unbekannter Virus!

#1 Hi!

Hab auch einen Virus kann ihn jedoch nicht aufspüren bzw. weiß nicht wie er heißt!

CleanUp hab ich schon ausgeführt, folgend sind hier die hijackThis logfile und die datafindbat txt dateien aufgelistet!

Vielleicht kann mir da jmd weiterhelfen! Danke im Voraus!


Logfile of HijackThis v1.99.1
Scan saved at 12:04:29, on 14.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\MSDE\binn\sqlservr.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Multimedia\main\ATISched.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\ATI Multimedia\main\launchpd.exe
C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\MSDE\Binn\sqlmangr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Dokumente und Einstellungen\Alex.JAGANG\Desktop\XFiles\Viruskiller\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Norton] C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Programme\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Programme\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Programme\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programme\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Service Manager.lnk = C:\MSDE\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{85E0D99A-0C02-4B85-821C-C6608D3BA210}: NameServer = 195.3.96.67 195.3.96.68
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Programme\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 585A-CB4D

Verzeichnis von C:\WINDOWS\system32

14.07.2006 11:53 1.158 wpa.dbl
14.07.2006 11:32 380.486 perfh009.dat
14.07.2006 11:32 52.900 perfc009.dat
14.07.2006 11:32 391.330 perfh007.dat
14.07.2006 11:32 63.784 perfc007.dat
14.07.2006 11:32 897.778 PerfStringBackup.INI
07.07.2006 03:21 6.757.792 MRT.exe
14.06.2006 09:09 263.024 FNTCACHE.DAT
01.06.2006 20:47 27.648 jgpl400.dll
01.06.2006 20:47 163.840 jgdw400.dll
29.05.2006 17:30 1.494.016 shdocvw.dll
23.05.2006 17:26 579.888 LegitCheckControl.dll
23.05.2006 17:25 285.488 WgaTray.exe
23.05.2006 17:25 402.736 WgaLogon.dll
19.05.2006 17:09 3.073.536 mshtml.dll
19.05.2006 15:09 95.744 iphlpapi.dll
19.05.2006 15:09 112.128 dhcpcsvc.dll
19.05.2006 15:09 148.480 dnsapi.dll
18.05.2006 07:36 450.560 jscript.dll
14.05.2006 10:48 181.248 rasmans.dll
11.05.2006 10:57 27.136 xpsp3res.dll
10.05.2006 07:23 664.064 wininet.dll
10.05.2006 07:22 615.936 urlmon.dll
10.05.2006 07:22 474.624 shlwapi.dll
10.05.2006 07:22 532.480 mstime.dll
10.05.2006 07:22 39.424 pngfilt.dll
10.05.2006 07:22 448.512 mshtmled.dll
10.05.2006 07:22 146.432 msrating.dll
10.05.2006 07:22 96.768 inseng.dll
10.05.2006 07:22 16.384 jsproxy.dll
10.05.2006 07:22 55.808 extmgr.dll
10.05.2006 07:22 1.056.256 danim.dll
10.05.2006 07:22 357.888 dxtmsft.dll
10.05.2006 07:22 205.312 dxtrans.dll
10.05.2006 07:22 251.392 iepeers.dll
10.05.2006 07:22 152.064 cdfview.dll
10.05.2006 07:22 1.022.976 browseui.dll
03.05.2006 18:54 307.200 atiiiexx.dll
03.05.2006 18:51 258.048 ati2dvag.dll
03.05.2006 18:45 114.688 atipdlxx.dll
03.05.2006 18:45 77.824 Oemdspif.dll
03.05.2006 18:45 26.112 Ati2mdxx.exe
03.05.2006 18:45 41.984 ati2edxx.dll
03.05.2006 18:44 61.440 ati2evxx.dll
03.05.2006 18:43 413.696 ati2evxx.exe
03.05.2006 18:43 53.248 ATIDDC.DLL
03.05.2006 18:35 2.693.280 ati3duag.dll
03.05.2006 18:29 1.408.000 ativvaxx.dll
03.05.2006 18:21 6.684.672 atioglx1.dll
03.05.2006 18:18 5.033.984 atioglxx.dll
03.05.2006 18:15 151.552 atikvmag.dll
03.05.2006 18:15 17.408 atitvo32.dll
03.05.2006 18:12 286.720 ATIDEMGR.dll
03.05.2006 18:09 282.624 ati2cqag.dll
28.04.2006 22:05 127.614 atiicdxx.dat
24.04.2006 15:40 4.730.880 wmp.dll




Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 585A-CB4D

Verzeichnis von C:\DOKUME~1\ALEX~1.JAG\LOKALE~1\Temp

14.07.2006 11:55 49.416 09992.dat
14.07.2006 11:54 16.384 ~DF28FE.tmp
14.07.2006 11:54 16.384 ~DF899.tmp
14.07.2006 11:54 512 ~DF8DA.tmp
14.07.2006 11:54 102 mon000.log
5 Datei(en) 82.798 Bytes
0 Verzeichnis(se), 84.269.424.640 Bytes frei




Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 585A-CB4D

Verzeichnis von C:\WINDOWS

14.07.2006 11:54 1.418.817 WindowsUpdate.log
14.07.2006 11:53 0 0.log
14.07.2006 11:53 159 wiadebug.log
14.07.2006 11:53 50 wiaservc.log
14.07.2006 11:53 2.048 bootstat.dat
14.07.2006 11:52 32.606 SchedLgU.Txt
13.07.2006 22:02 195.498 comsetup.log
13.07.2006 22:02 121.124 ntdtcsetup.log
13.07.2006 22:02 111.709 iis6.log
13.07.2006 22:02 22.194 ocmsn.log
13.07.2006 22:02 1.374 imsins.log
13.07.2006 22:02 278.617 tsoc.log
13.07.2006 22:02 11.828 KB917159.log
13.07.2006 22:02 358.300 ocgen.log
13.07.2006 22:02 35.156 msgsocm.log
13.07.2006 22:02 696.582 FaxSetup.log
13.07.2006 22:02 387.560 setupapi.log
13.07.2006 22:02 1.374 imsins.BAK
13.07.2006 22:02 12.335 KB914388.log
13.07.2006 22:02 36.988 updspapi.log
13.07.2006 22:02 10.324 KB916595.log
09.07.2006 14:40 100 lexstat.ini
09.07.2006 14:40 49 NeroDigital.ini
15.06.2006 12:39 30.543 spupdsvc.log
15.06.2006 12:36 9.561 KB917734.log
15.06.2006 12:36 399.538 wmsetup.log
15.06.2006 12:36 14.734 KB918439.log
15.06.2006 12:36 15.090 KB917344.log
15.06.2006 12:36 14.866 KB917953.log
15.06.2006 12:35 14.847 KB911280.log
15.06.2006 12:35 18.067 KB916281.log
15.06.2006 12:35 11.511 KB914389.log
13.06.2006 22:12 7.849 KB842773.log
13.06.2006 22:12 213.098 DirectX.log
31.05.2006 19:11 5.299 WgaNotify.log
30.05.2006 16:37 75.231 Omega Drivers v3.8.252.log
30.05.2006 16:34 451.072 Radeon Omega Drivers v3.8.252 Uninstall.exe
30.05.2006 16:32 32.919 Radeon Omega Drivers v3.8.231 Uninstall Log.txt
14.05.2006 21:11 11.710 KB913580.log
08.05.2006 16:13 23.974 LUINSTALL.LOG
08.05.2006 01:02 7.680 Thumbs.db
06.05.2006 02:44 23 BlendSettings.ini
04.05.2006 18:55 6.934 sqlstp.log
04.05.2006 18:55 41 setup.log
04.05.2006 18:51 874 setup~0.iss
04.05.2006 16:55 400 ODBC.INI
04.05.2006 16:55 63 vbaddin.ini
26.04.2006 18:19 11.141 KB900485.log
23.04.2006 23:57 16.024 KB908531.log
23.04.2006 23:57 15.343 KB911562.log
23.04.2006 23:56 17.224 KB912812.log
23.04.2006 23:56 10.657 KB911567.log




Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 585A-CB4D

Verzeichnis von C:\

14.07.2006 11:58 0 sys.txt
14.07.2006 11:57 11.745 system.txt
14.07.2006 11:57 491 systemtemp.txt
14.07.2006 11:56 109.938 system32.txt
14.07.2006 11:52 1.072.484.352 hiberfil.sys
14.07.2006 11:52 1.610.612.736 pagefile.sys
13.06.2006 15:29 5.962 WebShopServlet.java
13.06.2006 15:27 5.945 WebShopServlet.java~
12.03.2006 19:37 3.067 mmcInst.log
08.03.2006 23:56 211 boot.ini
08.03.2006 23:52 47.564 NTDETECT.COM
08.03.2006 23:52 251.184 ntldr
15.04.2004 18:50 870 IPH.PH
15.04.2004 02:30 0 IO.SYS
15.04.2004 02:30 0 CONFIG.SYS
15.04.2004 02:30 0 AUTOEXEC.BAT
15.04.2004 02:30 0 MSDOS.SYS

#2 jagang

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"

==
scanne mit Counterspy, stelle alles auf "remove" und poste den scanreport
http://virus-protect.org/counterspy.html

**
C:\Dokumente und Einstellungen\ALEX~1.JAG\Lokale Einstellungen\Temp\09992.dat-> loeschen
__________
MfG Sabina

rund um die PC-Sicherheit

#3 ok thx! hab jetzt alles gemacht!

scanreport:

Spyware Scan Details
Start Date: 15.07.2006 00:48:20
End Date: 15.07.2006 01:30:31
Total Time: 42 mins 11 secs

Detected spyware

BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocHandler32 ole32.dll
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 C:\MSDE\Binn\sqldmo.dll
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\ProgID SQLDMO.UserDefinedDatatype.7.0
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\VersionIndependentProgID SQLDMO.UserDefinedDatatype
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} SQLDMO.UserDefinedDatatype
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} zmAsq AsWYMUSmt}r}{~]AkBTKkSbZvF
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Bkcbx RmMttRgHkrTJ\aEvX@
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} MVtbrRegm eXOBJwoTSLF|CDzHtGLZbxMFl
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} idjhgizw {ZexnHQoU`|INYJRL{OLrnMv
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ycVlKpnWsKpb `J^DBOd_^V~uHaClKtG}uox
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} tygfcqjl }JeTZ`|OiwZMjzepPOkUL
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ykrucmhsJlPZ HFATekQyBDg_LNUCDtmzT[
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} YpiF JiIcmb`}sAM\ZTsnlsT[IdXq@zK_kMY
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} itbUupokeF S}K_IDLasSc@HlHMULWct
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} wwycystin Iw^fXIqwuvP_CeQXQQu{`tZr`
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} losoOgneexhW ukhXc~gWSxpZAQTo
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} jlAktz Bdse}RIqgsOrkXd`WbFCYSJ
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} vmne }kvJYPbkCOkZyMjs
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} PpfmovMgv luspt\rMDVNloDXbPm\
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} FxgXM [BXqvH|aNSLUlfLxw@Bgd


