DR/Bridge.A.2 - wie entfernen ?

#0
14.05.2004, 21:32
Member
Avatar Dafra

Beiträge: 1122
#16 Das ist nur die Hälfte, poste das ganze.
MFG
DAFRA
Seitenanfang Seitenende
14.05.2004, 21:40
...neu hier

Beiträge: 2
#17 Danke DAFRA - oh mann, ist das peinlich! Hier also das gesamte Logfile:

Logfile of HijackThis v1.97.7
Scan saved at 21:00:39, on 14.05.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Executive Software\DiskeeperLite\DKService.exe
C:\Programme\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Pinnacle\Shared Files\remoterm.exe
C:\WINDOWS\System32\pupxpman.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\enxzrti.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Pinnacle\DV500\ERegister\Remind32.exe
C:\Programme\AVPersonal\AVSched32.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Horst Krammer\Eigene Dateien\Downloads\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1und1.com/
R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_1_4.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {65C93FEB-172E-407D-B3DF-5A68D1B74EA0} - C:\WINDOWS\hcgxp.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: (no name) - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_1_4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] c:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleRemote] c:\Programme\Pinnacle\Shared Files\remoterm.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\System32\PUPXPTWK.EXE /TWEAK
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ywonb] C:\WINDOWS\enxzrti.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] c:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc
O4 - Startup: Pinnacle Systems - miro Family.lnk = C:\Programme\Pinnacle\DV500\ERegister\Remind32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Hilfe zu i-Nav (HKLM)
O9 - Extra 'Tools' menuitem: Hilfe zu i-Nav (HKLM)
O9 - Extra 'Tools' menuitem: Optionen für i-Nav (HKLM)
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/mp3.cab

MFG
HAKA
Seitenanfang Seitenende
28.05.2004, 22:37
Member

Beiträge: 34
#18 Hallo, ich hab das gleiche PRoblem mit dem DR/Bridge.A.2 die gleiche Meldung wie die anderen im AntiVir XP...habe Spybot drüberlaufen lassen und auch den Hijack-log erstellt....das Ding ist leider immer noch da und ich weiß nicht was ich machen soll....hier mein Hijack-Log:

Logfile of HijackThis v1.97.7
Scan saved at 21:06:52, on 28.05.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\ICQ\ICQ.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Alex\Desktop\Alex-Ordner\Download\Anwendungen\hijackthis1977\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.oa515.de/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /M "Stylus C44"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\Programme\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AOL Instant Messenger (TM) (HKLM)
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37918.5083449074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Dieser Beitrag wurde am 28.05.2004 um 23:02 Uhr von Camailleon editiert.
Seitenanfang Seitenende
29.05.2004, 00:41
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#19 @Camailleon

Lade folgendes Tool (e-scann, mwav.exe)
http://www.soft411.com/company/MicroWorld-Technologies-Inc/MicroWorld-Anti-Virus-Toolkit.htm

Dann deaktivierst du die Wiederherstellung und gehst in den abgesicherten Modus (F8 beim Hochfahren druecken)

dort scannst du <alle Dateien<

normal neustarten

Poste dann mal, was die mwav.exe angezeigt hat.

MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 29.05.2004 um 00:44 Uhr von Sabina editiert.
Seitenanfang Seitenende
29.05.2004, 01:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#20 @Haka

Lade folgende Tools:
---------------------
AdAware
Cwshredder
Sphjfix.exe
Spybot
http://www.trojaner-info.de/anleitungen/hijackthis/about_blank.html

DigitalPatrol
http://www.antiviraldp.com/download.htm

mwav.exe (e-scann)
http://www.mwti.net/antivirus/free_utilities.asp

Nun hier http://members.shaw.ca/techcd/VB_Projects den Hostfilereader.exe downloaden

Dann deaktivierst du die Wiederherstellung (kannst du nach der Reinigung wieder aktivieren)
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924
-------------------------------------------------------------------------------------------
gehe in den abgesicherten Modus (F8 beim Hochfahren druecken)


Dort mit dem HijackThis;)ohne Internetverbindung)
<scann< und hake an, was ich poste<fix

R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_1_4.dll
O2 - BHO: (no name) - {65C93FEB-172E-407D-B3DF-5A68D1B74EA0} - C:\WINDOWS\hcgxp.dll
O2 - BHO: (no name) - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_1_4.dll

