DR/Bridge.A.2 - wie entfernen ? |
||
---|---|---|
#0
| ||
14.05.2004, 21:32
Member
Beiträge: 1122 |
||
|
||
14.05.2004, 21:40
...neu hier
Beiträge: 2 |
#17
Danke DAFRA - oh mann, ist das peinlich! Hier also das gesamte Logfile:
Logfile of HijackThis v1.97.7 Scan saved at 21:00:39, on 14.05.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\Explorer.EXE C:\Programme\Executive Software\DiskeeperLite\DKService.exe C:\Programme\VeriSign\NAVI\naviagent.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Pinnacle\Shared Files\remoterm.exe C:\WINDOWS\System32\pupxpman.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\enxzrti.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Programme\Pinnacle\DV500\ERegister\Remind32.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Horst Krammer\Eigene Dateien\Downloads\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1und1.com/ R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_1_4.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {65C93FEB-172E-407D-B3DF-5A68D1B74EA0} - C:\WINDOWS\hcgxp.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: (no name) - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_1_4.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] c:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [PinnacleRemote] c:\Programme\Pinnacle\Shared Files\remoterm.exe O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\System32\PUPXPTWK.EXE /TWEAK O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ywonb] C:\WINDOWS\enxzrti.exe O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [IW_Drop_Icon] c:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc O4 - Startup: Pinnacle Systems - miro Family.lnk = C:\Programme\Pinnacle\DV500\ERegister\Remind32.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Hilfe zu i-Nav (HKLM) O9 - Extra 'Tools' menuitem: Hilfe zu i-Nav (HKLM) O9 - Extra 'Tools' menuitem: Optionen für i-Nav (HKLM) O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/mp3.cab MFG HAKA |
|
|
||
28.05.2004, 22:37
Member
Beiträge: 34 |
#18
Hallo, ich hab das gleiche PRoblem mit dem DR/Bridge.A.2 die gleiche Meldung wie die anderen im AntiVir XP...habe Spybot drüberlaufen lassen und auch den Hijack-log erstellt....das Ding ist leider immer noch da und ich weiß nicht was ich machen soll....hier mein Hijack-Log:
Logfile of HijackThis v1.97.7 Scan saved at 21:06:52, on 28.05.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe C:\Programme\Winamp\winampa.exe C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\QuickTime\qttask.exe C:\Programme\ScanSoft\OmniPageSE\opware32.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\AOL 9.0\aoltray.exe C:\Programme\T-DSL SpeedManager\tsmsvc.exe C:\Programme\ICQ\ICQ.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Alex\Desktop\Alex-Ordner\Download\Anwendungen\hijackthis1977\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.oa515.de/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE" O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe" O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQNet.exe O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /M "Stylus C44" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\RunOnce: [ICQ] C:\Programme\ICQ\ICQ.exe -trayboot O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM) O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: AOL Instant Messenger (TM) (HKLM) O9 - Extra button: ICQ 4.0 (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37918.5083449074 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Dieser Beitrag wurde am 28.05.2004 um 23:02 Uhr von Camailleon editiert.
|
|
|
||
29.05.2004, 00:41
Ehrenmitglied
Beiträge: 29434 |
#19
@Camailleon
Lade folgendes Tool (e-scann, mwav.exe) http://www.soft411.com/company/MicroWorld-Technologies-Inc/MicroWorld-Anti-Virus-Toolkit.htm Dann deaktivierst du die Wiederherstellung und gehst in den abgesicherten Modus (F8 beim Hochfahren druecken) dort scannst du <alle Dateien< normal neustarten Poste dann mal, was die mwav.exe angezeigt hat. MfG Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 29.05.2004 um 00:44 Uhr von Sabina editiert.
