Warning! Your PC is infected with spyware

Thema ist geschlossen!
Thema ist geschlossen!
#0
14.12.2005, 20:50
...neu hier

Beiträge: 7
#16 Hallo,
ich hatte diverse Fehlermeldungen betreffend Spyware. Durch diverse Foren habe ich mich schon durchgearbeitet und auch schon versucht einiges zu löschen oder selbst zu beheben. Ein Teil hat geklappt, aber nun verzweifel ich. Eine Fehlermeldung beim Start habe ich nicht mehr, auch den bekannten Fehler mit dem Hintergrund auf dem Desktop konnte ich abschalten. Wenn ich aber ins Internet gehe, dann meldet die E-Mail Prüfung vom Northen AntiVirus ständig, das irgendwelche E-Mails nicht gesendet werden können. Ich bin ein totaler Laie, wenn Ihr mir helfen könnt, dann bitte so einfach und ausführlich wie möglich beschreiben.
Mein HiJackThis Log sieht wie folgt aus:

Logfile of HijackThis v1.99.1
Scan saved at 20:49:39, on 14.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Norton AntiVirus\OPScan.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Wilfwo\LOKALE~1\Temp\Rar$EX00.343\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp707C.tmp (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Zone Alarm Pro] D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [Screen shot Utility] D:\Program Files\ScreenShot Utility\ScreenshotUtility.exe
O4 - HKLM\..\Run: [FreeRAM XP Pro] D:\Program Files\FreeRam XP Pro\FreeRAM XP Pro.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED2FD1A7-8DA7-4EF0-9014-524E56571207}: NameServer = 195.50.140.250 195.50.140.114
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\V2lsbGk\command.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

Vielen Dank im vorraus
Kuchen
Seitenanfang Seitenende
15.12.2005, 17:13
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#17 Kuchen

wende cleanup an (genau wie auf der seite erklaert)
http://virus-protect.org/cleanup.html

kopiere die 4 textdatein
http://virus-protect.org/datfindbat.html

(ich kann erst morgen wieder nachsehen)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.12.2005, 18:35
...neu hier

Beiträge: 7
#18 Hallo mal wieder. Hat lange gedauert, da es sich um den PC meines Pa´s handelt und wir nicht so oft einen Termin finden an dem wir beide können ^^
Hier die Daten:

Verzeichnis von C:\WINDOWS\system32

21.12.2005 08:38 2.206 wpa.dbl
21.12.2005 08:38 237.552 FNTCACHE.DAT
14.12.2005 19:32 492.544 WRLogonNtf.dll
14.12.2005 19:32 8.192 ssiefr.EXE
14.12.2005 19:32 17.920 wrlzma.dll
12.12.2005 17:12 2.158 ssmute.ini
11.12.2005 08:21 41.472 msctl32.dll
11.12.2005 08:21 4 winsub.xml
11.12.2005 08:21 58 svcp.csv
11.12.2005 08:20 3.625 scmt16.exe

09.12.2005 01:21 2.723.680 MRT.exe
04.12.2005 19:18 2.550 Uninstall.ico
04.12.2005 19:18 1.406 Help.ico
04.12.2005 19:18 1.718 Open.ico
04.12.2005 19:18 5.350 IE.ico
04.12.2005 19:18 9.470 Desktop.ico
04.12.2005 19:18 1.718 Quick.ico
04.12.2005 18:45 0 asfiles.txt
01.12.2005 04:31 1.492.480 shdocvw.dll
24.11.2005 00:58 3.013.632 mshtml.dll
24.11.2005 00:58 1.022.464 browseui.dll
05.11.2005 04:16 606.208 urlmon.dll
05.11.2005 04:16 1.056.256 danim.dll
03.11.2005 08:34 311.740 perfh009.dat
03.11.2005 08:34 40.128 perfc009.dat
03.11.2005 08:34 48.354 perfc007.dat
03.11.2005 08:34 316.924 perfh007.dat
03.11.2005 08:34 723.744 PerfStringBackup.INI
02.11.2005 00:44 127.574 tsuninst.exe
21.10.2005 04:40 664.064 wininet.dll
21.10.2005 04:40 474.112 shlwapi.dll
21.10.2005 04:40 146.432 msrating.dll
21.10.2005 04:40 530.944 mstime.dll
21.10.2005 04:40 448.512 mshtmled.dll
21.10.2005 04:40 39.424 pngfilt.dll
21.10.2005 04:40 96.768 inseng.dll
21.10.2005 04:40 152.064 cdfview.dll
21.10.2005 04:40 55.808 extmgr.dll
21.10.2005 04:40 205.312 dxtrans.dll
21.10.2005 04:40 251.392 iepeers.dll
20.10.2005 23:25 1.094.144 esent.dll
13.10.2005 00:11 15.584 spmsg.dll
09.10.2005 16:10 196.608 avisynth.dll
09.10.2005 16:10 301.568 l3codeca.acm
09.10.2005 16:10 33.280 HUFFYUV.DLL
07.10.2005 12:50 483.328 actskn45.ocx
06.10.2005 04:18 280.064 gdi32.dll
06.10.2005 04:08 1.839.616 win32k.sys
28.09.2005 15:50 24 sysmwwod.dll
23.09.2005 04:06 8.491.520 shell32.dll
10.09.2005 02:54 2.067.968 cdosys.dll
01.09.2005 02:44 292.352 winsrv.dll
01.09.2005 02:44 19.968 linkinfo.dll