O4 - HKLM\..\Run: [ywonb] C:\WINDOWS\enxzrti.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"


#deinstalliere C:\Program Files\webHancer --> sowie alles loeschen, was damit zu tun hat.
#C:\WINDOWS\enxzrti.exe loeschen

------------------------------------------------------------------------

#Hostfilereader.exe ausführen und die Schalfläche "Reset Default" klickern und danach OK und Exit.
#Editor öffnen und folgenden Text einfügen :

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"System"=-
[-HKEY_CLASSES_ROOT\CLSID\{CE000994-A58C-4441-8938-744CD72AB27F}]
[-HKEY_CLASSES_ROOT\CLSID\{65C93FEB-172E-407D-B3DF-5A68D1B74EA0}]
[-HKEY_CLASSES_ROOT\CLSID\{CE000992-A58C-4441-8938-744CD72AB27F}]

6. Speichern unter "clear.reg" (dazu Dateityp : alle Dateien auswählen)
7. Doppelklick auf den so neu erzeugten File und der Abfrage "zur Registry hinzufügen" zustimmen.

8. Diese File
C:\Programme\VeriSign\i-Nav\i-nav_4_1_4.dll
C:\WINDOWS\hcgxp.dll
finden und löschen.

--------------------------------------------------------------------------------------------------

dann scanne ebenfalls im abgesicherten Modus mit AdAware, CWSHredder, Sphjfix.exe, DigitPatrol und der mwav.exe (<alle Dateien scannen)

normal neustarten

Loesche unter InternetOptionen die TemporaryInternetFiles .
Dann poste das Log noch einmal

MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 29.05.2004 um 01:21 Uhr von Sabina editiert.
Seitenanfang Seitenende
29.05.2004, 01:18
Member

Beiträge: 34
#21 Hi sabina, hier mein mvaw.log ist ziemlich viel:

Sat May 29 01:00:31 2004 => **********************************************************
Sat May 29 01:00:31 2004 => eScan AntiVirus Toolkit Utility.
Sat May 29 01:00:31 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sat May 29 01:00:31 2004 => **********************************************************
Sat May 29 01:00:31 2004 => Version 4.2.2
Sat May 29 01:00:31 2004 => Log File: C:\DOKUME~1\Alex\LOKALE~1\Temp\mwav.log
Sat May 29 01:00:31 2004 => Latest Date of files inside MWAV: 24 May 2004 12:04:15.
Sat May 29 01:00:35 2004 => AV Library Loaded...
Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\kavss.exe
Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\Getvlist.exe
Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\kavss.dll
Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\kavssdi.dll
Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\kavssi.dll
Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\kavvlg.dll
Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\msvlclnt.dll
Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\ipc.dll
Sat May 29 01:00:35 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\main.avi
Sat May 29 01:00:36 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\virus.avi
Sat May 29 01:00:36 2004 => Virus Database Date: 2004/05/24
Sat May 29 01:00:36 2004 => Virus Database Count: 93203

Sat May 29 01:00:56 2004 => **********************************************************
Sat May 29 01:00:56 2004 => eScan AntiVirus Toolkit Utility.
Sat May 29 01:00:56 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sat May 29 01:00:56 2004 =>
Sat May 29 01:00:56 2004 => Support: support@mwti.net
Sat May 29 01:00:56 2004 => Web: http://www.mwti.net
Sat May 29 01:00:56 2004 => **********************************************************
Sat May 29 01:00:56 2004 => Version 4.2.2
Sat May 29 01:00:56 2004 => Log File: C:\DOKUME~1\Alex\LOKALE~1\Temp\mwav.log
Sat May 29 01:00:56 2004 => Latest Date of files inside MWAV: 24 May 2004 12:04:15.

