virus - sndu32.dll - weiss einer wie´s geht? |
||
---|---|---|
#0
| ||
19.04.2006, 18:41
...neu hier
Beiträge: 8 |
||
|
||
19.04.2006, 19:17
Ehrenmitglied
Beiträge: 29434 |
#2
oh je...was fuer ein Log.....
Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. RootkitRevealer -> poste das Log http://www.sysinternals.com/Utilities/RootkitRevealer.html ------------------------------------------------------------------- sndu32.dll - Win32/Haxdoor Trojaner http://virus-protect.org/artikel/dienste/sndu_haxdoor.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.04.2006, 19:39
...neu hier
Themenstarter Beiträge: 8 |
#3
...hab ich gemacht.
hier der log: C:\WINDOWS\system32\klgcptini.dat 13.04.2006 01:24 0 bytes Hidden from Windows API. C:\WINDOWS\system32\qm.dll 18.04.2006 02:39 36.48 KB Hidden from Windows API. C:\WINDOWS\system32\qm.sys 18.04.2006 02:39 20.58 KB Hidden from Windows API. C:\WINDOWS\system32\sndu32.dll 18.04.2006 02:39 36.48 KB Hidden from Windows API. C:\WINDOWS\system32\sndu64.sys 18.04.2006 02:39 20.58 KB Hidden from Windows API. C:\WINDOWS\system32\stt82.ini 18.04.2006 02:39 320 bytes Hidden from Windows API. |
|
|
||
19.04.2006, 21:32
Ehrenmitglied
Beiträge: 29434 |
#4
mark-m
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Zitat REGEDIT4Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Files to delete:klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten öffne das HijackThis -- Button "scan" -- vor Malware-Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten O20 - Winlogon Notify: sndu32 - C:\WINDOWS\SYSTEM32\sndu32.dll PC neustarten Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken + der Registry beifuegen ------------------------------------------ ** poste den scanreport vom Avenger ** dann ueberpruefe noch mal, wie auf der Seite erklaert, wie man die Registryeintraege , die geblieben sind, manuell rausloeschen kann. http://virus-protect.org/artikel/dienste/sndu_haxdoor.html ** stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html ** Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.04.2006, 13:25
...neu hier
Themenstarter Beiträge: 8 |
#5
So, hat alles soweit geklappt. Hijack findet keine Viren mehr.
Hier ist der Log von Avenger: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\tmlvjiln ******************* Script file located at: \??\C:\WINDOWS\yyojxduj.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\klgcptini.dat deleted successfully. File C:\WINDOWS\system32\drivers\sysbus32.sys not found! Deletion of file C:\WINDOWS\system32\drivers\sysbus32.sys failed! Could not process line: C:\WINDOWS\system32\drivers\sysbus32.sys Status: 0xc0000034 File C:\WINDOWS\system32\msupdate32.dll not found! Deletion of file C:\WINDOWS\system32\msupdate32.dll failed! Could not process line: C:\WINDOWS\system32\msupdate32.dll Status: 0xc0000034 File C:\WINDOWS\system32\qm.dll deleted successfully. File C:\WINDOWS\system32\qm.sys deleted successfully. File C:\WINDOWS\system32\sndu32.dll deleted successfully. File C:\WINDOWS\system32\sndu64.sys deleted successfully. File C:\WINDOWS\system32\stt82.ini deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
|
||
20.04.2006, 13:29
Ehrenmitglied
Beiträge: 29434 |
#6
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html ** Kopiere hier diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.04.2006, 14:10
...neu hier
Themenstarter Beiträge: 8 |
#7
So, ich hab alles so gemacht wie du gesagt hast.
Hier die DAT.find.bat logs: Verzeichnis von C:\WINDOWS\system32 20.04.2006 12:44 8 tnstt.a3d -> Haxdoor 19.04.2006 19:30 2.550 Uninstall.ico 19.04.2006 19:30 1.406 Help.ico 19.04.2006 19:30 30.590 pavas.ico 19.04.2006 19:27 0 asfiles.txt 19.04.2006 15:33 664 d3d9caps.dat 19.04.2006 14:38 17.698.816 HXJJN 18.04.2006 02:13 2.206 wpa.dbl 17.04.2006 22:36 90 spupdwxp.log 17.04.2006 15:30 39.992 perfc009.dat 17.04.2006 15:30 311.604 perfh009.dat 17.04.2006 15:30 316.594 perfh007.dat 17.04.2006 15:30 48.156 perfc007.dat 04.04.2006 10:43 1.151 ikhcore.log 02.04.2006 12:08 2.154 ssmute.ini 02.04.2006 11:18 4.608 taskdir.dll 02.04.2006 11:18 51.616 parad.raw.exe 02.04.2006 11:18 5.120 gbbe.dll 02.04.2006 11:18 0 bin29a.log 26.03.2006 17:42 897.954 PerfStringBackup.INI 23.03.2006 14:08 7.006 jupdate-1.5.0_06-b05.log 22.03.2006 13:17 176.167 rmoc3260.dll 22.03.2006 13:17 5.632 pndx5032.dll 22.03.2006 13:17 6.656 pndx5016.dll 22.03.2006 13:17 278.528 pncrt.dll 14.03.2006 22:02 115.768 FNTCACHE.DAT 10.03.2006 02:10 4.799.320 MRT.exe 23.02.2006 01:00 0 h323log.txt 23.02.2006 00:32 146.650 BuzzingBee.wav 23.02.2006 00:32 940.794 LoopyMusic.wav 22.02.2006 18:10 25.065 wmpscheme.xml 22.02.2006 18:08 261 $winnt$.inf 22.02.2006 18:07 2.951 CONFIG.NT 22.02.2006 18:07 16.832 amcompat.tlb 22.02.2006 18:07 23.392 nscompat.tlb 22.02.2006 18:06 488 logonui.exe.manifest 22.02.2006 18:06 488 WindowsLogon.manifest 22.02.2006 18:06 749 wuaucpl.cpl.manifest 22.02.2006 18:06 749 cdplayer.exe.manifest 22.02.2006 18:06 749 sapi.cpl.manifest 22.02.2006 18:06 749 ncpa.cpl.manifest 22.02.2006 18:06 749 nwc.cpl.manifest 22.02.2006 18:05 21.740 emptyregdb.dat 14.02.2006 10:20 550.120 LegitCheckControl.dll 04.01.2006 05:35 68.096 webclnt.dll Verzeichnis von C:\DOKUME~1\Markus\LOKALE~1\Temp 20.04.2006 14:04 206 jusched.log 1 Datei(en) 206 Bytes 0 Verzeichnis(se), 9.747.378.176 Bytes frei Verzeichnis von C:\WINDOWS 20.04.2006 13:48 821.560 setupapi.log 20.04.2006 13:47 0 0.log 20.04.2006 