Verzeichnis von C:\DOKUME~1\Wilfwo\LOKALE~1\Temp

21.12.2005 18:24 220 jusched.log
1 Datei(en) 220 Bytes
0 Verzeichnis(se), 41.884.295.168 Bytes frei

Verzeichnis von C:\WINDOWS

21.12.2005 18:25 0 0.log
21.12.2005 18:24 1.388.627 WindowsUpdate.log
21.12.2005 18:24 2.048 bootstat.dat
21.12.2005 18:23 32.090 SchedLgU.Txt
20.12.2005 18:23 50 wiaservc.log
20.12.2005 18:23 216 wiadebug.log
20.12.2005 18:17 120 emule.INI
15.12.2005 08:43 788.139 iis6.log
15.12.2005 08:43 130.441 ntdtcsetup.log
15.12.2005 08:43 288.590 tsoc.log
15.12.2005 08:43 15.678 tabletoc.log
15.12.2005 08:43 28.542 ocmsn.log
15.12.2005 08:43 10.904 KB910437.log
15.12.2005 08:43 54.458 netfxocm.log
15.12.2005 08:43 23.113 medctroc.Log
15.12.2005 08:43 31.265 msgsocm.log
15.12.2005 08:43 616.089 FaxSetup.log
15.12.2005 08:43 200.574 msmqinst.log
15.12.2005 08:43 26.732 updspapi.log
15.12.2005 08:43 1.393 imsins.BAK
15.12.2005 08:43 16.713 KB905915.log
14.12.2005 19:32 478.720 WRUninstall.dll
11.12.2005 08:21 2.033 hosts
11.12.2005 08:21 1.024 tool5.exe
11.12.2005 08:21 47.616 tool4.exe
11.12.2005 08:21 8.238 tool3.exe
11.12.2005 08:21 1.024 tool1.exe
11.12.2005 08:21 1.999 desktop.html
11.12.2005 08:20 1.024 country.exe
11.12.2005 08:20 0 uniq

04.12.2005 19:19 32 pavsig.txt
04.12.2005 18:45 771 win.ini
04.12.2005 18:30 304.328 ntbtlog.txt
23.11.2005 13:16 42 lows.dxa
10.11.2005 17:13 11.811 KB896424.log
03.11.2005 08:40 73.216 cadkasdeinst01.exe
15.10.2005 15:06 29.953 KB901017.log
15.10.2005 15:06 32.300 KB902400.log
15.10.2005 15:05 19.447 KB896688.log
15.10.2005 15:05 19.944 KB899589.log
15.10.2005 15:05 20.259 KB905414.log
15.10.2005 15:05 20.038 KB900725.log
15.10.2005 15:04 17.440 KB904706.log
15.10.2005 15:04 18.790 KB905749.log
12.10.2005 16:48 116 homeDVD-Fotos4_dlx.INI
12.10.2005 16:27 107 magix.ini
12.10.2005 15:25 192 winamp.ini
09.10.2005 17:57 116 homeDVD-Fotos3.INI
09.10.2005 17:28 54 TwUI215.INI
09.10.2005 16:56 0 homeDVD-Fotos4_5_dlx.INI
09.10.2005 16:16 12.728 SYMEVENT.LOG
29.09.2005 18:49 1.409 QTFont.for
29.09.2005 18:49 54.156 QTFont.qfn