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\clsid
HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\curver
HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1
HKEY_CLASSES_ROOT\wusn.1
HKEY_CLASSES_ROOT\wusn.1 WUSN_Id
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\BSPL Partner BSPL0306010001
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\BSPL InstallTime 20060623132506
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\BSPL PartnerDesc BSplayer
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\BSPL PartnerFile C:\Programme\Webteh\BSplayer\bsplayer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\WUSV Partner WUSV0613
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\WUSV PartnerDesc WhenU SaveNow
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\WUSV PartnerParam dt=WhenU SaveNow;q=;i=1
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\WUSV InstallTime 20060617120755
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave db_script_update 1002700854
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave InstallDir C:\Programme\Save
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave pats_url http://akapp.whenu.com/OffersDataGZ
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave pat_chunks_url http://akapp.whenu.com/DataChunksGZ
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave script_url http://app.whenu.com/Throttle?name=script-save-1002700834
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave update_url http://app.whenu.com/Throttle?name=Save4.06
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave ver_url http://www.whenu.com/versions.html
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave Version 4.06
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave uninst_rs 4.008
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave timedDBUpdate_rs Y
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave SystemParam_rs dt=WhenU Save;q=;i=1
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave extra_url http://app.whenu.com/Throttle?name=savenow_3.8_win98_patch
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave extraver_url http://www.whenudownloads.com/extraver.html
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave ziptomsa_url http://akapp.whenu.com/ziptomsa
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave InstallTime 20060617120710
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave LastPartner BSPL0306010001
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave zip
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave acm_rs 1.03
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave TotalPartner 2
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave Partner WUSV0613
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave PartnerB WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave PartnerDesc WhenU SaveNow
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave uninstall_cmd_rs /rWUSV /kSaveNow /d"WhenU SaveNow"
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave TotalPopup 19;19184658;;;44576;8;0;41;51;51;1144
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave HeartbeatTime 1151083380625
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave HeartbeatCount 7
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave FullDBTime 19175653
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave brandskin_url http://offers.whenu.com/skin/
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave brandstrip_rs 24
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave brandstrip_url http://offers.whenu.com/save_brand3.html
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave bstat_rs Y
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave himp_url http://offers.whenu.com/himp/himp.db
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave iptomsa_url http://app.whenu.com/Location
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave maxPopups_rs 2
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave redir3p_url http://offers.whenu.com/skin/redirect3p.html
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave uninstalltag_rs O
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave db_stamp_rs 20060623135847
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave dbc_chunks_rs 139
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave db_server_update 20060623135847
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave MSA CAT
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave fword_rs Y
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave PartnerUTag O
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave PartnerParam dt=WhenU SaveNow;q=;i=1
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave src_url http://offers.whenu.com/pop_up/
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave UrlChangeCount 124
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_CLASSES_ROOT\ACM.ACMFactory
HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class
HKEY_CLASSES_ROOT\ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\Programme\Save\ACM.dll
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM
HKEY_CLASSES_ROOT\AppID\ACM.DLL
HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}


WhenU.WhenUSearch Low Risk Adware more information...
Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\WUSN.1
HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id


SearchNugget Toolbar more information...
Details: SearchNugget is a Browser Helper Object (BHO) that creates a toolbar in Internet Explorer.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class
HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}


ABetterInternet.Aurora Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\alex.jagang\cookies\alex@a[1].txt


Hitbox.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\alex.jagang\cookies\alex@hitbox[2].txt

#4 jagang

1.
Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet.

2.
dann berichte, ob der IE noch abstuerzt..

3.
Lade den Firefox und stelle ihn als Standard ein.
http://virus-protect.org/firefox.html

4.
Pocket KillBox
http://virus-protect.org/killbox.html

Options: "Delete on Reboot" und "Single File"--> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "yes"
reinkopieren: ..

C:\WINDOWS\IECodecPlg.dll

PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit

#5 ok hab jetzt alles gemacht jedoch ist während dem letzten counterspy scan 3 mal die Meldung vom norton gekommen das der Virus W32.Spybot.Worm gefunden und gelöscht wurde.

Desweiteren wurde folgenen Meldung angezeigt als ich die IECodecPlg.dll löschen wollte:

PendingFileRenameOperations Registry Data has been Removed by External Process!

#6 also war/ist noch ein Wurm drauf.....

arbeite das ab und poste den scanreport
http://virus-protect.org/artikel/tools/fprot.html
__________
MfG Sabina