13:47 2.048 bootstat.dat 20.04.2006 13:46 1.316 SchedLgU.Txt 20.04.2006 13:46 1.202.110 WindowsUpdate.log 20.04.2006 13:20 198.090 ntbtlog.txt 20.04.2006 13:06 155 winamp.ini 19.04.2006 19:30 32 pavsig.txt 19.04.2006 19:27 715 win.ini 19.04.2006 12:46 10 WININIT.INI 18.04.2006 18:58 250.633 DirectX.log 18.04.2006 14:00 60.416 ALCFDRTM.VER 17.04.2006 22:37 59.373 spupdsvc.log 17.04.2006 22:37 26.509 wmsetup.log 17.04.2006 22:37 1.285 DtcInstall.log 17.04.2006 22:37 316.640 WMSysPr9.prx 17.04.2006 22:36 31.337 medctroc.Log 17.04.2006 22:35 490.839 svcpack.log 17.04.2006 22:27 103.944 ntdtcsetup.log 17.04.2006 22:27 763.719 iis6.log 17.04.2006 22:27 172.756 comsetup.log 17.04.2006 22:27 34.282 tabletoc.log 17.04.2006 22:27 1.374 imsins.log 17.04.2006 22:27 22.188 ocmsn.log 17.04.2006 22:27 192.375 KB913446.log 17.04.2006 22:27 306.254 tsoc.log 17.04.2006 22:27 333.866 ocgen.log 17.04.2006 22:27 32.992 msgsocm.log 17.04.2006 22:27 653.222 FaxSetup.log 17.04.2006 22:27 115.417 netfxocm.log 17.04.2006 22:27 210.560 msmqinst.log 17.04.2006 22:27 1.374 imsins.BAK 17.04.2006 22:22 373 cmsetacl.log 17.04.2006 22:22 1.641 sessmgr.setup.log 06.04.2006 12:59 3.697 mozver.dat 02.04.2006 11:33 438 dembat.tm 02.04.2006 11:18 0 emdat.tm 25.03.2006 19:33 1.519 OEWABLog.txt 25.03.2006 19:02 45.214 EPSTPLOG.TXT 23.03.2006 04:49 215 wiadebug.log 22.03.2006 20:18 50 wiaservc.log 17.03.2006 23:39 184.053 setupact.log 06.03.2006 15:48 0 nsreg.dat 06.03.2006 15:47 107.132 UninstallFirefox.exe 04.03.2006 11:01 12.575 KB885250.log 04.03.2006 11:01 12.612 KB887742.log 04.03.2006 11:01 12.147 KB887472.log 04.03.2006 11:01 15.687 KB905915.log 04.03.2006 11:01 27.468 updspapi.log 04.03.2006 11:01 5.773 KB886185.log 04.03.2006 11:01 3.213 KB885884.log 03.03.2006 18:27 27.716 KB904706.log 03.03.2006 18:27 36.080 KB911565.log 01.03.2006 14:21 653 xpsp1hfm.log 01.03.2006 14:21 32.877 KB835732.log 01.03.2006 14:19 30.895 KB905495.log 01.03.2006 14:19 27.705 KB911564.log 01.03.2006 14:19 2.068 vminst.log 01.03.2006 14:18 22.290 KB892944.log 01.03.2006 14:18 16.139 KB905915-IE6SP1-20051122.175908.log 01.03.2006 14:17 11.872 KB835409.log 01.03.2006 14:03 8.400 WGA.log 01.03.2006 14:03 8.563 KB898461.log 01.03.2006 14:03 10.134 KB893803v2.log 01.03.2006 14:03 6.272 KB842773.log 27.02.2006 19:12 169 RtlRack.ini 23.02.2006 22:12 283.648 uninst.exe -> ??? 23.02.2006 00:58 0 Sti_Trace.log 23.02.2006 00:57 1.348 regopt.log 23.02.2006 00:57 231 system.ini 23.02.2006 00:56 0 setuperr.log 23.02.2006 00:32 60.416 ALCFDRTM.EXE 22.02.2006 18:48 400 ODBC.INI 22.02.2006 18:18 1.442 COM+.log 22.02.2006 18:11 5.680 Ascd_tmp.ini 22.02.2006 18:09 8.192 REGLOCS.OLD 22.02.2006 18:07 0 control.ini 22.02.2006 18:07 299.552 WMSysPrx.prx 22.02.2006 18:07 4.161 ODBCINST.INI 22.02.2006 18:06 280 Windows Update.log 22.02.2006 18:06 749 WindowsShell.Manifest 22.02.2006 18:05 37 vbaddin.ini 22.02.2006 18:05 36 vb.ini Verzeichnis von C:\ 20.04.2006 14:08 0 sys.txt 20.04.2006 14:07 7.591 system.txt 20.04.2006 14:06 293 systemtemp.txt 20.04.2006 14:06 96.503 system32.txt 20.04.2006 14:05 240 datFind.zip 20.04.2006 13:47 1.610.612.736 pagefile.sys 20.04.2006 13:06 2.496 avenger.txt 17.04.2006 22:22 211 boot.ini 02.04.2006 11:18 0 exit 02.04.2006 11:18 1.024 tool4.exe 02.04.2006 11:18 1.024 tool5.exe 02.04.2006 11:18 1.024 tool1.exe 02.04.2006 11:18 1.024 toolbar.exe 02.04.2006 11:18 3.072 ms1.exe 02.04.2006 11:18 1.024 country.exe 02.04.2006 11:18 3.051 secure32.html 02.04.2006 11:17 70.144 kl1.exe 02.04.2006 11:17 32.768 tool2.exe 02.04.2006 11:17 32.768 winstall.exe 02.04.2006 11:17 0 uniq 03.03.2006 18:11 47.564 NTDETECT.COM 03.03.2006 18:11 251.184 ntldr 22.02.2006 18:07 0 IO.SYS 22.02.2006 18:07 0 AUTOEXEC.BAT 22.02.2006 18:07 0 CONFIG.SYS 22.02.2006 18:07 0 MSDOS.SYS 23.01.2006 15:36 429 datFind.bat 23.08.2001 14:00 4.952 bootfont.bin 28 Datei(en) 1.611.171.122 Bytes 0 Verzeichnis(se), 9.747.374.080 Bytes frei Bin ich wieder frei von Viren??? Was kann ich noch tun? Lg und vielen Dank für deine Hilfe !!!!!!!!!! Markus jetzt hat es geklappt: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\igyclwax ******************* Script file located at: \??\C:\wnqndepo.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\tnstt.a3d deleted successfully. File C:\WINDOWS\system32\ikhcore.log deleted successfully. File C:\WINDOWS\system32\ssmute.ini deleted successfully. File C:\WINDOWS\system32\taskdir.dll deleted successfully. File C:\WINDOWS\system32\parad.raw.exe deleted successfully. File C:\WINDOWS\system32\gbbe.dll deleted successfully. File C:\WINDOWS\system32\bin29a.log deleted successfully. File C:\WINDOWS\RtlRack.ini deleted successfully. File C:\WINDOWS\dembat.tm deleted successfully. File C:\WINDOWS\emdat.tm deleted successfully. File C:\WINDOWS\exit not found! Deletion of file C:\WINDOWS\exit failed! Could not process line: C:\WINDOWS\exit Status: 0xc0000034 File C:\tool4.exe deleted successfully. File C:\tool5.exe deleted successfully. File C:\tool1.exe deleted successfully. File C:\toolbar.exe deleted successfully. File C:\ms1.exe deleted successfully. File C:\country.exe deleted successfully. File C:\secure32.html deleted successfully. File C:\kl1.exe deleted successfully. File C:\tool2.exe deleted successfully. File C:\winstall.exe deleted successfully. File C:\uniq deleted successfully. Completed script processing. Dieser Beitrag wurde am 20.04.2006 um 16:01 Uhr von mark-m editiert.