|
|
|
||
29.05.2004, 01:01
Ehrenmitglied
Beiträge: 29434 |
#20
@Haka
Lade folgende Tools: --------------------- AdAware Cwshredder Sphjfix.exe Spybot http://www.trojaner-info.de/anleitungen/hijackthis/about_blank.html DigitalPatrol http://www.antiviraldp.com/download.htm mwav.exe (e-scann) http://www.mwti.net/antivirus/free_utilities.asp Nun hier http://members.shaw.ca/techcd/VB_Projects den Hostfilereader.exe downloaden Dann deaktivierst du die Wiederherstellung (kannst du nach der Reinigung wieder aktivieren) http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924 ------------------------------------------------------------------------------------------- gehe in den abgesicherten Modus (F8 beim Hochfahren druecken) Dort mit dem HijackThisohne Internetverbindung) <scann< und hake an, was ich poste<fix R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_1_4.dll O2 - BHO: (no name) - {65C93FEB-172E-407D-B3DF-5A68D1B74EA0} - C:\WINDOWS\hcgxp.dll O2 - BHO: (no name) - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_1_4.dll O4 - HKLM\..\Run: [ywonb] C:\WINDOWS\enxzrti.exe O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" #deinstalliere C:\Program Files\webHancer --> sowie alles loeschen, was damit zu tun hat. #C:\WINDOWS\enxzrti.exe loeschen ------------------------------------------------------------------------ #Hostfilereader.exe ausführen und die Schalfläche "Reset Default" klickern und danach OK und Exit. #Editor öffnen und folgenden Text einfügen : REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "System"=- [-HKEY_CLASSES_ROOT\CLSID\{CE000994-A58C-4441-8938-744CD72AB27F}] [-HKEY_CLASSES_ROOT\CLSID\{65C93FEB-172E-407D-B3DF-5A68D1B74EA0}] [-HKEY_CLASSES_ROOT\CLSID\{CE000992-A58C-4441-8938-744CD72AB27F}] 6. Speichern unter "clear.reg" (dazu Dateityp : alle Dateien auswählen) 7. Doppelklick auf den so neu erzeugten File und der Abfrage "zur Registry hinzufügen" zustimmen. 8. Diese File C:\Programme\VeriSign\i-Nav\i-nav_4_1_4.dll C:\WINDOWS\hcgxp.dll finden und löschen. -------------------------------------------------------------------------------------------------- dann scanne ebenfalls im abgesicherten Modus mit AdAware, CWSHredder, Sphjfix.exe, DigitPatrol und der mwav.exe (<alle Dateien scannen) normal neustarten Loesche unter InternetOptionen die TemporaryInternetFiles . Dann poste das Log noch einmal MfG Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 29.05.2004 um 01:21 Uhr von Sabina editiert.
|
|
|
||
29.05.2004, 01:18
Member
Beiträge: 34 |
#21
Hi sabina, hier mein mvaw.log ist ziemlich viel:
Sat May 29 01:00:31 2004 => ********************************************************** Sat May 29 01:00:31 2004 => eScan AntiVirus Toolkit Utility. Sat May 29 01:00:31 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc. Sat May 29 01:00:31 2004 => ********************************************************** Sat May 29 01:00:31 2004 => Version 4.2.2 Sat May 29 01:00:31 2004 => Log File: C:\DOKUME~1\Alex\LOKALE~1\Temp\mwav.log Sat May 29 01:00:31 2004 => Latest Date of files inside MWAV: 24 May 2004 12:04:15. Sat May 29 01:00:35 2004 => AV Library Loaded... Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\kavss.exe Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\Getvlist.exe Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\kavss.dll Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\kavssdi.dll Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\kavssi.dll Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\kavvlg.dll Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\msvlclnt.dll Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\ipc.dll Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\main.avi Sat May 29 01:00:36 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\virus.avi Sat May 29 01:00:36 2004 => Virus Database Date: 2004/05/24 Sat May 29 01:00:36 2004 => Virus Database Count: 93203 Sat May 29 01:00:56 2004 => ********************************************************** Sat May 29 01:00:56 2004 => eScan AntiVirus Toolkit Utility. Sat May 29 01:00:56 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc. Sat May 29 01:00:56 2004 => Sat May 29 01:00:56 2004 => Support: support@mwti.net Sat May 29 01:00:56 2004 => Web: http://www.mwti.net Sat May 29 01:00:56 2004 => ********************************************************** Sat May 29 01:00:56 2004 => Version 4.2.2 Sat May 29 01:00:56 2004 => Log File: C:\DOKUME~1\Alex\LOKALE~1\Temp\mwav.log Sat May 29 01:00:56 2004 => Latest Date of files inside MWAV: 24 May 2004 12:04:15. Sat May 