Verzeichnis von C:\

21.12.2005 18:33 0 sys.txt
21.12.2005 18:32 13.449 system.txt
21.12.2005 18:31 293 systemtemp.txt
21.12.2005 18:26 109.251 system32.txt
21.12.2005 18:24 390.070.272 pagefile.sys
04.12.2005 18:27 1.528 rapport.txt
04.12.2005 18:21 1.114 smitfiles.txt
01.12.2005 14:57 1.120 baseclasses.log
14.11.2005 22:30 1.148 avi_log.txt
09.10.2005 18:30 104 shutdown.log
09.10.2005 17:06 1.681 mxfilerelatedcache.mxc2

Bitte um weitere Anweisungen ;)
Seitenanfang Seitenende
21.12.2005, 21:03
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#19 gehe in die Registry
Start-->Ausfuehren--> regedit reinschreiben)

klicke dich durch bis zu:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"Wallpaper" = "C:\WINDOWS\desktop.html" <---loeschen

KILLBOX
http://virus-protect.org/killbox.html

C:\WINDOWS\system32\msctl32.dll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\scmt16.exe
C:\WINDOWS\hosts
C:\WINDOWS\tool5.exe
C:\WINDOWS\tool4.exe
C:\WINDOWS\tool3.exe
C:\WINDOWS\tool1.exe
C:\WINDOWS\desktop.html
C:\WINDOWS\country.exe
C:\WINDOWS\uniq
C:\WINDOWS\system32\tsuninst.exe

PC neustarten

Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp707C.tmp (file missing)
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll

PC neustarten


Silentrunner
http://virus-protect.org/silentrunner.html
poste den scanreport
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.01.2006, 18:23
...neu hier

Beiträge: 7
#20 Hello again, nun habe ich den Rechner zu Hause und kann täglich handeln.

Konnte ich nicht finden:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"Wallpaper" = "C:\WINDOWS\desktop.html"
Unter Policies gab es nur die Ordner "ActiveDesktop" und "Explorer" und darin habe ich auch nichts ähnliches gefunden?!

Und hier den Scanreport in der Hoffnung alles richtig gemacht zu haben:

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.Exe" /background" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe" [empty string]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" [file not found]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"RemoteControl" = "C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"SunJavaUpdateSched" = "C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe" [null data]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" [file not found]
"PrinTray" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [file not found]
"IntelliType" = ""C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"" [file not found]
"Motive SmartBridge" = "C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [file not found]
"Zone Alarm Pro" = "D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe" [file not found]
"Screen shot Utility" = "D:\Program Files\ScreenShot Utility\ScreenshotUtility.exe" [file not found]
"FreeRAM XP Pro" = "D:\Program Files\FreeRam XP Pro\FreeRAM XP Pro.exe" [file not found]
"IPInSightMonitor 01" = ""C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"" [file not found]
"IPInSightLAN 01" = ""C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l" [file not found]
"Lexmark X73 Button Monitor" = "D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe" [file not found]
"Lexmark X73 Button Manager" = "D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe" [file not found]
"POINTER" = "C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [file not found]
"SpySweeper" = ""C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++}
"Flag" = 132

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{a84c0520-b187-11d0-8ae7-00c04fd28d85}" = "KODAK DC215 Zoomkamera"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Kodak\DC215K~1\Mounter\DC215mnt.dll" ["Eastman Kodak Company"]
"{2582A520-4E2C-11D0-944A-00608CB854B7}" = "Micrografx Designer Schnellansicht"
-> {CLSID}\InProcServer32\(Default) = "fvds70.dll" ["Micrografx, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Wilfwo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Scheduled Tasks:
------------------------