|
|
|
||
20.04.2006, 15:36
Ehrenmitglied
Beiträge: 29434 |
#8
mark-m
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Files to delete:gruene Ampel klicken das Script wird nun ausgeführt, dann wird der PC automatisch neustarten poste das log dann: poste das Log vom Silentrunner http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.04.2006, 15:56
...neu hier
Themenstarter Beiträge: 8 |
#9
Avenger hat mir nach dem Neustart folgende Fehlermeldung angezeigt:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\dehybcml ******************* Script file located at: ksltktkk Could not open script file! Error Could not open script file! Status: 0xc000003b Abort! Versuchs noch einmal.... Also hier jetzt noch der Log von Silent Runner: "Silent Runners.vbs", revision 44, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Skype" = ""F:\Programme\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "RemoteControl" = "F:\Programme\Programme\PowerDVD\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."] "Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "ATICCC" = ""C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "F:\Programme\Programme\AdobeAcrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "F:\Programme\Programme\WinRaR\rarext.dll" [null data] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! "{B427BFD7-8087-447e-8FC4-EFDFE6534FF1}" = "Automation Object" -> {HKCU...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\gbbe.dll" [file not found] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! "BootExecute" = "autocheck autochk * PFDNNT C:\WINDOWS\SYSTEM32\RDRLIB.DLL" [file not found], [MS], [file not found], [file not found], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "F:\Programme\Programme\AdobeAcrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "F:\Programme\Programme\WinRaR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "F:\Programme\Programme\WinRaR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "F:\Programme\Programme\WinRaR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Mozilla\Firefox\Desktop Hintergrund.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Enabled Scheduled Tasks: ------------------------ "1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar mit Pop-Up-Blocker" \InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar mit Pop-Up-Blocker" \InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ Missing lines (compared with English-language version): HIJACK WARNING! "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON BiD Monitor1\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 26 seconds, including 18 seconds for message boxes) Was gibts noch zu tun? lg markus Dieser Beitrag wurde am 20.04.2006 um 16:05 Uhr von mark-m editiert.
|
|
|
||
20.04.2006, 16:04
Ehrenmitglied
Beiträge: 29434 |
#10
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: ..... C:\WINDOWS\system32\tnstt.a3d C:\WINDOWS\system32\ikhcore.log C:\WINDOWS\system32\ssmute.ini C:\WINDOWS\system32\taskdir.dll C:\WINDOWS\system32\parad.raw.exe C:\WINDOWS\system32\gbbe.dll C:\WINDOWS\system32\bin29a.log C:\WINDOWS\RtlRack.ini C:\WINDOWS\dembat.tm C:\WINDOWS\emdat.tm C:\WINDOWS\exit C:\tool4.exe C:\tool5.exe C:\tool1.exe C:\toolbar.exe C:\ms1.exe C:\country.exe C:\secure32.html C:\kl1.exe C:\tool2.exe C:\winstall.exe C:\uniq PC neustarten dann der silentrunner __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.04.2006, 16:21
Ehrenmitglied
Beiträge: 29434 |
#11
1.
Gehe in die Registry Start - Ausfuehren - regedit bearbeiten - suchen - gbbe.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler {B427BFD7-8087-447e-8FC4-EFDFE6534FF1} --> loeschen PC neustarten 2. aproposfix http://swandog46.geekstogo.com/aproposfix.exe lade aproposfix.exe boote (unbedingt in den abgesicherten Modus) klicke RunThis.bat klicke "enter" und warte, bis sich das Fenster schliesst. dann kopiere die log.txt ab. 3. poste noch mal die vier Logs von datfinbat vorher C:\WINDOWS\exit mit der Killbox loeschen __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.04.2006, 16:46
...neu hier
Themenstarter Beiträge: 8 |
#12
Logs von Datfind:
Verzeichnis von C:\WINDOWS\system32 20.04.2006 14:28 380.350 perfh009.dat 20.04.2006 14:28 52.764 perfc009.dat 20.04.2006 14:28 391.000 perfh007.dat 20.04.2006 14:28 63.580 perfc007.dat 20.04.2006 14:28 786.220 PerfStringBackup.INI 19.04.2006 19:30 2.550 Uninstall.ico 19.04.2006 19:30 1.406 Help.ico 19.04.2006 19:27 0 asfiles.txt 19.04.2006 15:33 664 d3d9caps.dat 19.04.2006 14:38 17.698.816 HXJJN 18.04.2006 02:13 2.206 wpa.dbl 17.04.2006 22:36 90 spupdwxp.log 23.03.2006 14:08 7.006 jupdate-1.5.0_06-b05.log 22.03.2006 13:17 176.167 rmoc3260.dll 22.03.2006 13:17 5.632 pndx5032.dll 22.03.2006 13:17 6.656 pndx5016.dll 22.03.2006 13:17 278.528 pncrt.dll 22.03.2006 05:56 257.536 ati2dvag.dll 22.03.2006 05:50 114.688 atipdlxx.dll 22.03.2006 05:50 77.824 Oemdspif.dll 22.03.2006 05:50 26.112 Ati2mdxx.exe 22.03.2006 05:50 41.984 ati2edxx.dll 22.03.2006 05:50 61.440 ati2evxx.dll 22.03.2006 05:48 405.504 ati2evxx.exe 22.03.2006 05:48 53.248 ATIDDC.DLL 22.03.2006 05:42 307.200 atiiiexx.dll 22.03.2006 05:40 2.662.688 ati3duag.dll 22.03.2006 05:33 1.130.752 ativvaxx.dll 22.03.2006 05:33 6.684.672 atioglx1.dll 22.03.2006 05:24 5.025.792 atioglxx.dll 22.03.2006 05:18 151.552 atikvmag.dll 22.03.2006 05:17 17.408 atitvo32.dll 22.03.2006 05:12 258.048 ati2cqag.dll 22.03.2006 04:38 286.720 ATIDEMGR.dll 17.03.2006 15:37 520.192 ati2sgag.exe 14.03.2006 22:02 115.768 FNTCACHE.DAT 10.03.2006 02:10 4.799.320 MRT.exe 23.02.2006 01:00 0 h323log.txt 23.02.2006 00:32 146.650 BuzzingBee.wav 23.02.2006 00:32 940.794 LoopyMusic.wav 22.02.2006 18:10 25.065 wmpscheme.xml 22.02.2006 18:08 261 $winnt$.inf 22.02.2006 18:07 2.951 CONFIG.NT 