006 Option pause between commands: 100 ms Failed: FileDelete C:\DOKUME~1\user\LOKALE~1\Temp\~DF3536.tmp (operation failed) Failed: FileDelete C:\DOKUME~1\user\LOKALE~1\Temp\~DF6703.tmp (operation failed) Failed: FolderDelete C:\Programme\Network Monitor (folder not found) Failed: FolderDelete C:\Programme\SurfSideKick 3 (folder not found) Failed: FolderDelete C:\Programme\TheSearchAccelerator (folder not found) Failed: FolderDelete C:\Programme\rsss (folder not found) Script completed. --------------------------------------------------------------------------------- datfind.bad: Verzeichnis von C:\WINDOWS\system32 15/02/2006 11:34 ææ 36.630 nvModes.001 15/02/2006 11:33 ææ 17.112 nvapps.xml 15/02/2006 11:22 ææ 501.252 perfh009.dat 15/02/2006 11:22 ææ 136.234 perfc009.dat 15/02/2006 11:22 ææ 562.782 perfh007.dat 15/02/2006 11:22 ææ 159.672 perfc007.dat 15/02/2006 11:22 ææ 2.656 PerfStringBackup.INI 14/02/2006 08:23 ææ 0 lo2.txtt 14/02/2006 01:40 pæ 25.088 Thumbs.db 14/02/2006 01:36 pæ 2.206 wpa.dbl 27/01/2006 12:05 pæ 7.006 jupdate-1.5.0_06-b05.log 26/01/2006 11:33 ææ 43.254 oemlogo.bmp 26/01/2006 09:41 ææ 20.006 eule.jpg 26/01/2006 09:20 ææ 320 OEMINFO.INI 26/01/2006 08:23 ææ 31.020 eule_index.jpg 05/01/2006 04:41 pæ 2.836.320 MRT.exe 29/12/2005 05:17 ææ 56 66650F0E31.sys 29/12/2005 03:54 pæ 280.064 gdi32.dll 14/12/2005 09:24 pæ 118.784 sirenacm.dll 01/12/2005 04:31 pæ 1.492.480 shdocvw.dll 27/11/2005 12:37 ææ 5.618 jupdate-1.5.0_05-b05.log 24/11/2005 12:58 pæ 3.013.632 mshtml.dll 24/11/2005 12:58 pæ 1.022.464 browseui.dll 16/11/2005 04:31 ææ 36.630 nvModes.dat 11/11/2005 11:58 pæ 11.322 KGyGaAvL.sys 11/11/2005 11:24 pæ 178.648 FNTCACHE.DAT 10/11/2005 01:03 ææ 127.078 javaws.exe 10/11/2005 01:03 ææ 49.265 jpicpl32.cpl 10/11/2005 11:27 pæ 49.250 javaw.exe 10/11/2005 11:27 pæ 49.248 java.exe 05/11/2005 04:16 pæ 606.208 urlmon.dll 05/11/2005 04:16 pæ 1.056.256 danim.dll Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 7C6F-CA0D Verzeichnis von C:\WINDOWS 15/02/2006 11:33 ææ 1.620.134 WindowsUpdate.log 15/02/2006 11:33 ææ 159 wiadebug.log 15/02/2006 11:33 ææ 50 wiaservc.log 15/02/2006 11:32 ææ 0 0.log 15/02/2006 11:32 ææ 2.048 bootstat.dat 15/02/2006 11:18 ææ 676.884 ntbtlog.txt 15/02/2006 11:16 ææ 32.544 SchedLgU.Txt 15/02/2006 10:42 ææ 9 tracert.lo_ 15/02/2006 10:42 ææ 1.040 tracert.log 15/02/2006 12:13 ææ 155 winamp.ini 15/02/2006 03:22 pæ 2.003 wincmd.ini 15/02/2006 03:07 pæ 817 wcx_ftp.ini 14/02/2006 01:18 pæ 19.456 Thumbs.db 14/02/2006 01:17 pæ 26 Lic.xxx 13/02/2006 07:42 ææ 1.186.325 setupapi.log 13/02/2006 07:08 ææ 633 win.ini 13/02/2006 07:08 ææ 237 system.ini 13/02/2006 02:33 ææ 446 lexstat.ini 09/02/2006 