"06LET_IT_BE" -> launches: "D:\06LET_IT_BE.MP3" [file not found]
"201-ozzy_osbourne-ultimate_sin_(live)" -> launches: "F:\201-ozzy_osbourne-ultimate_sin_(live).mp3" [file not found]
"202-ozzy_osbourne-never_know_why_(live)" -> launches: "F:\202-ozzy_osbourne-never_know_why_(live).mp3" [file not found]
"203-ozzy_osbourne-thank_god_for_the_bomb_(live)" -> launches: "F:\203-ozzy_osbourne-thank_god_for_the_bomb_(live).mp3" [file not found]
"204-ozzy_osbourne-crazy_babies" -> launches: "F:\204-ozzy_osbourne-crazy_babies.mp3" [file not found]
"205-ozzy_osbourne-breakin_all_the_rules" -> launches: "F:\205-ozzy_osbourne-breakin_all_the_rules.mp3" [file not found]
"206-ozzy_osbourne-i_dont_want_to_change_the_world_(demo)" -> launches: "F:\206-ozzy_osbourne-i_dont_want_to_change_the_world_(demo).mp3" [file not found]
"207-ozzy_osbourne-mama_im_coming_home_(demo)" -> launches: "F:\207-ozzy_osbourne-mama_im_coming_home_(demo).mp3" [file not found]
"208-ozzy_osbourne-desire_(demo)" -> launches: "F:\208-ozzy_osbourne-desire_(demo).mp3" [file not found]
"209-ozzy_osbourne-no_more_tears" -> launches: "F:\209-ozzy_osbourne-no_more_tears.mp3" [file not found]
"210-ozzy_osbourne-wont_be_coming_home_(s.i.n.)_(demo)" -> launches: "F:\210-ozzy_osbourne-wont_be_coming_home_(s.i.n.)_(demo).mp3" [file not found]
"DCP00969" -> launches: "D:\BOPPARD\DCP00969.JPG" [file not found]
"DCP00970" -> launches: "D:\BOPPARD\DCP00970.JPG" [file not found]
"DCP00971" -> launches: "D:\BOPPARD\DCP00971.JPG" [file not found]
"DCP00972" -> launches: "D:\BOPPARD\DCP00972.JPG" [file not found]
"DCP00973" -> launches: "D:\BOPPARD\DCP00973.JPG" [file not found]
"DCP00974" -> launches: "D:\BOPPARD\DCP00974.JPG" [file not found]
"DCP00975" -> launches: "D:\BOPPARD\DCP00975.JPG" [file not found]
"DCP00976" -> launches: "D:\BOPPARD\DCP00976.JPG" [file not found]
"DCP00977" -> launches: "D:\BOPPARD\DCP00977.JPG" [file not found]
"DCP00978" -> launches: "D:\BOPPARD\DCP00978.JPG" [file not found]
"DCP00979" -> launches: "D:\BOPPARD\DCP00979.JPG" [file not found]
"DCP00980" -> launches: "D:\BOPPARD\DCP00980.JPG" [file not found]
"DCP00981" -> launches: "D:\BOPPARD\DCP00981.JPG" [file not found]
"DCP00982" -> launches: "D:\BOPPARD\DCP00982.JPG" [file not found]
"DCP00983" -> launches: "D:\BOPPARD\DCP00983.JPG" [file not found]
"DCP00984" -> launches: "D:\BOPPARD\DCP00984.JPG" [file not found]
"DCP00985" -> launches: "D:\BOPPARD\DCP00985.JPG" [file not found]
"DCP00986" -> launches: "D:\BOPPARD\DCP00986.JPG" [file not found]
"DCP00987" -> launches: "D:\BOPPARD\DCP00987.JPG" [file not found]
"DCP00988" -> launches: "D:\BOPPARD\DCP00988.JPG" [file not found]
"DCP00989" -> launches: "D:\BOPPARD\DCP00989.JPG" [file not found]
"DCP00990" -> launches: "D:\BOPPARD\DCP00990.JPG" [file not found]
"DCP00991" -> launches: "D:\BOPPARD\DCP00991.JPG" [file not found]
"DCP00992" -> launches: "D:\BOPPARD\DCP00992.JPG" [file not found]
"DCP00994" -> launches: "D:\BOPPARD\DCP00994.JPG" [file not found]
"DCP00995" -> launches: "D:\BOPPARD\DCP00995.JPG" [file not found]
"DCP00996" -> launches: "D:\BOPPARD\DCP00996.JPG" [file not found]
"DCP00997" -> launches: "D:\BOPPARD\DCP00997.JPG" [file not found]
"DCP00998" -> launches: "D:\BOPPARD\DCP00998.JPG" [file not found]
"DCP01000" -> launches: "D:\BOPPARD\DCP01000.JPG" [file not found]
"DCP01001" -> launches: "D:\BOPPARD\DCP01001.JPG" [file not found]
"Norton AntiVirus - Meinen Computer prüfen - Wilfwo" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