29 01:05:41 2004 => Options Selected by User: Sat May 29 01:05:41 2004 => Memory Check: Enabled Sat May 29 01:05:41 2004 => Registry Check: Enabled Sat May 29 01:05:41 2004 => StartUp Folder Check: Enabled Sat May 29 01:05:41 2004 => System Folder Check: Enabled Sat May 29 01:05:41 2004 => System Area Check: Disabled Sat May 29 01:05:41 2004 => Services Check: Enabled Sat May 29 01:05:41 2004 => Drive Check Option Disabled Sat May 29 01:05:41 2004 => Scanning Type: Scan And Clean Sat May 29 01:05:41 2004 => Folder Check: Disabled Sat May 29 01:05:41 2004 => ***** Scanning Memory Files ***** Sat May 29 01:05:41 2004 => Scanning File C:\WINDOWS\system32\services.exe Sat May 29 01:05:41 2004 => Scanning File C:\WINDOWS\system32\lsass.exe Sat May 29 01:05:41 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat May 29 01:05:41 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat May 29 01:05:41 2004 => Scanning File C:\WINDOWS\Explorer.EXE Sat May 29 01:05:41 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\mwavscan.com Sat May 29 01:05:42 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\kavss.exe Sat May 29 01:05:42 2004 => ***** Scanning Registry Files ***** Sat May 29 01:05:42 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Sat May 29 01:05:42 2004 => Scanning File C:\WINDOWS\Explorer.exe Sat May 29 01:05:42 2004 => Scanning File C:\WINDOWS\system32\userinit.exe Sat May 29 01:05:42 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sat May 29 01:05:42 2004 => Scanning File C:\WINDOWS\System32\igfxtray.exe Sat May 29 01:05:42 2004 => Scanning File C:\WINDOWS\System32\hkcmd.exe Sat May 29 01:05:42 2004 => Scanning File C:\PROGRA~1\SAMSUNG\SENSKE~1\SENSKBD.EXE Sat May 29 01:05:42 2004 => Scanning File C:\PROGRA~1\ULEADS~1\ULEADP~1.0\Monitor.exe Sat May 29 01:05:42 2004 => Scanning File C:\WINDOWS\System32\\NeroCheck.exe Sat May 29 01:05:42 2004 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE Sat May 29 01:05:43 2004 => Scanning File C:\Programme\Winamp\winampa.exe Sat May 29 01:05:43 2004 => Scanning File C:\WINDOWS\AGRSMMSG.exe Sat May 29 01:05:43 2004 => Scanning File C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe Sat May 29 01:05:43 2004 => Scanning File C:\Programme\AVPersonal\AVGNT.EXE Sat May 29 01:05:43 2004 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe Sat May 29 01:05:43 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\AOL\ACS\AOLDial.exe Sat May 29 01:05:43 2004 => Scanning File C:\Programme\QuickTime\qttask.exe Sat May 29 01:05:43 2004 => Scanning File C:\Programme\ICQ\ICQNet.exe Sat May 29 01:05:43 2004 => Scanning File C:\Programme\ScanSoft\OmniPageSE\opware32.exe Sat May 29 01:05:44 2004 => Scanning File C:\Programme\Real\RealPlayer\RealPlay.exe Sat May 29 01:05:44 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Sat May 29 01:05:44 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Sat May 29 01:05:44 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Sat May 29 01:05:44 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sat May 29 01:05:44 2004 => Scanning File C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe Sat May 29 01:05:45 2004 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE Sat May 29 01:05:45 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe Sat May 29 01:05:45 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Sat May 29 01:05:45 2004 => Scanning File C:\Programme\ICQ\ICQ.exe Sat May 29 01:05:46 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Sat May 29 01:05:46 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Sat May 29 01:05:46 2004 => Scanning HKCR\txtfile\shell\open\command Sat May 29 01:05:46 2004 => Scanning HKCR\comfile\shell\open\command Sat May 29 01:05:46 2004 => Scanning HKCR\exefile\shell\open\command Sat May 29 01:05:46 2004 => Scanning HKCR\dllfile\shell\open\command Sat May 29 01:05:46 2004 => Scanning HKCR\batfile\shell\open\command Sat May 29 01:05:46 2004 => Scanning HKCR\piffile\shell\open\command Sat May 29 01:05:46 2004 => Scanning HKCR\scrfile\shell\open\command Sat May 29 01:05:47 2004 => Scanning HKCR\scrfile\shell\config\command Sat May 29 01:05:47 2004 => Scanning HKCR\regfile\shell\open\command Sat May 29 01:05:47 2004 => ***** Scanning StartUp Folders ***** Sat May 29 01:05:47 2004 => ***** Scanning C:\Dokumente und Einstellungen\Alex\Startmenü\Programme\Autostart Folder ***** Sat May 29 01:05:47 2004 => Scanning Folder: C:\Dokumente und Einstellungen\Alex\Startmenü\Programme\Autostart\*.