rund um die PC-Sicherheit

#7 ╔══════════════════════════════════════════════════════════════════════════════╗
║Virus scanning report - 15 July 2006 @ 12:39 ║
║ ║
║F-PROT ANTIVIRUS ║
║Program version: 3.16f ║
║Engine version: 3.16.13 ║
║ ║
║VIRUS SIGNATURE FILES ║
║SIGN.DEF created 13 June 2006 ║
║SIGN2.DEF created 13 June 2006 ║
║MACRO.DEF created 15 June 2006 ║
║ ║
║Search: Local hard disks ║
║Action: Report only ║
║Files: "Dumb" scan of all files ║
║Switches: /ARCHIVE /PACKED /NOFLOPPY ║
║No viruses found in memory. ║
║Hard disk boot sectors were not scanned. ║
║ ║
║Scanning C: ║
║C:\HIBERFIL.SYS Not scanned (in use by another application) ║
║C:\CYGWIN\HOME\ALEX\BASH_H~1 Not scanned (in use by another application) ║
║C:\DOKUME~1\ALEX~1.JAG\NTUSER.DAT Not scanned (in use by another application)║
║C:\DOKUME~1\ALEX~1.JAG\NTUSER~1.LOG Not scanned (in use by another applicatio║
╚══════════════════════════════════════════════════P-Print S-Save ESC-Cancel═╝

╔══════════════════════════════════════════════════════════════════════════════╗
║Scanning D: ║
║Scanning I: ║
║Error on reading I:\ ║
║Scanning J: ║
║Error on reading J:\ ║
║Scanning K: ║
║Error on reading K:\ ║
║Scanning L: ║
║Error on reading L:\ ║
║ ║
║Results of virus scanning: ║
║ ║
║Files: 1931 ║
║MBRs: 0 ║
║Boot sectors: 0 ║
║Objects scanned: 2957 ║
║ ║
║Time: 3:54 ║
║ ║
║No viruses or suspicious files/boot sectors were found. ║
║ ║
║ ║
║ ║
╚══════════════════════════════════════════════════P-Print S-Save ESC-Cancel═╝

#8 das sieht ja schon mal gut aus
nun mache noch einen Onlinescan mit kaspersky und berichte
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#9 ok kaspersky wurde durchgeführt was ich aber noch sagen wollte ist das in der Zwischenzeit der Virus wieder ein paar mal von norton gefunden und gelöscht wurde!

Unter C:\Windows\System32\msconfigs.exe scheint sich der Übeltäter zu befinden


KASPERSKY ONLINE SCANNER REPORT
Saturday, July 15, 2006 4:04:44 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/07/2006
Kaspersky Anti-Virus database records: 195115
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
I:\
J:\
K:\
L:\
Scan Statistics
Total number of scanned objects 83440
Number of viruses found 2
Number of infected objects 20 / 0
Number of suspicious objects 0
Duration of the scan process 01:20:50

Infected Object Name Virus Name Last Action
C:\cygwin\home\alex\.bash_history Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\Cookies\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\Lokale Einstellungen\Temp\ mon008.log Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\Lokale Einstellungen\Temp\~DF7ECA.tmp Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\Lokale Einstellungen\Temp\~DF7F4C.tmp Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\Lokale Einstellungen\Temp\~DF976B.tmp Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\Lokale Einstellungen\Temp\~DF9EDA.tmp Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\Lokale Einstellungen\Temp\~DFE23C.tmp Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\Lokale Einstellungen\Temp\~DFFFEF.tmp Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\Lokale Einstellungen\Verlauf\History.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\Lokale Einstellungen\Verlauf\History.IE5\MSHist012006071520060716\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\Alex.JAGANG\ntuser.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI MMC\RemoteWonder.txt Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Common Client\Confid.log Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Common Client\Content.log Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Common Client\settings.dat Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Verlauf\History.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\MSDE\Data\master.mdf Object is locked skipped
C:\MSDE\Data\mastlog.ldf Object is locked skipped
C:\MSDE\Data\model.mdf Object is locked skipped
C:\MSDE\Data\modellog.ldf Object is locked skipped
C:\MSDE\Data\msdbdata.mdf Object is locked skipped
C:\MSDE\Data\msdblog.ldf Object is locked skipped
C:\MSDE\Data\TEMPDB.MDF Object is locked skipped
C:\MSDE\Data\TEMPLOG.LDF Object is locked skipped
C:\MSDE\LOG\ERRORLOG Object is locked skipped
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDCON.log Object is locked skipped
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDFW.log Object is locked skipped
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPStart.log Object is locked skipped
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPStop.log Object is locked skipped
C:\Programme\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Programme\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Programme\Norton AntiVirus\AVError.log Object is locked skipped
C:\Programme\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Programme\Norton AntiVirus\Quarantine\034E29ED.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\15A2400C.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\19CA15C1.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\209A6B67.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\21922131.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\2BDA51E0.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\Programme\Norton AntiVirus\Quarantine\2E2A427B.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\34FA5595.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\39CC55AD.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\3C9A6A97.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\3F0A3DE8.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\458264CA.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\497C4F44.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\4EBD49C6.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\589B017C.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\5C3A7DCA.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\6F0B7ECB.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\6FD95DEB.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\79FA0CC3.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\Programme\Norton AntiVirus\Quarantine\7B682C56.exe Infected: Backdoor.Win32.Rbot.aym skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8B30F253-140D-44FB-91C8-1D10644DE9EC}\RP4\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833998$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833998$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd7181.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