12:07 ææ 122.907 wmsetup.log 26/01/2006 05:13 ææ 949 nsw.log 26/01/2006 04:41 ææ 3.274 ModemLog_Intracom NetMod USB ver 3.02.txt 26/01/2006 01:09 ææ 952.746 iis6.log 26/01/2006 01:09 ææ 211.738 comsetup.log 26/01/2006 01:09 ææ 138.819 ntdtcsetup.log 26/01/2006 01:09 ææ 313.298 tsoc.log 26/01/2006 01:09 ææ 4.696 imsins.log 26/01/2006 01:09 ææ 31.922 ocmsn.log 26/01/2006 01:09 ææ 28.839 tabletoc.log 26/01/2006 01:09 ææ 398.428 ocgen.log 26/01/2006 01:09 ææ 34.717 medctroc.Log 26/01/2006 01:09 ææ 33.634 msgsocm.log 26/01/2006 01:09 ææ 698.669 FaxSetup.log 26/01/2006 01:09 ææ 109.474 netfxocm.log 26/01/2006 01:09 ææ 246.054 msmqinst.log 23/01/2006 03:02 pæ 33 wininit.ini 16/01/2006 04:53 ææ 349 ulead32.ini 11/01/2006 01:06 ææ 1.374 imsins.BAK 11/01/2006 01:06 ææ 11.182 KB908519.log 07/01/2006 02:23 ææ 11.040 KB912919.log 07/01/2006 02:23 ææ 21.437 updspapi.log 05/01/2006 02:46 pæ 10.413 KB910437.log 05/01/2006 02:46 pæ 16.391 KB905915.log 28/12/2005 10:09 ææ 0 OpPrintServer.INI 28/12/2005 09:57 ææ 3.259 EPSTPLOG.BAK 28/12/2005 09:57 ææ 1.948 Windows Update.log 28/12/2005 09:50 ææ 25 CDER300Euro.ini 14/12/2005 03:20 ææ 1.647 ip.log 14/12/2005 03:20 ææ 9 ip.lo_ 09/12/2005 12:15 pæ 184.922 setupact.log 07/12/2005 02:58 pæ 1.127.882 _detmp.1 22/11/2005 01:10 pæ 8.146 fsbwinst.log 22/11/2005 01:05 pæ 10.539 Q-Klez.log 22/11/2005 01:00 pæ 1.122 Active Setup Log.txt 22/11/2005 01:00 pæ 1.122 Active Setup Log.BAK 22/11/2005 12:51 pæ 3.902 ModemLog_Conexant D480 MDC V.92 Modem.txt 11/11/2005 11:22 pæ 11.841 KB896424.log Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 7C6F-CA0D Verzeichnis von C:\DOKUME~1\user\LOKALE~1\Temp Datentr„ger in Laufwerk C: ist System Volumeseriennummer: 7C6F-CA0D Verzeichnis von C:\ 15/02/2006 11:35 ææ 0 sys.txt 15/02/2006 11:35 ææ 12.403 system.txt 15/02/2006 11:35 ææ 125 systemtemp.txt 15/02/2006 11:35 ææ 124.826 system32.txt 15/02/2006 11:32 ææ 268.435.456 pagefile.sys 15/02/2006 10:27 pæ 0 cttest.txt 14/02/2006 01:16 pæ 2 AVPCallback.log 13/02/2006 07:08 ææ 211 boot.ini 11/02/2006 04:38 ææ 16 UsageTrack.txt 03/02/2006 10:07 ææ 20[img]7 IPH.PH 01/02/2006 07:10 ææ 363.105 treeinfo.wc 09/12/2005 02:09 ææ 192 BcBtRmv.log 03/12/2005 03:15 pæ 5.120 Thumbs.db 28/10/2005 11:26 ææ 0 DBS.TXT 07/10/2005 08:49 ææ 3.979 CtDrvStp.log 07/10/2005 08:48 ææ 326 CtDrvIns.log 02/10/2005 07:17 ææ 0 ASPI.LOG killbox ist leer Gruß Lore |
|
|
||
16.02.2006, 13:52
Ehrenmitglied
Beiträge: 29434 |
#18
Lore
scanne mit SpySweeper (trial) und poste den scanreport http://virus-protect.org/spysweeper.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.02.2006, 18:40
...neu hier
Beiträge: 3 |
#19
Hallo erstmal hier ins Forum!