* Sat May 29 01:05:47 2004 => Scanning File C:\Dokumente und Einstellungen\Alex\Startmenü\Programme\Autostart\desktop.ini Sat May 29 01:05:47 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder ***** Sat May 29 01:05:47 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.* Sat May 29 01:05:47 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini Sat May 29 01:05:47 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk Sat May 29 01:05:47 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk Sat May 29 01:05:47 2004 => ***** Scanning Service Files ***** Sat May 29 01:05:47 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services Sat May 29 01:05:47 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys Sat May 29 01:05:47 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPIEC.sys Sat May 29 01:05:47 2004 => Scanning File C:\WINDOWS\System32\drivers\aec.sys Sat May 29 01:05:47 2004 => Scanning File C:\WINDOWS\System32\drivers\afd.sys Sat May 29 01:05:47 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\AGRSM.sys Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\alg.exe Sat May 29 01:05:48 2004 => Scanning File C:\Programme\AVPersonal\AVGUARD.EXE Sat May 29 01:05:48 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\arp1394.sys Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\ATWPKT.SYS Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys Sat May 29 01:05:48 2004 => Scanning File C:\PROGRAMME\AVPERSONAL\AVGNTDD.SYS Sat May 29 01:05:48 2004 => Scanning File C:\Programme\AVPersonal\AVWUPSRV.EXE Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\bridge.sys Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\bridge.sys Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\Drivers\camdrv30.sys Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\CCDECODE.sys Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\cisvc.exe Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\system32\clipsrv.exe Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\CmBatt.sys Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\compbatt.sys Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\drivers\cwawdm.sys Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\dmadmin.exe Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:49 2004 => ERROR!!! Invalid Entry \??\D:\MEMIO.SYS in SYSTEM\CurrentControlSet\Services\DOSMEMIO... Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\e100b325.sys Sat May 29 01:05:50 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\EPSON\EBAPI\SAgent2.exe Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\system32\services.exe Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\system32\drivers\fwdrv.sys Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\hidusb.sys Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ialmnt5.sys Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\imapi.exe Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys Sat May 29 01:05:51 2004 => Scanning File C:\PROGRA~1\Kerio\PERSON~1\kpf4ss.exe Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:52 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\MACROM~2\Service\MACROM~1.EXE Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouhid.sys Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\msdtc.exe Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\msiexec.exe Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\drivers\MSTEE.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\NdisIP.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\system32\netdde.exe Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\system32\netdde.exe Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\lsass.exe Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nic1394.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\lsass.exe Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ohci1394.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys Sat May 29 01:05:54 2004 => Scanning File C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pcmcia.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\system32\services.exe Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\lsass.exe Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\system32\lsass.exe Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\PxHelp20.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\system32\sessmgr.exe Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\locator.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\rsvp.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\system32\lsass.