22.02.2006 18:07 16.832 amcompat.tlb 22.02.2006 18:07 23.392 nscompat.tlb 22.02.2006 18:06 488 logonui.exe.manifest 22.02.2006 18:06 488 WindowsLogon.manifest 22.02.2006 18:06 749 cdplayer.exe.manifest 22.02.2006 18:06 749 sapi.cpl.manifest 22.02.2006 18:06 749 wuaucpl.cpl.manifest 22.02.2006 18:06 749 ncpa.cpl.manifest 22.02.2006 18:06 749 nwc.cpl.manifest 22.02.2006 18:05 21.740 emptyregdb.dat 14.02.2006 10:20 550.120 LegitCheckControl.dll 13.02.2006 22:29 121.995 atiicdxx.dat 26.01.2006 03:48 6.005 atifglpf.xml 04.01.2006 05:35 68.096 webclnt.dll Verzeichnis von C:\DOKUME~1\Markus\LOKALE~1\Temp 20.04.2006 16:40 16.384 Perflib_Perfdata_77c.dat 20.04.2006 16:40 16.384 Perflib_Perfdata_784.dat 20.04.2006 16:40 16.384 Perflib_Perfdata_3f8.dat 20.04.2006 16:24 1.030 jusched.log 20.04.2006 14:34 6.777.928 yayng2bn.exe 20.04.2006 14:28 2.323 dotNetFx.log 20.04.2006 14:28 7.228 ASPNETSetup.log 03.04.2006 18:29 5.632 uninstall.exe 22.02.2006 18:22 46.080 d8935.mst 9 Datei(en) 6.889.373 Bytes 0 Verzeichnis(se), 9.654.644.736 Bytes frei Verzeichnis von C:\WINDOWS 20.04.2006 16:40 0 0.log 20.04.2006 16:39 2.048 bootstat.dat 20.04.2006 16:38 1.206.742 WindowsUpdate.log 20.04.2006 16:38 305.582 ntbtlog.txt 20.04.2006 16:36 2.828 SchedLgU.Txt 20.04.2006 16:26 155 winamp.ini 20.04.2006 14:51 828.844 setupapi.log 20.04.2006 14:49 2.896 COM+.log 19.04.2006 19:30 32 pavsig.txt 19.04.2006 19:27 715 win.ini 19.04.2006 12:46 10 WININIT.INI 18.04.2006 18:58 250.633 DirectX.log 18.04.2006 14:00 60.416 ALCFDRTM.VER 17.04.2006 22:37 59.373 spupdsvc.log 17.04.2006 22:37 26.509 wmsetup.log 17.04.2006 22:37 1.285 DtcInstall.log 17.04.2006 22:37 316.640 WMSysPr9.prx 17.04.2006 22:36 31.337 medctroc.Log 17.04.2006 22:35 490.839 svcpack.log 17.04.2006 22:27 763.719 iis6.log 17.04.2006 22:27 172.756 comsetup.log 17.04.2006 22:27 103.944 ntdtcsetup.log 17.04.2006 22:27 22.188 ocmsn.log 17.04.2006 22:27 192.375 KB913446.log 17.04.2006 22:27 306.254 tsoc.log 17.04.2006 22:27 34.282 tabletoc.log 17.04.2006 22:27 1.374 imsins.log 17.04.2006 22:27 653.222 FaxSetup.log 17.04.2006 22:27 32.992 msgsocm.log 17.04.2006 22:27 115.417 netfxocm.log 17.04.2006 22:27 333.866 ocgen.log 17.04.2006 22:27 210.560 msmqinst.log 17.04.2006 22:27 1.374 imsins.BAK 17.04.2006 22:27 198.899 KB912919.log 17.04.2006 22:27 221.746 KB911927.log 17.04.2006 22:26 211.407 KB910437.log 17.04.2006 22:26 196.233 KB908519.log 17.04.2006 22:26 197.763 KB905749.log 17.04.2006 22:26 206.932 KB905414.log 17.04.2006 22:26 224.602 KB902400.log 17.04.2006 22:26 204.161 KB901214.log 17.04.2006 22:25 215.956 KB901017.log 17.04.2006 22:25 204.937 KB900725.log 17.04.2006 22:25 216.739 KB899591.log 17.04.2006 22:25 204.772 KB899589.log 17.04.2006 22:25 223.922 KB899587.log 17.04.2006 22:25 194.635 KB896428.log 17.04.2006 22:24 218.833 KB896424.log 17.04.2006 22:24 215.857 KB896423.log 17.04.2006 22:24 222.172 KB896422.log 17.04.2006 22:24 215.463 KB896358.log 17.04.2006 22:24 216.396 KB893756.log 17.04.2006 22:24 204.191 KB891781.log 17.04.2006 22:23 200.622 KB890859.log 17.04.2006 22:23 206.431 KB890046.log 17.04.2006 22:23 198.527 KB888302.log 17.04.2006 22:23 211.808 KB888113.log 17.04.2006 22:23 216.496 KB885836.log 17.04.2006 22:22 221.038 KB885835.log 17.04.2006 22:22 213.002 KB873339.log 17.04.2006 22:22 373 cmsetacl.log 17.04.2006 22:22 1.641 sessmgr.setup.log 06.04.2006 12:59 3.697 mozver.dat 25.03.2006 19:33 1.519 OEWABLog.txt 25.03.2006 19:02 45.214 EPSTPLOG.TXT 23.03.2006 04:49 215 wiadebug.log 22.03.2006 20:18 50 wiaservc.log 17.03.2006 23:39 184.053 setupact.log 06.03.2006 15:48 0 nsreg.dat 06.03.2006 15:47 107.132 UninstallFirefox.exe 04.03.2006 11:01 12.575 KB885250.log 04.03.2006 11:01 12.612 KB887742.log 04.03.2006 11:01 12.147 KB887472.log 04.03.2006 11:01 15.687 KB905915.log 04.03.2006 11:01 27.468 updspapi.log 04.03.2006 11:01 5.773 KB886185.log 04.03.2006 11:01 3.213 KB885884.log 03.03.2006 18:27 27.716 KB904706.log 03.03.2006 18:27 36.080 KB911565.log 01.03.2006 14:21 653 xpsp1hfm.log 01.03.2006 14:21 32.877 KB835732.log 01.03.2006 14:19 30.895 KB905495.log 01.03.2006 14:19 27.705 KB911564.log 01.03.2006 14:19 2.068 vminst.log 01.03.2006 14:18 22.290 KB892944.log 01.03.2006 14:18 16.139 KB905915-IE6SP1-20051122.175908.log 01.03.2006 14:17 11.872 KB835409.log 01.03.2006 14:03 8.400 WGA.log 01.03.2006 14:03 8.563 KB898461.log 01.03.2006 14:03 10.134 KB893803v2.log 01.03.2006 14:03 6.272 KB842773.log 23.02.2006 22:12 283.648 uninst.exe 23.02.2006 00:58 0 Sti_Trace.log 23.02.2006 00:57 1.348 regopt.log 23.02.2006 00:57 231 system.ini 23.02.2006 00:56 0 setuperr.log 23.02.2006 00:32 60.416 ALCFDRTM.EXE 22.02.2006 18:48 400 ODBC.INI 22.02.2006 18:11 5.680 Ascd_tmp.ini 22.02.2006 18:09 8.192 REGLOCS.OLD 22.02.2006 18:07 0 control.ini 22.02.2006 18:07 299.552 WMSysPrx.prx 22.02.2006 18:07 4.161 ODBCINST.INI 22.02.2006 18:06 280 Windows Update.log 22.02.2006 18:06 749 WindowsShell.Manifest 22.02.2006 18:05 36 vb.ini 22.02.2006 18:05 37 vbaddin.ini Verzeichnis von C:\ 20.04.2006 16:44 0 sys.txt 20.04.2006 16:44 7.449 system.txt 20.04.2006 16:43 730 systemtemp.txt 20.04.2006 16:42 97.066 system32.txt 20.04.2006 16:41 240 datFind.zip 20.04.2006 16:39 1.610.612.736 pagefile.sys 20.04.2006 15:58 3.262 avenger.txt 20.04.2006 15:52 972 xayfdsjq.txt 17.04.2006 22:22 211 boot.ini 02.04.2006 11:18 0 exit 03.03.2006 18:11 47.564 NTDETECT.COM 03.03.2006 18:11 251.184 ntldr 22.02.2006 18:07 0 CONFIG.SYS 22.02.2006 18:07 0 MSDOS.SYS 22.02.2006 18:07 0 IO.SYS 22.02.2006 18:07 0 AUTOEXEC.BAT 23.01.2006 15:36 429 datFind.bat 23.08.2001 14:00 4.952 bootfont.bin 18 Datei(en) 1.611.026.795 Bytes 0 Verzeichnis(se), 9.654.632.448 Bytes frei und das hier hat aproposfix ausgespuckt: Log of AproposFix v1.1 ************ Running from directory: F:\aproposfix ************ Registry entries found: ************ No service found! Removing hidden folder: No folder found! Deleting files: Backing up files: Done! Removing registry entries: REGEDIT4 Done! Finished! |