Sat May 29 01:05:41 2004 => Options Selected by User:
Sat May 29 01:05:41 2004 => Memory Check: Enabled
Sat May 29 01:05:41 2004 => Registry Check: Enabled
Sat May 29 01:05:41 2004 => StartUp Folder Check: Enabled
Sat May 29 01:05:41 2004 => System Folder Check: Enabled
Sat May 29 01:05:41 2004 => System Area Check: Disabled
Sat May 29 01:05:41 2004 => Services Check: Enabled
Sat May 29 01:05:41 2004 => Drive Check Option Disabled
Sat May 29 01:05:41 2004 => Scanning Type: Scan And Clean
Sat May 29 01:05:41 2004 => Folder Check: Disabled

Sat May 29 01:05:41 2004 => ***** Scanning Memory Files *****
Sat May 29 01:05:41 2004 => Scanning File C:\WINDOWS\system32\services.exe
Sat May 29 01:05:41 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Sat May 29 01:05:41 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat May 29 01:05:41 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat May 29 01:05:41 2004 => Scanning File C:\WINDOWS\Explorer.EXE
Sat May 29 01:05:41 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\mwavscan.com
Sat May 29 01:05:42 2004 => Scanning File C:\DOKUME~1\Alex\LOKALE~1\Temp\kavss.exe

Sat May 29 01:05:42 2004 => ***** Scanning Registry Files *****
Sat May 29 01:05:42 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Sat May 29 01:05:42 2004 => Scanning File C:\WINDOWS\Explorer.exe
Sat May 29 01:05:42 2004 => Scanning File C:\WINDOWS\system32\userinit.exe
Sat May 29 01:05:42 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sat May 29 01:05:42 2004 => Scanning File C:\WINDOWS\System32\igfxtray.exe
Sat May 29 01:05:42 2004 => Scanning File C:\WINDOWS\System32\hkcmd.exe
Sat May 29 01:05:42 2004 => Scanning File C:\PROGRA~1\SAMSUNG\SENSKE~1\SENSKBD.EXE
Sat May 29 01:05:42 2004 => Scanning File C:\PROGRA~1\ULEADS~1\ULEADP~1.0\Monitor.exe
Sat May 29 01:05:42 2004 => Scanning File C:\WINDOWS\System32\\NeroCheck.exe
Sat May 29 01:05:42 2004 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
Sat May 29 01:05:43 2004 => Scanning File C:\Programme\Winamp\winampa.exe
Sat May 29 01:05:43 2004 => Scanning File C:\WINDOWS\AGRSMMSG.exe
Sat May 29 01:05:43 2004 => Scanning File C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
Sat May 29 01:05:43 2004 => Scanning File C:\Programme\AVPersonal\AVGNT.EXE
Sat May 29 01:05:43 2004 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
Sat May 29 01:05:43 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\AOL\ACS\AOLDial.exe
Sat May 29 01:05:43 2004 => Scanning File C:\Programme\QuickTime\qttask.exe
Sat May 29 01:05:43 2004 => Scanning File C:\Programme\ICQ\ICQNet.exe
Sat May 29 01:05:43 2004 => Scanning File C:\Programme\ScanSoft\OmniPageSE\opware32.exe
Sat May 29 01:05:44 2004 => Scanning File C:\Programme\Real\RealPlayer\RealPlay.exe
Sat May 29 01:05:44 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Sat May 29 01:05:44 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Sat May 29 01:05:44 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Sat May 29 01:05:44 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sat May 29 01:05:44 2004 => Scanning File C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
Sat May 29 01:05:45 2004 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
Sat May 29 01:05:45 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Sat May 29 01:05:45 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Sat May 29 01:05:45 2004 => Scanning File C:\Programme\ICQ\ICQ.exe
Sat May 29 01:05:46 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Sat May 29 01:05:46 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Sat May 29 01:05:46 2004 => Scanning HKCR\txtfile\shell\open\command
Sat May 29 01:05:46 2004 => Scanning HKCR\comfile\shell\open\command
Sat May 29 01:05:46 2004 => Scanning HKCR\exefile\shell\open\command
Sat May 29 01:05:46 2004 => Scanning HKCR\dllfile\shell\open\command
Sat May 29 01:05:46 2004 => Scanning HKCR\batfile\shell\open\command
Sat May 29 01:05:46 2004 => Scanning HKCR\piffile\shell\open\command
Sat May 29 01:05:46 2004 => Scanning HKCR\scrfile\shell\open\command
Sat May 29 01:05:47 2004 => Scanning HKCR\scrfile\shell\config\command
Sat May 29 01:05:47 2004 => Scanning HKCR\regfile\shell\open\command