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sbp2port.sys Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\Ser*hier nicht!*.sys Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sfloppy.sys Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\SLIP.sys Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\StreamIP.sys Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\swld12.sys Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\system32\smlogsvc.exe Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:56 2004 => Scanning File C:\PROGRA~1\T-DSLS~1\TNPACKET.SYS Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat May 29 01:05:56 2004 => Scanning File C:\PROGRA~1\T-DSLS~1\tsmsvc.exe Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\ups.exe Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbehci.sys Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbprint.sys Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbscan.sys Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbuhci.sys Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\drivers\vga.sys Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\vssvc.exe Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wanatw4.sys Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\wanmpsvc.exe Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat May 29 01:05:58 2004 => Scanning File C:\WINDOWS\System32\drivers\A311.sys Sat May 29 01:05:58 2004 => Scanning File C:\WINDOWS\System32\drivers\A310.sys Sat May 29 01:05:58 2004 => Scanning File C:\WINDOWS\System32\drivers\ialmsbw.sys Sat May 29 01:05:58 2004 => Scanning File C:\WINDOWS\System32\drivers\ialmkchw.sys Sat May 29 01:05:58 2004 => ***** Scanning System32 Folders ***** Sat May 29 01:05:58 2004 => Scanning C:\WINDOWS Directory Sat May 29 01:05:58 2004 => ***** Checking for specific ITW Viruses ***** Sat May 29 01:05:58 2004 => Checking for Welchia Virus... Sat May 29 01:05:58 2004 => Checking for LovGate Virus... Sat May 29 01:05:58 2004 => Checking for CodeRed Virus... Sat May 29 01:05:58 2004 => Checking for OpaServ Virus... Sat May 29 01:05:58 2004 => Checking for Sobig.e Virus... Sat May 29 01:05:58 2004 => Checking for Winupie Virus... Sat May 29 01:05:58 2004 => Checking for Swen Virus... Sat May 29 01:05:58 2004 => Checking for JS.Fortnight Virus... Sat May 29 01:05:58 2004 => Checking for Novarg Virus... Sat May 29 01:05:58 2004 => ***** Scanning complete. ***** Sat May 29 01:05:58 2004 => Total Number of Files Scanned: 228 Sat May 29 01:05:58 2004 => Total Number of Virus(es) Found: 0 Sat May 29 01:05:58 2004 => Total Number of Disinfected Files: 0 Sat May 29 01:05:59 2004 => Total Number of Files Renamed: 0 Sat May 29 01:05:59 2004 => Total Number of Deleted Files: 0 Sat May 29 01:05:59 2004 => Total Number of Errors: 1 Sat May 29 01:05:59 2004 => Time Elapsed: 00:00:18 Sat May 29 01:05:59 2004 => Virus Database Date: 2004/05/24 Sat May 29 01:05:59 2004 => Virus Database Count: 93203 Sat May 29 01:05:59 2004 => Scan Completed. |
|
|
||
29.05.2004, 01:23
Ehrenmitglied
Beiträge: 29434 |
#22
Das haette auch gereicht..
Sat May 29 01:05:58 2004 => Total Number of Files Scanned: 228 Sat May 29 01:05:58 2004 => Total Number of Virus(es) Found: 0 Sat May 29 01:05:58 2004 => Total Number of Disinfected Files: 0 Sat May 29 01:05:59 2004 => Total Number of Files Renamed: 0 Sat May 29 01:05:59 2004 => Total Number of Deleted Files: 0 Sat May 29 01:05:59 2004 => Total Number of Errors: 1 Sat May 29 01:05:59 2004 => Time Elapsed: 00:00:18 Sat May 29 01:05:59 2004 => Virus Database Date: 2004/05/24 Sat May 29 01:05:59 2004 => Virus Database Count: 93203 Sat May 29 01:05:59 2004 => Scan Completed. es scheint alles o.k. Welche Probleme hast du denn ? ---------------------------------------------------------------------------- bridge entfernen: über IE/Extras oder Internetoptionen die TEMP.Int.löschen, incl OFFLINE-Dateien!!! Dies für alle User wiederholen -In den abgeicherten Modus gehen (F8 beim Hochfahren druecken) Dann noch einmal mit dem Antivirenscanner scannen scannen. MfG Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 29.05.2004 um 01:26 Uhr von Sabina editiert.
|
|
|
||
29.05.2004, 01:26
Member
Beiträge: 34 |
#23
Zitat Sabina posteteMein Virenscanner findet den DR/Bridge.A.2. immernoch. Zumindest hat er das beim letzten Mal gemacht. Genauso wie im ersten Post beschrieben. |
|
|
||
29.05.2004, 01:27
Ehrenmitglied
Beiträge: 29434 |
#24
Start<Ausfuehre< msconfig reinschreiben < dann oeffnet sich ein Fenster und du gehst auf den <Systemstart< dort nimmst du das Haeckchen vor allem raus , was <bridge< ODER a.exe raus.