|
|
||
20.04.2006, 18:13
Ehrenmitglied
Beiträge: 29434 |
#13
loesche mit der Killbox:
C:\DOKUME~1\Markus\LOKALE~1\Temp\yayng2bn.exe C:\WINDOWS\system32\HXJJN C:\exit C:\xayfdsjq.txt PC neustarten wende noch mal CleanUp an (im abges.Modus) scanne mit Kaspersky und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.04.2006, 20:12
...neu hier
Themenstarter Beiträge: 8 |
#14
Mannomann...ich dachte ich wär soweit durch mit dem Mist. Da hat sich ja fast nichts getan. 19 Viren erkannt.....schlimm schlimm.
Macht das denn Sinn die alle zu löschen??? Wann werde ich denn damit fertig sein? Die Laufwerke G und H sind übrigens von einem anderen Rechner den ich an meinem angeschlossen habe. Kann es sein dass ich mir immer wieder neue Viren ziehe aus dem Netz wenn ich online gehe? Recht die Hardware Firewall nicht aus? Hier erst mal das Ergebnis vom Kaspersky: Total number of scanned objects 107311 Number of viruses found 19 Number of infected objects 104 Number of suspicious objects 0 Duration of the scan process 01:03:30 Infected Object Name Virus Name Last Action C:\avenger\backup-20.04.2006-15.53.55,93.zip/avenger/qm.sys Infected: Backdoor.Win32.Haxdoor.ih skipped C:\avenger\backup-20.04.2006-15.53.55,93.zip/avenger/sndu64.sys Infected: Backdoor.Win32.Haxdoor.ih skipped C:\avenger\backup-20.04.2006-15.53.55,93.zip ZIP: infected - 2 skipped C:\avenger\backup.zip/avenger/gbbe.dll Infected: Trojan-Spy.Win32.Banker.akf skipped C:\avenger\backup.zip/avenger/kl1.exe Infected: Trojan-Dropper.Win32.Small.amd skipped C:\avenger\backup.zip/avenger/ms1.exe Infected: Trojan-Downloader.Win32.Small.cpa skipped C:\avenger\backup.zip/avenger/parad.raw.exe Infected: Packed.Win32.Tibs skipped C:\avenger\backup.zip/avenger/secure32.html Infected: Trojan.Win32.Harnig.k skipped C:\avenger\backup.zip/avenger/taskdir.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped C:\avenger\backup.zip/avenger/tool2.exe Infected: not-virus:Hoax.Win32.Renos.ca skipped C:\avenger\backup.zip/avenger/winstall.exe Infected: not-virus:Hoax.Win32.Renos.ca skipped C:\avenger\backup.zip ZIP: infected - 8 skipped C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst/Persönliche Ordner/Gelöschte Objekte/29 Mar 2006 09:46 from VOLKSBANKEN RAIFFEISENBANKEN AG 2006:VOLK/bellboy.gif Infected: Trojan-Spy.HTML.Bankfraud.ot skipped C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 1 skipped C:\Program Files\paytime.exe Infected: Trojan.Win32.StartPage.adi skipped C:\Program Files\secure32.html Infected: Trojan.Win32.Harnig.k skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP162\A0022924.sys Infected: Backdoor.Win32.Haxdoor.ih skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP162\A0022925.sys Infected: Backdoor.Win32.Haxdoor.ih skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP172\A0024539.dll Infected: Trojan-Spy.Win32.Small.dg skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP172\A0024540.dll Infected: Trojan-Spy.Win32.Small.dg skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP172\A0024541.exe Infected: Trojan-Spy.Win32.Small.dg skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP172\A0024542.dll Infected: Trojan-Spy.Win32.Small.dg skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP172\A0024547.dll Infected: Trojan-Spy.Win32.Banker.azq skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP172\A0024576.sys Infected: Backdoor.Win32.Haxdoor.ih skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP172\A0024578.sys Infected: Backdoor.Win32.Haxdoor.ih skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP176\A0025363.dll Infected: Trojan-Spy.Win32.Banker.akf skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP176\A0025364.exe Infected: Trojan-Dropper.Win32.Small.amd skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP176\A0025365.exe Infected: Trojan-Downloader.Win32.Small.cpa skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP176\A0025366.exe Infected: Packed.Win32.Tibs skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP176\A0025369.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP176\A0025371.exe Infected: not-virus:Hoax.Win32.Renos.ca skipped C:\System Volume Information\_restore{DE32C5B7-8F71-4D54-9138-B39A4DE1C776}\RP176\A0025375.exe Infected: not-virus:Hoax.Win32.Renos.ca skipped C:\WINDOWS\Downloaded Program Files\ysbactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped C:\WINDOWS\system\ctldlg32.dll Infected: Trojan-Spy.Win32.Agent.lv skipped F:\Programme\Programme\Hijackthis\backups\backup-20060402-113310-916.dll Infected: Trojan-Spy.Win32.Agent.lv skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor . ... /[From DEUTSCHE BANK ][Date Fri, 2 Dec 2005 15:04:27 +0100 (Westeuropäische Normalzeit)]/html Infected: Trojan-Spy.HTML.Bankfraud.li skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (West ... /[From Volksbanken Raiffeisenbanken AG ][Date Fri, 18 Nov 2005 15:00:30 +0100 (Westeuropäische Normalzeit)]/html Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F . ... /[From Christian Rex ][Date Tue, 22 Nov 2005 18:04:51 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F ... .. ... /[F ... /[From service@mitfahrzentrale.de][Date Wed, 23 Nov 2005 17:53:41 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F ... .. ... /[From bucklemania ][Date Thu, 24 Nov 2005 09:37:56 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F ... ... /[From Shirin.Sadigh@kremer-kommunikation.de][Date Thu, 24 Nov 2005 11:39:33 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F ... /[From reuven schockner ][Date Fri, 25 Nov 2005 