Wollte mit meinem Problem keinen neuen Thread aufmachen. Habe auch mit ständigen Popups gekämpft und bin durch googeln auf dieses Forum aufmerksam geworden. Nach sorgfältigem abarbeiten der Lösungsvorschläge war der letzte Post von Sabina meine Rettung. Spysweeper hat die adware look2me gefunden und erfolgreich ins Jenseits befördert. (Lavasoft Ad-Aware war übrigens trotz neuestem Stand nicht in der Lage diese adware zu finden). Herzlichen Dank und ein RIESENLOB an dieses Forum Grüße Carsten |
|
|
||
16.02.2006, 20:20
Member
Beiträge: 11 |
#20
Hallo Sabina,
… hab nun wieder die Gelegenheit gefunden um zu Posten. Report Spy Sweeper: ******** 3:57 ìì: | Start of Session, ÐÝìðôç, 16 ÖåâñïõÜñéïò 2006 | 3:57 ìì: Spy Sweeper started 3:57 ìì: Sweep initiated using definitions version 615 3:57 ìì: Starting Memory Sweep 4:01 ìì: Memory Sweep Complete, Elapsed Time: 00:03:38 4:01 ìì: Starting Registry Sweep 4:01 ìì: Found Adware: look2me 4:01 ìì: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\smden\ (6 subtraces) (ID = 501239) 4:01 ìì: Registry Sweep Complete, Elapsed Time:00:00:28 4:01 ìì: Starting Cookie Sweep 4:01 ìì: Cookie Sweep Complete, Elapsed Time: 00:00:00 4:01 ìì: Starting File Sweep ............................... 4:46 ìì: Warning: Failed to open file "g:\go-informatik\praktikum\data-media\studienarbeiten\linuxforen_de -- user helfen usern - iptables fur ihk-prufung (bitte um hilfe).htm". Das System kann die angegebene Datei nicht finden 4:46 ìì: Warning: Failed to open file "g:\go-informatik\praktikum\data-media\projekt-ihk\opensource-sicherheitslosungen fur unternehmen.pdf". Das System kann die angegebene Datei nicht finden 4:46 ìì: Warning: Failed to open file "g:\go-informatik\praktikum\data-media\projekt-ihk\bsi schulung it-grundschutz - 2_5 test - losungen.htm". Das System kann die angegebene Datei nicht finden 4:46 ìì: Warning: Failed to open file "g:\go-informatik\praktikum\data-media\projekt-ihk\erstellung von regelsatzen fur paketfilter.pdf". Das System kann die angegebene Datei nicht finden 4:46 ìì: Warning: Failed to open file "g:\go-informatik\praktikum\data-media\projekt-ihk\eigene dlt, lto vogon international (munchen, koln).htm". Das System kann die angegebene Datei nicht finden 5:38 ìì: Warning: Failed to open file "g:\www.mike.de\best\web-bsp\vogon2\datenrettung - festplatten, raid, magnetbandern, dlt, lto vogon international (munchen, koln).htm". Das System kann die angegebene Datei nicht finden .... .... das ging dann weiter, denke aber diese info ist nich relevant. --------------------------------- 6:05 ìì: File Sweep Complete, Elapsed Time: 02:03:12 6:05 ìì: Full Sweep has completed. Elapsed time 02:07:32 6:05 ìì: Traces Found: 7 ******** 3:41 ìì: | Start of Session, ÐÝìðôç, 16 ÖåâñïõÜñéïò 2006 | 3:41 ìì: Spy Sweeper started 3:43 ìì: Your spyware definitions have been updated. 3:46 ìì: Updating spyware definitions 3:46 ìì: Your definitions are up to date. 3:52 ìì: IE Tracking Cookies Shield: Removed advertising cookie 3:52 ìì: IE Tracking Cookies Shield: Removed atlas dmt cookie 3:52 ìì: IE Tracking Cookies Shield: Removed atwola cookie 3:52 ìì: IE Tracking Cookies Shield: Removed questionmarket cookie 3:57 ìì: | End of Session, ÐÝìðôç, 16 ÖåâñïõÜñéïò 2006 | Spy Sweeper will provide you with detailed information about the operations being performed in this area. The shields above are available with this version of Spy Sweeper. The shields above are available with this version of Spy Sweeper. Automated check for new spyware definitions now underway. Automated check for program update in progress. Your Spy Sweeper application is up to date. Automated check for news in progress. ... news is ready for your viewing. Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware. System Shields: These protect different parts of your Windows system. Hosts File Shield: Protects you from malicious web sites that conduct address hijacking (diverting you to www.someothersite.com instead of www.google.com). Updating spyware definitions from Webroot.com Please wait... This may take a few minutes... Your spyware definitions have been updated. You are now protected against 125077 known traces. No items will be ignored during sweeps. No items will be removed without notification during sweeps. Pressing a product button will provide more information about that product. The shields above are available with this version of Spy Sweeper. The shields above are available with this version of Spy Sweeper. Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware. System Shields: These protect different parts of your Windows system. Hosts File Shield: Protects you from malicious web sites that conduct address hijacking (diverting you to www.someothersite.com instead of www.google.com). Startup Shield: Protects your startup program list from unauthorized changes. BHO Shield: Protects your IE from unauthorized changes by BHOs The shields above are available with this version of Spy Sweeper. BHO Shield: Protects your IE from unauthorized changes by BHOs Startup Shield: Protects your startup program list from unauthorized changes. Hosts File Shield: Protects you from malicious web sites that conduct address hijacking (diverting you to www.someothersite.com instead of www.google.com). System Shields: These protect different parts of your Windows system. Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware. The shields above are available with this version of Spy Sweeper. Spy News is provided to help you get the most out of Spy Sweeper by providing you with real-time information such as usability tips and news regarding the latest threats. The shields above are available with this version of Spy Sweeper. The shields above are available with this version of Spy Sweeper. Launching browser to check for program updates. Done. Updating spyware definitions from Webroot.com Please wait... This may take a few minutes... Your definitions are up to date. The shields above are available with this version of Spy Sweeper. The shields above are available with this version of Spy Sweeper. Startup Shield: Protects your startup program list from unauthorized changes. The shields above are available with this version of Spy Sweeper. No items will be ignored during sweeps. No items will be removed without notification during sweeps. Pressing a product button will provide more information about that product. The shields above are available with this version of Spy Sweeper. The shields above are available with this version of Spy Sweeper. Startup Shield: Protects your startup program list from unauthorized changes. Hosts File Shield: Protects you from malicious web sites that conduct address hijacking (diverting you to www.someothersite.com instead of www.google.com). System Shields: These protect different parts of your Windows system. Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware. The shields above are available with this version of Spy Sweeper. Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware. The shields above are available with this version of Spy Sweeper. Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware. IE Hijack Shield is not activated The shields above are available with this version of Spy Sweeper. Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware. IE Tracking Cookies Shield is activated IE Tracking Cookies Shield: Removed advertising cookie IE Tracking Cookies Shield: Removed atlas dmt cookie IE Tracking Cookies Shield: Removed atwola cookie IE Tracking Cookies Shield: Removed questionmarket cookie IE Tracking Cookies Shield is not activated IE Hijack Shield is activated IE Tracking Cookies Shield is activated IE Favorites Shield is not activated IE Favorites Shield is activated IE Security Shield is not activated IE Security Shield is activated IE Tracking Cookies Shield is not activated IE Tracking Cookies Shield is activated System Shields: These protect different parts of your Windows system. Hosts File Shield: Protects you from malicious web sites that conduct address hijacking (diverting you to www.someothersite.com instead of www.google.com). Startup Shield: Protects your startup program list from unauthorized changes. BHO Shield: Protects your IE from unauthorized changes by BHOs The shields above are available with this version of Spy Sweeper. Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware. IE Hijack Shield is not activated The shields above are available with this version of Spy Sweeper. Internet Explorer Shields: These protect Internet Explorer elements commonly changed by spyware and adware. IE Hijack Shield is activated To ensure proper removal of spyware, adware and other unwanted items, be sure to close any programs that are open. Your Sweep Options indicate the following will be swept: Drives: C: D: G: Also sweeping: Memory, Cookies, Registry Adware found: look2me Full Sweep has completed. Elapsed time 02:07:32 Traces Found: 7 @ cadank stimme völlig überein. Hab hier aber erst mal nur das Ergebniss vom Report gepostet, auf weitere instruktionen warte ich dankend! Grüß Lore Dieser Beitrag wurde am 16.02.2006 um 21:04 Uhr von Lore editiert.