Sat May 29 01:05:47 2004 => ***** Scanning StartUp Folders *****

Sat May 29 01:05:47 2004 => ***** Scanning C:\Dokumente und Einstellungen\Alex\Startmenü\Programme\Autostart Folder *****
Sat May 29 01:05:47 2004 => Scanning Folder: C:\Dokumente und Einstellungen\Alex\Startmenü\Programme\Autostart\*.*
Sat May 29 01:05:47 2004 => Scanning File C:\Dokumente und Einstellungen\Alex\Startmenü\Programme\Autostart\desktop.ini

Sat May 29 01:05:47 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder *****
Sat May 29 01:05:47 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.*
Sat May 29 01:05:47 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
Sat May 29 01:05:47 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
Sat May 29 01:05:47 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk

Sat May 29 01:05:47 2004 => ***** Scanning Service Files *****
Sat May 29 01:05:47 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Sat May 29 01:05:47 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys
Sat May 29 01:05:47 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPIEC.sys
Sat May 29 01:05:47 2004 => Scanning File C:\WINDOWS\System32\drivers\aec.sys
Sat May 29 01:05:47 2004 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Sat May 29 01:05:47 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\AGRSM.sys
Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\alg.exe
Sat May 29 01:05:48 2004 => Scanning File C:\Programme\AVPersonal\AVGUARD.EXE
Sat May 29 01:05:48 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\arp1394.sys
Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys
Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys
Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys
Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\ATWPKT.SYS
Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys
Sat May 29 01:05:48 2004 => Scanning File C:\PROGRAMME\AVPERSONAL\AVGNTDD.SYS
Sat May 29 01:05:48 2004 => Scanning File C:\Programme\AVPersonal\AVWUPSRV.EXE
Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\bridge.sys
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\bridge.sys
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\Drivers\camdrv30.sys
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\cisvc.exe
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\CmBatt.sys
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\compbatt.sys
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\drivers\cwawdm.sys
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys
Sat May 29 01:05:49 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:49 2004 => ERROR!!! Invalid Entry \??\D:\MEMIO.SYS in SYSTEM\CurrentControlSet\Services\DOSMEMIO...
Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys
Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\e100b325.sys
Sat May 29 01:05:50 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\EPSON\EBAPI\SAgent2.exe
Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\system32\services.exe
Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys
Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\system32\drivers\fwdrv.sys
Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys
Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\hidusb.sys
Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\imapi.exe
Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys
Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys
Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys
Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys
Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys
Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys
Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Sat May 29 01:05:51 2004 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys
Sat May 29 01:05:51 2004 => Scanning File C:\PROGRA~1\Kerio\PERSON~1\kpf4ss.exe
Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:52 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\MACROM~2\Service\MACROM~1.EXE
Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys
Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouhid.sys
Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\msdtc.exe
Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\msiexec.exe
Sat May 29 01:05:52 2004 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\drivers\MSTEE.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\NdisIP.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nic1394.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
Sat May 29 01:05:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ohci1394.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys
Sat May 29 01:05:54 2004 => Scanning File C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pcmcia.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\system32\services.exe
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys
Sat May 29 01:05:54 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\locator.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\rsvp.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sbp2port.sys
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\Ser*hier nicht!*.sys
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sfloppy.sys
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\SLIP.sys
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\StreamIP.sys
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\swld12.sys
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:56 2004 => Scanning File C:\PROGRA~1\T-DSLS~1\TNPACKET.SYS
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat May 29 01:05:56 2004 => Scanning File C:\PROGRA~1\T-DSLS~1\tsmsvc.exe
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:56 2004 => Scanning File C:\WINDOWS\System32\ups.exe
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbehci.sys
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbprint.sys
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbscan.sys
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\vssvc.exe
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wanatw4.sys
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\wanmpsvc.exe
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat May 29 01:05:57 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat May 29 01:05:58 2004 => Scanning File C:\WINDOWS\System32\drivers\A311.sys
Sat May 29 01:05:58 2004 => Scanning File C:\WINDOWS\System32\drivers\A310.sys
Sat May 29 01:05:58 2004 => Scanning File C:\WINDOWS\System32\drivers\ialmsbw.sys
Sat May 29 01:05:58 2004 => Scanning File C:\WINDOWS\System32\drivers\ialmkchw.sys

Sat May 29 01:05:58 2004 => ***** Scanning System32 Folders *****
Sat May 29 01:05:58 2004 => Scanning C:\WINDOWS Directory