18:06:40 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F .. . ... ... /[From Holger Lohmann ][Date Sat, 26 Nov 2005 16:02:08 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F .. . ... /[From Shirin.Sadigh@kremer-kommunikation.de][Date Mon, 28 Nov 2005 10:30:45 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F .. . ... /[From Shirin.Sadigh@kremer-kommunikation.de][Date Mon, 28 Nov 2005 11:16:38 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F .. ... /[From Hofmann, Janine ][Date Thu, 1 Dec 2005 10:30:42 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F ... /[From Daniel Toschka ][Date Thu, 1 Dec 2005 17:58:03 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F ... / ... /[From Shirin.Sadigh@kremer-kommunikation.de][Date Thu, 1 Dec 2005 18:13:42 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F ... / ... /[From Shirin.Sadigh@kremer-kommunikation.de][Date Thu, 1 Dec 2005 18:16:01 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F ... /[From Daniel T ... /[From alexandrahummel@aol.com][Date Mon, 5 Dec 2005 18:33:24 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[F ... /[From Daniel Toschka ][Date Tue, 6 Dec 2005 20:51:56 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Nor ... /[From Aylin Menemencioglu ][Date Thu, 8 Dec 2005 12:57:19 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Normalzeit)]/ ... /[From Thomas Condic ][Date Thu, 8 Dec 2005 16:53:39 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Normalzeit)]/UNN ... /[From Michael Gralla ][Date Thu, 8 Dec 2005 19:29:52 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Normalzeit)]/UNN ... /[From Shirin.Sadigh@kremer-kommunikation.de][Date Fri, 9 Dec 2005 08:35:32 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Normalzeit)]/UNN ... /[From Shiri ... /[From AlexSchuerner@web.de][Date Tue, 13 Dec 2005 11:55:18 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Normalzeit)]/UNN ... /[From Shirin.Sadigh@kremer-kommunikation.de][Date Tue, 13 Dec 2005 12:24:58 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Normalzeit)]/UNN ... /[From Shirin.Sadigh@kremer-kommunikation.de][Date Tue, 13 Dec 2005 12:49:14 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Normalzeit)]/UNNAMED/[F ... /[From leon lierzer ][Date Wed, 14 Dec 2005 12:40:43 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Normalzeit)]/UNNAMED/[From Hofman ... /[From AlexSchuerner@web.de][Date Fri, 16 Dec 2005 08:28:05 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Normalzeit)]/UNNAMED/[From Hofmann, Janine ][Date Fri, 16 Dec 2005 17:05:21 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From Ronald Menke ][Date Tue, 20 Dec 2005 13:15:39 +0100 (Westeuropäische Normalzeit)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{CE6A07AC-D2AB-4E12-8060-E6B30CC070DE}\Message Store\Inbox.imm Mail: infected - 31 skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst/Persönliche Ordner/Posteingang/18 Nov 2005 14:08 from Volksbanken Raiffeisenbanken AGie Infor.rtf Infected: Trojan-Spy.HTML.Bankfraud.kd skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst/Persönliche Ordner/Posteingang/02 Dec 2005 14:08 from DEUTSCHE BANKEUTSCHE BANK INTERNET-BANK.rtf Infected: Trojan-Spy.HTML.Bankfraud.li skipped G:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 2 skipped G:\Programme\Norton AntiVirus\Quarantine\04537A71/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped G:\Programme\Norton AntiVirus\Quarantine\04537A71 ZIP: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\04537A71 CryptFF: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\10EA7629/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped G:\Programme\Norton AntiVirus\Quarantine\10EA7629 ZIP: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\10EA7629 CryptFF: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\11661C35/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped G:\Programme\Norton AntiVirus\Quarantine\11661C35 ZIP: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\11661C35 CryptFF: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\330E3705/myphoto.jpg .exe Infected: Email-Worm.Win32.Dumaru.o skipped G:\Programme\Norton AntiVirus\Quarantine\330E3705 ZIP: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\330E3705 CryptFF: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\33597CB3/myphoto.jpg .exe Infected: Email-Worm.Win32.Dumaru.o skipped G:\Programme\Norton AntiVirus\Quarantine\33597CB3 ZIP: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\33597CB3 CryptFF: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\33767692/myphoto.jpg .exe Infected: Email-Worm.Win32.Dumaru.o skipped G:\Programme\Norton AntiVirus\Quarantine\33767692 ZIP: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\33767692 CryptFF: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\373B66B4 Infected: Trojan-Downloader.Win32.Agent.zm skipped G:\Programme\Norton AntiVirus\Quarantine\38652BB5/myphoto.jpg .exe Infected: Email-Worm.Win32.Dumaru.o skipped G:\Programme\Norton AntiVirus\Quarantine\38652BB5 ZIP: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\38652BB5 CryptFF: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\67D52D58/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped G:\Programme\Norton AntiVirus\Quarantine\67D52D58 ZIP: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\67D52D58 CryptFF: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\69A0407D/myphoto.jpg .exe Infected: Email-Worm.Win32.Dumaru.o skipped G:\Programme\Norton AntiVirus\Quarantine\69A0407D ZIP: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\69A0407D CryptFF: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\6E6C3C33/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped G:\Programme\Norton AntiVirus\Quarantine\6E6C3C33 ZIP: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\6E6C3C33 CryptFF: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\76A851D8/myphoto.jpg .exe Infected: Email-Worm.Win32.Dumaru.o skipped G:\Programme\Norton AntiVirus\Quarantine\76A851D8 ZIP: infected - 1 skipped G:\Programme\Norton AntiVirus\Quarantine\76A851D8 CryptFF: infected - 1 skipped Da hab ich mir wohl beim installieren von Norton ganz ordentlich die platte verseucht. Wie kommen die Viren denn in die Ordner von Avenger? War da auch n Virus drin bein downloaden??? Was kann ich denn jetzt machen? Bin langsam echt ein wenig frustriert wegen der sche..... Danke schon mal für die hilfe! lg Dieser Beitrag wurde am 20.04.2006 um 21:23 Uhr von mark-m editiert.