|
|
|
||
17.02.2006, 00:13
Ehrenmitglied
Beiträge: 29434 |
#21
Lore
- Hoster.zip--> noch einmal http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. scanne mit Panda und kopiere den scanreport http://virus-protect.org/onlinescan.html Zitat
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.02.2006, 11:08
Member
Beiträge: 11 |
#22
Hallo Sabina,
Report PandaOnlineScan: Incident Status Location Spyware:spyware/cws.olehelp Not disinfected Windows Registry Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\rybdnuy3.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\rybdnuy3.default\cookies.txt[.adtech.de/] Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\rybdnuy3.default\cookies.txt[] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26b69f0a-718bcc50.zip[GetAccess.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26b69f0a-718bcc50.zip[InsecureClassLoader.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26b69f0a-718bcc50.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26b69f0a-718bcc50.zip[Installer.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-58d8b149-11299139.zip[GetAccess.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-58d8b149-11299139.zip[InsecureClassLoader.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-58d8b149-11299139.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-58d8b149-11299139.zip[Installer.class] Adware:Adware/CWS.Searchmeup Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-757a4c66.zip[GetAccess.class] Adware:Adware/CWS.Searchmeup Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-757a4c66.zip[Installer.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-757a4c66.zip[NewSecurityClassLoader.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-757a4c66.zip[NewURLClassLoader.class] Adware:Adware/IST.ISTBar Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-430612bf.zip[InstallerApplet.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-6fd736c0.zip[Matrix.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-6fd736c0.zip[Counter.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-6fd736c0.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-6fd736c0.zip[Parser.class] Potentially unwanted tool:Application/IopusPass Not disinfected C:\Programme\iOpus Password Recovery XP\iopuspwd.exe Virus:Eicar.Mod Renamed C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\eicar.html Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\Desktop\l2mfix.exe[Process.exe] Virus:SymbOS/ComWar.A.worm Disinfected D:\Downloads\Firefox\commw.sis Dialerialer.Gen Not disinfected D:\Downloads\Firefox\erdkunde.exe Potentially unwanted tool:Application/Processor Not disinfected D:\Downloads\Firefox\l2mfix.exe[Process.exe] Potentially unwanted tool:Application/Processor Not disinfected D:\Downloads\Firefox\lf\l2mfix\Process.exe Virus:Exploit/WMF Not disinfected G:\Go-Data\CLIPART.rar[ZODIC113.WMF] Virus:Exploit/WMF Not disinfected G:\Go-Data\CLIPART.rar[TCHSB117.WMF] Virus:Exploit/WMF Disinfected G:\Go-Data\CLIPART\RECREATN\SPRTTEAM\SOCCR021.WMF Virus:Exploit/WMF Disinfected G:\Go-Data\CLIPART\SYMBOLS\TECHSYMB\TCHSB117.WMF Virus:Exploit/WMF Disinfected G:\Go-Data\CLIPART\SYMBOLS\ZODIAC\ZODIC113.WMF Gruß Lore |
|
|
||
17.02.2006, 11:58
Ehrenmitglied
Beiträge: 29434 |
#23
Versteckte- und Systemdateien
http://virus-protect.org/invisible.html loesche: D:\Downloads\Firefox\erdkunde.exe D:\Downloads\Firefox\commw.sis alle Eintraege loeschen im Java-Cache: C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar dann scanne noch mal. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.02.2006, 14:31
Member
Beiträge: 11 |
#24
Hallo Sabina,
haben wir´s geschaft? Incident Status Location Spyware:spyware/cws.olehelp Not disinfected Windows Registry Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\rybdnuy3.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\rybdnuy3.default\cookies.txt[.adtech.de/] Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\rybdnuy3.default\cookies.txt[] Potentially unwanted tool:Application/IopusPass Not disinfected C:\Programme\iOpus Password Recovery XP\iopuspwd.exe Virus:Eicar.Mod Renamed C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\eicar_html.vir Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\Desktop\l2mfix.exe[Process.exe] Potentially unwanted tool:Application/Processor Not disinfected D:\Downloads\Firefox\l2mfix.exe[Process.exe] Potentially unwanted tool:Application/Processor Not disinfected D:\Downloads\Firefox\lf\l2mfix\Process.exe Virus:Exploit/WMF Not disinfected G:\Go-Data\CLIPART.rar[ZODIC113.WMF] Virus:Exploit/WMF Not disinfected G:\Go-Data\CLIPART.rar[TCHSB117.WMF] Gruß Lore |