(man sieht aber unter 04-Eintraegen , dass da nichts ist...) -dann neustarten ------------------------------------------------------------------------------ -Antivirus aktualisieren (updat) -AVPE-Guard kurz deaktivieren, und dann über IE/Extras oder Internetoptionen die TEMP.Int.löschen, incl OFFLINE-Dateien!!!----keine Internetverbindung dabei Dies für alle User wiederholen -In den abgeicherten Modus gehen (F8 beim Hochfahren druecken) Dann noch einmal scannen. MfG Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 29.05.2004 um 01:36 Uhr von Sabina editiert.
|
|
|
||
29.05.2004, 01:33
Member
Beiträge: 34 |
#25
dort nimmst du das Haeckchen vor allem raus , was <bridge< ODER a.exe raus.
--> da gibts nix, bzw. das unter Befehl, bzw. Pfad kann ich nicht ganz lesen, Fenster lässt sich auch nicht vergrößern.....wird mir auhc nicht angezeigt ernn ich die Maus draufhalte. EDIT: kanns jetzt doch sehen!! Da ist nichts in der Arte wie du gesagt hast. Dieser Beitrag wurde am 29.05.2004 um 01:39 Uhr von Camailleon editiert.
|
|
|
||
29.05.2004, 01:42
Ehrenmitglied
Beiträge: 29434 |
#26
das war schon aus den 04 -Eintraegen vom HijackThis ersichtlich.
der Dropper ist in den TemporaryInternetFiles C:\Dokumente und Einstellungen/User\Lokale Einstellungen\Temporary Internet Files\Content.IE5\X3DHG5EW bridge[1].cab ----------------------------------------- Antivirus aktualisieren (updat) -AVPE-Guard kurz deaktivieren, und dann über IE/Extras oder Internetoptionen die TEMP.Int.löschen, incl OFFLINE-Dateien!!!----keine Internetverbindung dabei Dies für alle User wiederholen -In den abgeicherten Modus gehen (F8 beim Hochfahren druecken) Dann noch einmal scannen. Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 29.05.2004 um 01:46 Uhr von Sabina editiert.
|
|
|
||
29.05.2004, 01:45
Member
Beiträge: 34 |
#27
Mit meinem Virenscanner nochal scannen oder mit dem mwev?
|
|
|
||
29.05.2004, 01:47
Ehrenmitglied
Beiträge: 29434 |
#28
Wenn alle TemporaryInternetFiles und die Offline-Seiten ueber über IE/Extras (InternetOptionen) geloescht sind
oder du loescht direkt InternetExplorer vorher schliessen) C:\Dokumente und Einstellungen/User\Lokale Einstellungen\Temporary Internet Files\Content.IE5\X3DHG5EW bridge[1].cab wenn es da ist... scanne mit dem Antivir. im abgesicherten Modus (F8 beim Hochfahren druecken) __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 29.05.2004 um 01:53 Uhr von Sabina editiert.
|
|
|
||
29.05.2004, 02:45
Member
Beiträge: 34 |
#29
Danke Sabina...das Ding ist diesmal nicht wieder aufgetaucht.....ich bin so froh....das kannst du dir gar nicht vorstellen!!!!!
Vielen, vielen Dank! |
|
|
||
06.06.2004, 18:02
...neu hier
Beiträge: 2 |
#30
Hallo, auch ich habe diesen blöden virus bridge..irgendwas..
kann mir jemand weiterhelfen? Logfile of HijackThis v1.97.7 Scan saved at 18:01:54, on 06.06.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Programme\QuickTime\qttask.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\msiexec.exe C:\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.master-search.com/search.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.master-search.com/search.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/start.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.master-search.com/search.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de/service/redir/ie_t-online.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.master-search.com/search.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de;localhost;<local> F2 - REG:system.ini: Shell=Explorer.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: CAPI Control.lnk = C:\Programme\Eumex 704PC LAN\Capictrl.exe O4 - Global Startup: HomeNet Control.lnk = C:\Programme\Eumex 704PC LAN\HNetCtrl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: AIM (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de/service/redir/ie_t-online.htm O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.power-url.de/StarInstall.ocx Danke schonmal im Vorraus |
|
|
||
MFG
DAFRA