|
|
|
||
20.04.2006, 23:59
Ehrenmitglied
Beiträge: 29434 |
#15
es sieht doch gut aus ...das schlimmste ist ueberstanden... jeder andere haette allerdings formatiert... wenn er das log vom HijackThis gesehen haette...
die Viren sind nun im BackUp vom Avenger und nicht mehr aktiv...ist normal. 1. loesche mit der Killbox: C:\Program Files\paytime.exe C:\Program Files\secure32.html C:\avenger\backup-20.04.2006-15.53.55,93.zip C:\avenger\backup.zip C:\WINDOWS\Downloaded Program Files\ysbactivex.dll C:\WINDOWS\system\ctldlg32.dll PC neustarten 2. Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. 3. loesche alle infizierten Mails so kann man die Mail restlos aus der Inbox zu entfernen: 1. Mail aus Inbox löschen 2. Mülleimer leeren 3. Inbox komprimieren (Datei-Menü) http://virus-protect.org/artikel/newsletter/deutbkfraud.html 4. smitfraudfix http://virus-protect.org/artikel/tools/smitfrautfix.html abarbeiten - poste das Log 5. * leere die Quarantaene vom Norton * loeschen: F:\Programme\Programme\Hijackthis\backups\backup-20060402-113310-916.dll 6. scanne noch mal mit Kaspersky __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
also ich hatte laut Hijack einige Böse Dateien auf der platte. Nach dem Check mit
Hijackthis
Ad-Aware
spysubstract
spybot
cleanup
saverscan
cwshredder
ist nur noch
Winlogon Notify: sndu32 - C:\WINDOWS\SYSTEM32\sndu32.dll
übrig geblieben + etwa 100 hosts die sich bei jeden Internet Kontakt wieder hochladen.
Mein Rechner läuft soweit eigentlich noch ganz gut. Das scrollen auf Webseiten sieht jedoch eher nach einer Diashow aus.
Parallel hatte ich noch Probleme mit dem ATI Catalyst Control Center, da Net Framework 1.1 (obwohl installiert und vorher intakt) als nicht installiert beschrieben wird und die Control Center dieses Programm braucht um die Treiber anständig zu updaten usw.
Kann das mit den Virus zusammenhängen? (eventuell Einträge verändert??)
Ich habe übrigens nur eine Hardware Firewall. Bitte nicht steinigen.
Ich hoffe mann kann mir hier helfen - die Verzweiflung ist groß.
Hier die Logfile von Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 18:29:39, on 19.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
F:\Programme\Programme\PowerDVD\PowerDVD\PDVDServ.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Mozilla Firefox\firefox.exe
F:\Programme\Programme\AdobeAcrobat\Reader\AcroRd32.exe
F:\Programme\Programme\Hijackthis\HijackThis.exe
O1 - Hosts: <head>
O1 - Hosts: <style>
O1 - Hosts: a:link { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: a:visited { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: a:active { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: a:hover { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: underline; }
O1 - Hosts: font { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: td{ font-family: arial, verdana; font-sizw: 10px; text-decoration: none; }
O1 - Hosts: table{ font-family: arial, verdana; font-sizw: 11px; text-decoration: none; }
O1 - Hosts: body { background-color: #F0F0F0; scrollbar-face-color: #6E788C; scrollbar-shadow-color: #696969; scrollbar-highlight-color: #cfcfcf; scrollbar-3dlight-color: #cccccc; scrollbar-darkshadow-color: #808080; scrollbar-track-color: #9B9FA7; scrollbar-arrow-color: #000000 }
O1 - Hosts: .title { font-family: arial, verdana; font-size: 9pt; font-weight: normal; }
O1 - Hosts: .distributers { font-family: arial, verdana; font-size: 11pt; font-weight: normal; }
O1 - Hosts: .info { font-family: arial, verdana; font-size: 8pt; font-weight: normal; }
O1 - Hosts: .design { font-family: arial, verdana; font-size: 8pt; font-weight: normal; }
O1 - Hosts: .menu { border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 8pt; font-weight: normal; }
O1 - Hosts: .cellheader { border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 20pt; font-weight: normal; color: #F1F1F1; }
O1 - Hosts: .scellheader { border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 15pt; font-weight: normal; color: #F1F1F1; }
O1 - Hosts: .bigcellheader { border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 30pt; font-weight: normal; color: #F1F1F1; link: #F1F1F1; vlink: #F1F1F1; }
O1 - Hosts: .tblheader { background-color: #AAAAAA; border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 14pt; font-weight: normal; }
O1 - Hosts: .tdshade1 { background-color: #DDDDDD; border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 10pt; font-weight: normal; }
O1 - Hosts: .tdshade2 { background-color: #EEEEEE; border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 10pt; font-weight: normal; }
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body bgcolor="#ffffff">
O1 - Hosts: <table bgcolor=#ffffff link=#0000ee vlink=#0000ee text=#000000 border=0 align="center" width="100%">
O1 - Hosts: <tr class=cellheader>
O1 - Hosts: <td bgcolor=#788298><center><b>This Account Has Been Suspended</b></center></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: Please contact the billing/support department as soon as possible.