Missing lines (compared with English-language version):
HIJACK WARNING! "MGINavigationCanceled" = (empty string)
HIJACK WARNING! "MGIWelcome" = (empty string)
HIJACK WARNING! "MGIOfflineInformation" = (empty string)


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Norton AntiVirus Auto-Protect-Dienst, navapsvc, ""C:\Programme\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
PDF Port\Driver = "C:\WINDOWS\system32\pdfports.dll" ["Adobe Systems Incorporated."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 35 seconds, including 4 seconds for message boxes)
Seitenanfang Seitenende
05.01.2006, 23:54
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#21 gehe in die Registry und loesche:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
"Flag" = 132

-------------------------------------------------------------------------
das gehoert zu MGI PhotoSuite 4...hast du irgendwelche probleme ? Vorherst nicht loeschen... beantworte nur meine frage... ;)
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

HIJACK WARNING! "MGINavigationCanceled" = (empty string)
HIJACK WARNING! "MGIWelcome" = (empty string)
HIJACK WARNING! "MGIOfflineInformation" = (empty string)

Zitat

C:\Arquivos de programas\MGI\MGI PhotoSuite 4\Internet\NavigationCanceled.html
C:\Arquivos de programas\MGI\MGI PhotoSuite 4\Internet\W_Welcome.html
C:\Arquivos de programas\MGI\MGI PhotoSuite 4\Internet\OfflineInformation.html

----------------------------------------------------------------------------
Scanne mit kaspersky und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.01.2006, 18:26
...neu hier

Beiträge: 7
#22 Eintrag in der Registry ist gelöscht.

MGI 2 ist auf dem Rechner, das habe ich auch noch auf CD falls ich es sichertshalber entfernen soll?!

Was soll ich denn mit kaspersky scannen?
-critical areas
-my computer
-my email
-folders
-a file

Diese selbstverschickenen Emails haben aufgehört nachdem ich Deine letzte Anweisung befolgt habe

Und noch zwei Frage:

Bevor ich in diesem Forum gepostet habe, habe ich ja schon selbst versucht das ganze zu beheben. Nun habe ich beim Systemstart folgende Fehlermeldung:
RUNDLL
Fehler beim Laden von c:\windows\system32\Nvcpl.dll
Das angegebene Modul wurde nicht gefunden.
Hast Du da auch einen Tip für mich?

Und Frage Nr 2:
Wie kann man in Zukunft diesem ganzen Kram zuvor kommen? Ist "Webroot spy sweeper" geeignet?

Mal wieder vielen Dank vorab!!!!!!!
Seitenanfang Seitenende
06.01.2006, 23:47
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#23 du hast eine der nvidia karte zugehoerige dll geloescht.

Nun muesstest du die Software+ Treiber von der karte erst deinstallieren und dann neu laden.

mit Kaspersky musst du alles scannen, wenn moeglich
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.01.2006, 09:27
...neu hier

Beiträge: 7
#24 Guten Morgen Sabina,

critical areas:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, January 07, 2006 18:34:56
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/01/2006
Kaspersky Anti-Virus database records: 159397
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOKUME~1\Wilfwo\LOKALE~1\Temp\

Scan Statistics:
Total number of scanned objects: 12875
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 735 sec
No malware has been detected. The sections that have been scanned are CLEAN.

Scan process completed.


und my computer:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, January 07, 2006 19:19:27
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/01/2006
Kaspersky Anti-Virus database records: 159397
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 36912
Number of viruses found: 25
Number of infected objects: 50
Number of suspicious objects: 0
Duration of the scan process: 2374 sec