Sat May 29 01:05:58 2004 => ***** Checking for specific ITW Viruses *****
Sat May 29 01:05:58 2004 => Checking for Welchia Virus...
Sat May 29 01:05:58 2004 => Checking for LovGate Virus...
Sat May 29 01:05:58 2004 => Checking for CodeRed Virus...
Sat May 29 01:05:58 2004 => Checking for OpaServ Virus...
Sat May 29 01:05:58 2004 => Checking for Sobig.e Virus...
Sat May 29 01:05:58 2004 => Checking for Winupie Virus...
Sat May 29 01:05:58 2004 => Checking for Swen Virus...
Sat May 29 01:05:58 2004 => Checking for JS.Fortnight Virus...
Sat May 29 01:05:58 2004 => Checking for Novarg Virus...

Sat May 29 01:05:58 2004 => ***** Scanning complete. *****

Sat May 29 01:05:58 2004 => Total Number of Files Scanned: 228
Sat May 29 01:05:58 2004 => Total Number of Virus(es) Found: 0
Sat May 29 01:05:58 2004 => Total Number of Disinfected Files: 0
Sat May 29 01:05:59 2004 => Total Number of Files Renamed: 0
Sat May 29 01:05:59 2004 => Total Number of Deleted Files: 0
Sat May 29 01:05:59 2004 => Total Number of Errors: 1
Sat May 29 01:05:59 2004 => Time Elapsed: 00:00:18
Sat May 29 01:05:59 2004 => Virus Database Date: 2004/05/24
Sat May 29 01:05:59 2004 => Virus Database Count: 93203

Sat May 29 01:05:59 2004 => Scan Completed.
Seitenanfang Seitenende
29.05.2004, 01:23
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#22 Das haette auch gereicht..
Sat May 29 01:05:58 2004 => Total Number of Files Scanned: 228
Sat May 29 01:05:58 2004 => Total Number of Virus(es) Found: 0
Sat May 29 01:05:58 2004 => Total Number of Disinfected Files: 0
Sat May 29 01:05:59 2004 => Total Number of Files Renamed: 0
Sat May 29 01:05:59 2004 => Total Number of Deleted Files: 0
Sat May 29 01:05:59 2004 => Total Number of Errors: 1
Sat May 29 01:05:59 2004 => Time Elapsed: 00:00:18
Sat May 29 01:05:59 2004 => Virus Database Date: 2004/05/24
Sat May 29 01:05:59 2004 => Virus Database Count: 93203

Sat May 29 01:05:59 2004 => Scan Completed.

es scheint alles o.k.
Welche Probleme hast du denn ?
----------------------------------------------------------------------------
bridge entfernen: über IE/Extras oder Internetoptionen die TEMP.Int.löschen, incl OFFLINE-Dateien!!!
Dies für alle User wiederholen

-In den abgeicherten Modus gehen (F8 beim Hochfahren druecken)
Dann noch einmal mit dem Antivirenscanner scannen
scannen.
MfG
Sabina
;)
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 29.05.2004 um 01:26 Uhr von Sabina editiert.
Seitenanfang Seitenende
29.05.2004, 01:26
Member

Beiträge: 34
#23

Zitat

Sabina postete
Das haette auch gereicht..
Sat May 29 01:05:58 2004 => Total Number of Files Scanned: 228
Sat May 29 01:05:58 2004 => Total Number of Virus(es) Found: 0
Sat May 29 01:05:58 2004 => Total Number of Disinfected Files: 0
Sat May 29 01:05:59 2004 => Total Number of Files Renamed: 0
Sat May 29 01:05:59 2004 => Total Number of Deleted Files: 0
Sat May 29 01:05:59 2004 => Total Number of Errors: 1
Sat May 29 01:05:59 2004 => Time Elapsed: 00:00:18
Sat May 29 01:05:59 2004 => Virus Database Date: 2004/05/24
Sat May 29 01:05:59 2004 => Virus Database Count: 93203

Sat May 29 01:05:59 2004 => Scan Completed.

es scheint alles o.k.
Welche Probleme hast du denn ?
MfG
Sabina
;)
Mein Virenscanner findet den DR/Bridge.A.2. immernoch. Zumindest hat er das beim letzten Mal gemacht. Genauso wie im ersten Post beschrieben.
Seitenanfang Seitenende
29.05.2004, 01:27
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#24 Start<Ausfuehre< msconfig reinschreiben < dann oeffnet sich ein Fenster und du gehst auf den <Systemstart< dort nimmst du das Haeckchen vor allem raus , was <bridge< ODER a.exe raus.
(man sieht aber unter 04-Eintraegen , dass da nichts ist...) ;)