#10 nichts auffaelliges zu sehen... meinerseits sage ich: alles o.k. was meint dein Virenscanner ?
__________
MfG Sabina

rund um die PC-Sicherheit

#11 naja das problem ist das norton allein heute 11 mal den Virus W32.Spybot.Worm, letztens um 17:02, gefunden hat. Er hat sie zwar immer wieder gelöscht aber nach einer Zeit sind sie wieder von neuem augetaucht.

Wobei von den 11 mal die infizierte Datei msconfigs und 1 mal mssave geheißen hat. Immer im Ordner System32

Und kaspersky hat ja auch 2 Viren gefunden oder sind die ungefährlich?

#12 vielleicht bin ich schon leicht betriebsblind ...immer nur viren , aber wo siehst du was ?
ich sehe keinen Pfad...........nur die Quarantaene vom Symantec .
__________
MfG Sabina

rund um die PC-Sicherheit

#13 Number of viruses found 2

steht ganz oben beim scan bericht von kaspersky

#14 1.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

2.
F-Secure provides the special disinfection utility to eliminate SdBot.MB worm infection. You can download this utility from our ftp site:
ftp://ftp.f-secure.com/anti-virus/tools/f-sdbot.exe
poste den scanreport

3.
lade von hier den Sophos (alles andere auf der seite gilt nicht fuer dein Problem), scanne und poste den report
http://virus-protect.org/artikel/bfu/p2pbfuhtml.html
__________
MfG Sabina

rund um die PC-Sicherheit

#15 W32/Sdbot Removal Tool ver 1.00.1
Copyright (c) 2004, F-Secure Corporation. All rights reserved.

Infected process was not found in memory
Scan hard drives and remove all infected files. Please wait.
No infection found


----------------------------------------------------------------------
IMPORTANT!

The SDBot backdoors use different tricks to infect remote hosts. So it is very
important to do the following after disinfection:

1. Apply all the latest security patches to your operating system.
2. Change all logins/passwords (do not use simple or empty passwords).
3. Secure your network shares and ftp sites: restrict access rights.
4. Install a firewall and an anti-virus program for protection against similar
attacks in the future.
----------------------------------------------------------------------

press any key to exit ...




Sophos:

Quick Scanning

Password protected file C:\Adonis\homer\homer\HOMER.xls
Password protected file C:\Adonis\homer\homer\lng.xls
Could not open C:\hiberfil.sys
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\RdrMs
gDEU.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\read0
600win_DEUyhoo0010.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\RdrMs
gENU.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\read0
600win_ENUyhoo0010.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\RdrMsgSpl
ash.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\WebSearch\WebSearc
hENU.pdf
Password protected file C:\Programme\BOC\ADONIS\homer\HOMER.xls
Password protected file C:\Programme\BOC\ADONIS\homer\lng.xls
Could not open C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcrst.
dll
Could not open C:\WINDOWS\system32\drivers\dtscsi.sys
Could not open C:\WINDOWS\system32\drivers\sptd.sys
Could not open C:\WINDOWS\system32\drivers\sptd7181.sys
/


da hat sich dann plötzlich das fenster geschlossen warum weiß ich nicht. Habs deswegen 2 mal probiert und dann immer sofort alles makiert und kopiert.

Und in der Zwischenzeit kam wieder 3 mal die Viren-Warnung von Norton