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <head>
O1 - Hosts: <style>
O1 - Hosts: a:link { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: a:visited { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: a:active { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: a:hover { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: underline; }
O1 - Hosts: font { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: td{ font-family: arial, verdana; font-sizw: 10px; text-decoration: none; }
O1 - Hosts: table{ font-family: arial, verdana; font-sizw: 11px; text-decoration: none; }
O1 - Hosts: body { background-color: #F0F0F0; scrollbar-face-color: #6E788C; scrollbar-shadow-color: #696969; scrollbar-highlight-color: #cfcfcf; scrollbar-3dlight-color: #cccccc; scrollbar-darkshadow-color: #808080; scrollbar-track-color: #9B9FA7; scrollbar-arrow-color: #000000 }
O1 - Hosts: .title { font-family: arial, verdana; font-size: 9pt; font-weight: normal; }
O1 - Hosts: .distributers { font-family: arial, verdana; font-size: 11pt; font-weight: normal; }
O1 - Hosts: .info { font-family: arial, verdana; font-size: 8pt; font-weight: normal; }
O1 - Hosts: .design { font-family: arial, verdana; font-size: 8pt; font-weight: normal; }
O1 - Hosts: .menu { border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 8pt; font-weight: normal; }
O1 - Hosts: .cellheader { border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 20pt; font-weight: normal; color: #F1F1F1; }
O1 - Hosts: .scellheader { border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 15pt; font-weight: normal; color: #F1F1F1; }
O1 - Hosts: .bigcellheader { border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 30pt; font-weight: normal; color: #F1F1F1; link: #F1F1F1; vlink: #F1F1F1; }
O1 - Hosts: .tblheader { background-color: #AAAAAA; border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 14pt; font-weight: normal; }
O1 - Hosts: .tdshade1 { background-color: #DDDDDD; border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 10pt; font-weight: normal; }
O1 - Hosts: .tdshade2 { background-color: #EEEEEE; border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 10pt; font-weight: normal; }
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body bgcolor="#ffffff">
O1 - Hosts: <table bgcolor=#ffffff link=#0000ee vlink=#0000ee text=#000000 border=0 align="center" width="100%">
O1 - Hosts: <tr class=cellheader>
O1 - Hosts: <td bgcolor=#788298><center><b>This Account Has Been Suspended</b></center></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: Please contact the billing/support department as soon as possible.
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <head>
O1 - Hosts: <style>
O1 - Hosts: a:link { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: a:visited { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: a:active { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: a:hover { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: underline; }
O1 - Hosts: font { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: td{ font-family: arial, verdana; font-sizw: 10px; text-decoration: none; }
O1 - Hosts: table{ font-family: arial, verdana; font-sizw: 11px; text-decoration: none; }
O1 - Hosts: body { background-color: #F0F0F0; scrollbar-face-color: #6E788C; scrollbar-shadow-color: #696969; scrollbar-highlight-color: #cfcfcf; scrollbar-3dlight-color: #cccccc; scrollbar-darkshadow-color: #808080; scrollbar-track-color: #9B9FA7; scrollbar-arrow-color: #000000 }
O1 - Hosts: .title { font-family: arial, verdana; font-size: 9pt; font-weight: normal; }
O1 - Hosts: .distributers { font-family: arial, verdana; font-size: 11pt; font-weight: normal; }
O1 - Hosts: .info { font-family: arial, verdana; font-size: 8pt; font-weight: normal; }
O1 - Hosts: .design { font-family: arial, verdana; font-size: 8pt; font-weight: normal; }
O1 - Hosts: .menu { border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 8pt; font-weight: normal; }
O1 - Hosts: .cellheader { border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 20pt; font-weight: normal; color: #F1F1F1; }
O1 - Hosts: .scellheader { border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 15pt; font-weight: normal; color: #F1F1F1; }
O1 - Hosts: .bigcellheader { border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 30pt; font-weight: normal; color: #F1F1F1; link: #F1F1F1; vlink: #F1F1F1; }
O1 - Hosts: .tblheader { background-color: #AAAAAA; border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 14pt; font-weight: normal; }
O1 - Hosts: .tdshade1 { background-color: #DDDDDD; border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 10pt; font-weight: normal; }
O1 - Hosts: .tdshade2 { background-color: #EEEEEE; border-top: 1px #374646 solid; border-left: 1px #374646 solid; border-right: 1px #374646 solid; border-bottom: 1px #374646 solid; font-family: verdana, arial; font-size: 10pt; font-weight: normal; }
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body bgcolor="#ffffff">
O1 - Hosts: <table bgcolor=#ffffff link=#0000ee vlink=#0000ee text=#000000 border=0 align="center" width="100%">
O1 - Hosts: <tr class=cellheader>
O1 - Hosts: <td bgcolor=#788298><center><b>This Account Has Been Suspended</b></center></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: Please contact the billing/support department as soon as possible.
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <head>
O1 - Hosts: <style>
O1 - Hosts: a:link { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: a:visited { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O1 - Hosts: a:active { font-family: arial, verdana; font-sizw: 11px; color: #000000; text-decoration: none; }
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Programme\AdobeAcrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] F:\Programme\Programme\PowerDVD\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [Skype] "F:\Programme\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: SpySubtract.lnk = F:\Programme\Programme\CWShredder\SpySub.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141214412265
O20 - Winlogon Notify: sndu32 - C:\WINDOWS\SYSTEM32\sndu32.dll