Infected Object Name - Virus Name
C:\Programme\Norton AntiVirus\Quarantine\7BD41C82.dll Infected: SpamTool.Win32.Mailbot.j
C:\Programme\Norton AntiVirus\Quarantine\7C784FCE.exe Infected: Trojan-Downloader.Win32.PassAlert.d
C:\Programme\Norton AntiVirus\Quarantine\7CE43958.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP554\A0102745.tlb Infected: Trojan.Win32.Puper.bp
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP554\A0102806.tlb Infected: Trojan.Win32.Puper.bp
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP554\A0102851.tlb Infected: Trojan.Win32.Puper.bp
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP554\A0102852.exe Infected: Trojan-Downloader.Win32.Zlob.bw
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP554\A0102882.tlb Infected: Trojan.Win32.Puper.bp
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP554\A0102889.tlb Infected: Trojan.Win32.Puper.bp
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP555\A0103017.tlb Infected: Trojan.Win32.Puper.bp
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP556\A0103026.tlb Infected: Trojan.Win32.Puper.bp
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP556\A0103028.exe Infected: Trojan.Win32.Puper.bp
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP556\A0103035.tlb Infected: Trojan-Downloader.Win32.Zlob.cb
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP556\A0103089.exe Infected: Trojan-Dropper.Win32.Small.aav
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP556\A0103118.exe Infected: not-virus:Hoax.Win32.Renos.b
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP556\A0103123.exe Infected: Trojan-Downloader.Win32.Zlob.by
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP557\A0103238.tlb Infected: Trojan-Downloader.Win32.Zlob.cb
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP557\A0104253.tlb Infected: Trojan-Downloader.Win32.Zlob.cb
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP557\A0104254.exe Infected: Trojan-Downloader.Win32.Zlob.ca
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP557\A0104256.exe Infected: Trojan-Downloader.Win32.Zlob.cb
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP557\A0104257.exe Infected: Trojan-Downloader.Win32.Zlob.bz
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP564\A0106896.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP564\A0106897.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP564\A0106903.exe Infected: Trojan-Downloader.Win32.TSUpdate.n
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP564\A0106904.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP565\A0106985.exe Infected: not-virus:Hoax.Win32.Renos.ae
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP565\A0106986.exe Infected: Trojan.Win32.StartPage.agi
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP569\A0110197.exe Infected: Trojan-Downloader.Win32.VB.ri
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP569\A0110198.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP569\A0110200.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP569\A0110201.exe Infected: not-virus:Hoax.Win32.Renos.ae
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP569\A0110202.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110371.exe Infected: Trojan.Win32.Agent.mo
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110372.exe Infected: Trojan-Downloader.Win32.VB.ri
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110373.exe Infected: Trojan-Downloader.Win32.Small.byf
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110374.exe Infected: Trojan-Downloader.Win32.Small.byf
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110375.exe Infected: Trojan-Downloader.Win32.Small.byf
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110376.exe Infected: Trojan-Downloader.Win32.Small.byf
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110377.exe Infected: Trojan-Downloader.Win32.Small.byf
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110378.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110379.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110381.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110382.exe Infected: not-virus:Hoax.Win32.Renos.ae
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP572\A0110383.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP574\A0110421.exe Infected: Trojan-Downloader.Win32.PassAlert.d
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP574\A0110422.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP578\A0110512.dll Infected: SpamTool.Win32.Mailbot.j
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP585\A0110653.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP585\A0110659.dll Infected: SpamTool.Win32.Mailbot.q
C:\System Volume Information\_restore{78C5B761-7569-40EA-836E-2E94A020DEC5}\RP586\A0110712.sys Infected: SpamTool.Win32.Mailbot.b

Scan process completed.
Seitenanfang Seitenende
08.01.2006, 15:05
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#25 Kuchen

deaktiviere die Systemwiederherstellung, scanne noch mal mit kaspersky, dann aktiviere sie wieder
http://virus-protect.org/systemwiederherstellung.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.01.2006, 22:53
...neu hier

Beiträge: 7
#26 Critical:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, January 11, 2006 21:17:39
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 11/01/2006
Kaspersky Anti-Virus database records: 160228
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOKUME~1\Wilfwo\LOKALE~1\Temp\

Scan Statistics:
Total number of scanned objects: 12940
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 739 sec
No malware has been detected. The sections that have been scanned are CLEAN.

Scan process completed.


my computer:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, January 11, 2006 22:52:25
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 11/01/2006
Kaspersky Anti-Virus database records: 160228
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 25921
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 1312 sec
No malware has been detected. The sections that have been scanned are CLEAN.

Scan process completed.

Sieht gut aus, oder?
Seitenanfang Seitenende
11.01.2006, 23:14
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
Seitenanfang Seitenende
11.01.2006, 23:34
...neu hier

Beiträge: 7
#28 Ja dann vielen lieben Dank!!!
Seitenanfang Seitenende