|
|
||
17.02.2006, 14:38
Ehrenmitglied
Beiträge: 29434 |
#25
loesche:
G:\Go-Data\CLIPART.rar C:\Programme\iOpus Password Recovery XP (?) ..hier weiss ich nicht...ist es ein legales Tool ? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.02.2006, 15:12
Member
Beiträge: 11 |
#26
Hallo Sabina,
G: u. C: gelöscht ...IOpus Shareware ...keine URL falls Werbung hier unerwünscht.. eingach googln kann ich jetzt schon Online Banking usw? oder kommen weitere Anweisungen? besten Dank nochmal!! Gruß Lore |
|
|
||
17.02.2006, 15:15
Ehrenmitglied
Beiträge: 29434 |
#27
zum Schluss buegel noch mal mit kaspersky drueber und berichte
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.02.2006, 20:57
Member
Beiträge: 11 |
#28
Hallo Sabina,
Scan Statistics: Total number of scanned objects: 390153 Number of viruses found: 11 Number of infected objects: 21 Number of suspicious objects: 0 Duration of the scan process: 03:42:08 Infected Object Name / Virus Name / Last Action C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0192195.exe Infected: Trojan-Downloader.Win32.VB.vz skipped C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0197162.exe Infected: Trojan-Downloader.Win32.VB.wr skipped C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0197163.exe Infected: Trojan-Downloader.Win32.VB.wd skipped C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0197256.exe Infected: Trojan-Downloader.Win32.Small.buy skipped C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0197257.exe Infected: Trojan-Downloader.Win32.Small.buy skipped C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0197258.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP390\A0200805.exe Infected: Trojan-Clicker.Win32.VB.lg skipped C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP390\A0200806.exe Infected: Trojan.Win32.StartPage.ahg skipped C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP390\A0200828.exe Infected: Trojan-Downloader.Win32.VB.wr skipped C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP390\A0200829.exe Infected: Trojan-Downloader.Win32.VB.wd skipped C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP391\A0202110.exe Infected: Trojan-Clicker.Win32.VB.le skipped C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP391\A0202111.exe Infected: Trojan-Downloader.Win32.VB.wg skipped C:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP391\A0202112.exe Infected: Trojan-Downloader.Win32.VB.wd skipped D:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0198540.exe/run.exe Infected: Trojan-Downloader.Win32.VB.vz skipped D:\System Volume Information\_restore{E9FC56FA-2126-4F7B-8521-66FD27145217}\RP389\A0198540.exe ZIP: infected - 1 skipped G:\WINXP\Editoren\SwishMax\SwishMax03.zip/start.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped G:\WINXP\Editoren\SwishMax\SwishMax03.zip ZIP: infected - 1 skipped G:\WINXP\Analyse-Tools\Sicherheit\Pestpatrol\pestpatrol.all.versions.keyfile-rev.zip/start.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped G:\WINXP\Analyse-Tools\Sicherheit\Pestpatrol\pestpatrol.all.versions.keyfile-rev.zip ZIP: infected - 1 skipped G:\WINXP\Analyse-Tools\Sicherheit\Pestpatrol\e-ppcv51.zip/start.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped G:\WINXP\Analyse-Tools\Sicherheit\Pestpatrol\e-ppcv51.zip ZIP: infected - 1 skipped Scan process completed. ... alle manuel löschen? Gruß Lore [/img][/url] |
|
|
||
18.02.2006, 00:04
Ehrenmitglied
Beiträge: 29434 |
#29
Lore
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. neustarten dann wieder aktivieren P.s : SwishMax was ist das ? hast du das von einer sicheren Seite geladen ? Am besten die .zip manuell loeschen, was kaspersky angezeigt hat __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.02.2006, 10:21
Member
Beiträge: 11 |
#30
Hallo Sabina,
ok alles gelöscht. SwisMax --> FlashTool... von Kumpel !? hmm aja, nach Neustart und Häkchen weg --> Systenwiederherstellung --> Bluscreen "absturtz" gign sehr schnell konnte keine Details lesen. Nach Neustart war Häkchen auch weg bei Systemwiederherstellung. Alles scheint nun ok zu sein. Oder!? Gruß Lore |
|
|
||
- Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.
- als naechstes arbeite das hier ab (nur die delf.bfu)--> kopiere dann hier den scanreport
http://virus-protect.org/artikel/bfu/delf_bfu.html
- in der killbox unter C:\ musst du alles loeschen, was da ist.
- wenn du die bfu abgearbeitet hast....poste bitte die 4 Textdateien von datfindbat noch einmal.
dann sehen wir weiter
__________
MfG Sabina
rund um die PC-Sicherheit