-dann neustarten
------------------------------------------------------------------------------
-Antivirus aktualisieren (updat)

-AVPE-Guard kurz deaktivieren, und dann über IE/Extras oder Internetoptionen die TEMP.Int.löschen, incl OFFLINE-Dateien!!!----keine Internetverbindung dabei
Dies für alle User wiederholen

-In den abgeicherten Modus gehen (F8 beim Hochfahren druecken)
Dann noch einmal scannen.

MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 29.05.2004 um 01:36 Uhr von Sabina editiert.
Seitenanfang Seitenende
29.05.2004, 01:33
Member

Beiträge: 34
#25 dort nimmst du das Haeckchen vor allem raus , was <bridge< ODER a.exe raus.



--> da gibts nix, bzw. das unter Befehl, bzw. Pfad kann ich nicht ganz lesen, Fenster lässt sich auch nicht vergrößern.....wird mir auhc nicht angezeigt ernn ich die Maus draufhalte.

EDIT: kanns jetzt doch sehen!!

Da ist nichts in der Arte wie du gesagt hast.
Dieser Beitrag wurde am 29.05.2004 um 01:39 Uhr von Camailleon editiert.
Seitenanfang Seitenende
29.05.2004, 01:42
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#26 das war schon aus den 04 -Eintraegen vom HijackThis ersichtlich.
der Dropper ist in den TemporaryInternetFiles
C:\Dokumente und Einstellungen/User\Lokale Einstellungen\Temporary Internet Files\Content.IE5\X3DHG5EW
bridge[1].cab
-----------------------------------------
Antivirus aktualisieren (updat)

-AVPE-Guard kurz deaktivieren, und dann über IE/Extras oder Internetoptionen die TEMP.Int.löschen, incl OFFLINE-Dateien!!!----keine Internetverbindung dabei
Dies für alle User wiederholen

-In den abgeicherten Modus gehen (F8 beim Hochfahren druecken)
Dann noch einmal scannen.

Sabina
;)
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 29.05.2004 um 01:46 Uhr von Sabina editiert.
Seitenanfang Seitenende
29.05.2004, 01:45
Member

Beiträge: 34
#27 Mit meinem Virenscanner nochal scannen oder mit dem mwev?
Seitenanfang Seitenende
29.05.2004, 01:47
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#28 Wenn alle TemporaryInternetFiles und die Offline-Seiten ueber über IE/Extras (InternetOptionen) geloescht sind

oder du loescht direkt ;)InternetExplorer vorher schliessen)
C:\Dokumente und Einstellungen/User\Lokale Einstellungen\Temporary Internet Files\Content.IE5\X3DHG5EW
bridge[1].cab
wenn es da ist...


scanne mit dem Antivir. im abgesicherten Modus
(F8 beim Hochfahren druecken)
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 29.05.2004 um 01:53 Uhr von Sabina editiert.
Seitenanfang Seitenende
29.05.2004, 02:45
Member

Beiträge: 34
#29 Danke Sabina...das Ding ist diesmal nicht wieder aufgetaucht.....ich bin so froh....das kannst du dir gar nicht vorstellen!!!!!

Vielen, vielen Dank!
Seitenanfang Seitenende
06.06.2004, 18:02
...neu hier

Beiträge: 2
#30 Hallo, auch ich habe diesen blöden virus bridge..irgendwas..
kann mir jemand weiterhelfen?

Logfile of HijackThis v1.97.7
Scan saved at 18:01:54, on 06.06.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\AVPersonal\AVSched32.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\msiexec.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.master-search.com/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.master-search.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.master-search.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de/service/redir/ie_t-online.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.master-search.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de;localhost;<local>
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: CAPI Control.lnk = C:\Programme\Eumex 704PC LAN\Capictrl.exe
O4 - Global Startup: HomeNet Control.lnk = C:\Programme\Eumex 704PC LAN\HNetCtrl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de/service/redir/ie_t-online.htm
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.power-url.de/StarInstall.ocx


Danke schonmal im Vorraus ;)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: