Home » Spyware & Browser Hijacker Support Forum » znzz.com./rasautou.exe - automatisches Einwählen nach Systemstart » Themenansicht
znzz.com./rasautou.exe - automatisches Einwählen nach SystemstartThema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
04.01.2005, 21:42
...neu hier
Beiträge: 1 |
||
 
|
|
|
|
05.01.2005, 13:06
Ehrenmitglied
 Beiträge: 29434 |
#32
Hallo@Muchito
<Lade: #AboutBuster www.malwarebytes.biz/AboutBuster.zip Alle Dateien in einen Ordner entpacken, die Readme Datei lesen, dann das Programm (im abgesicherten Modus) ausführen. <CWShredder 2.12 [2004-12-13]-->erst im abgesicherten Modus scannen http://www.majorgeeks.com/download3019.html #eScan http://www.rokop-security.de/board/index.php?showtopic=3867 erstelle den Ordner c:\bases mwav.exe runterladen, die Datei in den Ordner c:\bases (wichtig!) entpacken und danach kavupd.exe (Update- in DOS) ausführen #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {2C96FE91-A253-4C8F-961B-F8AFF0C59FF9} - C:\WINDOWS\System32\jpknp.dll (file missing) O2 - BHO: (no name) - {FAE851F5-C00B-4BBC-86EE-051C5FD69B85} - (no file) <PC neustarten gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml #loesche: <C:\WINDOWS\System32\jpknp.dll #Datenträgerbereinigung: und Löschen der Temporary-Dateien <Start<Ausfuehren--> reinschreiben : cleanmgr loesche nur: #Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k #Loeschen temporaere Dateien[/u] C:\WINDOWS\Temp\ C:\Temp\ C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5 (loesche nicht die index.dat) #Scanne mit : AboutBuster und CWShredder 2.12 #und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen : Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory -->und "Scan " klicken. #Gehe wieder in den Normalmodus ##ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs - Autovervollständigen-Einträge in Web-Formularen des IE (bisher nur Win9x/ME) - Download-Listen des Netscape/Opera #mache bitte folgendes: nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du infected ein  jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw. und ganz unten steht die zusammenfassung, diese auch hier posten  ##Internet Explorer 6 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?displaylang=de&FamilyID=1E1550CB-5E5D-48F5-B02B-20B602228DE6 #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 Poste das Log vom Scan) #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein + das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 05.01.2005 um 13:12 Uhr von Sabina editiert.
|
|
|
|
|
|
|
06.01.2005, 05:58
Member
Beiträge: 11 |
#33
Hallo Sabrina,
also erstmal muss ich mich vor die verneigen ..... Bin auf not auf das Forum hier gestoßen und was du daruf hast: hut ab! Ich habe mir heute morgen ein zeimlich dicken Virus/Trojaner eingefangen, der bei mir mehrere Programme installiert hat, das System langsam gemacht hat und noch abundzu im Internet links in grün macht, die gar keine richtigen sind. Man wird nur auf irgendeine schmutzseite gelotst. Ich hab schon fast alles probiert, aber jetzt bin ich ausgezählt. Folgendes habe ich allesschon gemacht: - Norton Antivirus - Anti Vir -Ad arware - HiJack zu ersten: Logfile of HijackThis v1.99.0 Scan saved at 10:39:16, on 05.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\ltmoh\Ltmoh.exe C:\Programme\SAMSUNG\SENS Keyboard V1 Launcher\SENSKBD.EXE C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mm_server.exe C:\Programme\ScanSoft\PaperPort\pptd40nt.exe C:\Programme\Musicmatch\Musicmatch Jukebox\MMDiag.exe C:\Programme\Brother\ControlCenter2\brctrcen.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\WINDOWS\System32\smss32.exe C:\WINDOWS\System32\afbqzpmz.exe C:\programme\180solutions\sais.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\1&1\SMS-Manager\SMSMngr.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\NMain.exe C:\Dokumente und Einstellungen\Chris\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis199_beta[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.de R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Programme\TV Media\TvmBho.dll O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINDOWS\System32\winhot32.dll O2 - BHO: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\System32\hsrb.dll O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\System32\dsktrf.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: HotSearchBar.com Bar - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - C:\WINDOWS\System32\winhot32.dll O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [SENS Keyboard V1 Launcher] "C:\Programme\SAMSUNG\SENS Keyboard V1 Launcher\SENSKBD.EXE" O4 - HKLM\..\Run: [Microsoft WinUpdates] serm32.exe O4 - HKLM\..\Run: [Windows Update] host32.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [mmtask] C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [mm_server] C:\Programme\Musicmatch\Musicmatch Jukebox\mm_server.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [disc32] C:\WINDOWS\System32\host.exe O4 - HKLM\..\Run: [cryptlogx] C:\WINDOWS\System32\sysspool.exe %srun% O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [UsbD] C:\WINDOWS\System32\smss32.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [TV Media] C:\Programme\TV Media\Tvm.exe O4 - HKLM\..\Run: [hdeumyp] C:\WINDOWS\System32\afbqzpmz.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [sais] c:\programme\180solutions\sais.exe O4 - HKLM\..\Run: [Power Scan] C:\Programme\Power Scan\powerscan.exe O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe O4 - HKLM\..\Run: [zgvebiz] c:\windows\zgvebiz.exe O4 - HKLM\..\Run: [ErrorGuard] C:\Programme\ErrorGuard\ErrorGuard.Exe O4 - HKLM\..\RunServices: [Microsoft WinUpdates] serm32.exe O4 - HKLM\..\RunServices: [Windows Update] host32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SMS-Manager] C:\Programme\1&1\SMS-Manager\SMSMngr.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [logdir] C:\WINDOWS\System32\host.exe O4 - HKCU\..\Run: [syscryptx] C:\WINDOWS\System32\sysspool.exe %srun% O4 - HKCU\..\Run: [TV Media] C:\Programme\TV Media\Tvm.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Preispiraten 2.1.2 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: eBay Homepage - {D4951B60-8FF9-4813-B716-FF3E75386E74} - http://www.preispiraten.de/cgi-bin/e/tracker_short.pl?http://www.ebay.de (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.de O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c18.cab O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http://toolbar.isearch.com/general/drm.cab O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://62.4.84.150/data/sc.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar.com/toolbar2/winhot32.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll O23 - Service: Brother Popup Suspend service for Resource manager - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe auswertung und dannach dann "gefixt" *ggg* neu gestartet. und dann deine Ratschläge hier aus dem Forum alles noch gemacht? - Spybot Search and Destroy -Webwascher -CW Shredder -SpHjfixSPY -Online Scan -mwav-VirusScan -Sygate Personal Firewall installiert -Firefox-Mozilla intalliert und natürlich immer zwischen durch noch AntiVir und Norton dann wieder zum schluß Hijack: Logfile of HijackThis v1.99.0 Scan saved at 16:36:44, on 05.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\SygateFirewall\smc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Programme\Antivir\AVGUARD.EXE C:\Programme\Antivir\AVWUPSRV.EXE C:\WINDOWS\system32\Brmfrmps.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\ltmoh\Ltmoh.exe C:\Programme\SAMSUNG\SENS Keyboard V1 Launcher\SENSKBD.EXE C:\Programme\ICQLite\ICQLite.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mm_server.exe C:\Programme\ScanSoft\PaperPort\pptd40nt.exe C:\Programme\Brother\ControlCenter2\brctrcen.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Antivir\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\1&1\SMS-Manager\SMSMngr.exe C:\Programme\Musicmatch\Musicmatch Jukebox\MMDiag.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\Webroot\Washer\wwDisp.exe C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Dokumente und Einstellungen\Chris\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis199_beta.zip\HijackThis.exe C:\Dokumente und Einstellungen\Chris\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis199_beta.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.de R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali R3 - Default URLSearchHook is missing O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\System32\hsrb.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot search and Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [SENS Keyboard V1 Launcher] "C:\Programme\SAMSUNG\SENS Keyboard V1 Launcher\SENSKBD.EXE" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [mmtask] C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [mm_server] C:\Programme\Musicmatch\Musicmatch Jukebox\mm_server.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [cryptlogx] C:\WINDOWS\System32\sysspool.exe %srun% O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [zgvebiz] c:\windows\zgvebiz.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\Antivir\AVGNT.EXE" /min O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE~1\smc.exe -startgui O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SMS-Manager] C:\Programme\1&1\SMS-Manager\SMSMngr.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [syscryptx] C:\WINDOWS\System32\sysspool.exe %srun% O4 - HKCU\..\Run: [Window Washer] C:\Programme\Webroot\Washer\wwDisp.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Preispiraten 2.1.2 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\Antivir\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Antivir\AVWUPSRV.EXE O23 - Service: Brother Popup Suspend service for Resource manager - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Programme\SygateFirewall\smc.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe nu und nun hab ich laut auswertung immer noch Böse Sachen... Ich krieg echt zuviel. Eine Systemwiederherstellung ist komischerweise auch nicht möglich!??! Weisst du noch irgendwas???? Vielen Danke vorab für deine Hilfe!!!! Rushi |
|
|
|
|
|
|
06.01.2005, 14:10
Ehrenmitglied
Beiträge: 29434 |
#34
Hallo@Rushi
#Windows Explorer -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK" #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms= R3 - Default URLSearchHook is missing O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\System32\hsrb.dll O4 - HKLM\..\Run: [cryptlogx] C:\WINDOWS\System32\sysspool.exe %srun% O4 - HKLM\..\Run: [zgvebiz] c:\windows\zgvebiz.exe O4 - HKCU\..\Run: [syscryptx] C:\WINDOWS\System32\sysspool.exe %srun% O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab PC neustarten Lade die Killbox: http://www.bleepingcomputer.com/files/killbox.php C:\PROGRA~1\ISTbar\istbar.dll C:\WINDOWS\System32\afbqzpmz.exe C:\programme\180solutions\sais.exe C:\WINDOWS\System32\smss32.exe C:\Programme\SideFind\sfbho.dll C:\WINDOWS\System32\toolbar.dll C:\WINDOWS\localNRD.dll C:\WINDOWS\nem220.dll C:\WINDOWS\System32\winhot32.dll C:\WINDOWS\System32\host.exe C:\WINDOWS\System32\sysspool.exe C:\WINDOWS\System32\hsrb.dll C:\WINDOWS\ZServ.dll <Delete File on Reboot <Unregister .dll before deleting.” und klick auf das rote Kreuz, wenn gefragt wird, ob reboot-> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" PC neustarten in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml loeschen temporaere Dateien C:\WINDOWS\Temp\ C:\Temp\ C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5 (loesche nicht die index.dat) #C:\Windows\Downloaded Programm Files\ -->löschen (alles ausser den Antivirenscanns..Symantec) eSCan : und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen : Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory -->und "Scan " klicken. Gehe wieder in den Normalmodus #Hoster-Tool : http://members.aol.com/toadbee/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs - Autovervollständigen-Einträge in Web-Formularen des IE (bisher nur Win9x/ME) - Download-Listen des Netscape/Opera mache bitte folgendes: nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du infected ein jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw. und ganz unten steht die zusammenfassung, diese auch hier posten --------------------------------------------------------------------------------------- Installiere und aktualisiere bitte Adaware: http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5 Lade das vx2 Plugin dafuer und nutze es nach Anleitung: http://www.lavasoft.de/software/addons/vx2cleaner.shtml poste dann das Scanlog: + das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 06.01.2005 um 14:27 Uhr von Sabina editiert.
|
|
|
|
|
|
|
07.01.2005, 06:12
Member
Beiträge: 11 |
#35
Hallo Sabrina,
aarrrg super aufgabe die dum mir gegeben hast. Ich muss jetzt soviel posten, da ich glaube jetzt bist du auch ausgezählt!?!??! 1) bei der killbox: Es gab einige Dateien auf dem System gar nicht mehr, die wir damit killen wollten. Diese wurden jedoch trotzdem eingefügt und mit den roten x Buttom gedückt. <Unregister .dll before deleting.” konnte ich kein Haken setzten, da dies grau hinterlegt wurde. Die Killbox wurde ohne dies durchgeführt. 2) löschen temp Dateinen C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5 (loesche nicht die index.dat) Mit diesem Link konnte ich nichts anfangen da es kein Ordner "user" bei mir gibt. Ich habe jedoch vorsichtig Versucht die Dateien bei alles Benutzern im Ordner §content.ies zu löschen ausser index.dt und desktop.* Hoffe das war richtig. 3) mache bitte folgendes: nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du infected ein Das war die schönste Aufgabe arrrrgggg. es war soviel, das ich es dann in Exel verarbeitet habe. Hierfür sollte man vielleicht mal ein Tool schreiben!?!? Hier wie gewünscht aber die ganzen 200!! aus ca.60000 Zeilen Wed Jan 05 13:31:17 2005 => File C:\WINDOWS\localNRD.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken. Wed Jan 05 13:31:23 2005 => File C:\WINDOWS\ZServ.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken. Wed Jan 05 13:32:06 2005 => File C:\WINDOWS\System32\HeidiNorthcott_11yf05fg.exe infected by "Trojan-Dropper.Win32.Small.nt" Virus. Action Taken: No Action Taken. Wed Jan 05 13:33:55 2005 => File C:\WINDOWS\System32\version.exe infected by "not-a-virus:AdWare.DealHelper.t" Virus. Action Taken: No Action Taken. Jan 05 13:34:25 2005 => Total Disinfected Files: 0 Thu Jan 06 11:36:12 2005 => File C:\WINDOWS\System32\HeidiNorthcott_11yf05fg.exe infected by "Trojan-Dropper.Win32.Small.nt" Virus. Action Taken: No Action Taken. Thu Jan 06 11:37:46 2005 => File C:\WINDOWS\System32\version.exe infected by "not-a-virus:AdWare.DealHelper.t" Virus. Action Taken: No Action Taken. Thu Jan 06 11:38:16 2005 => File C:\DOKUME~1\Chris\LOKALE~1\TEMPOR~1\Content.IE5\LD10MO0W\saveupdate[1].exe infected by "not-a-virus:AdWare.SaveNow.ah" Virus. Action Taken: No Action Taken. Thu Jan 06 11:47:30 2005 => Scanning File C:\Dokumente und Einstellungen\Chris\Desktop\showtopic.php_dateien\infected6xz.gif Thu Jan 06 11:48:32 2005 => File C:\Dokumente und Einstellungen\Chris\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LD10MO0W\saveupdate[1].exe infected by "not-a-virus:AdWare.SaveNow.ah" Virus. Action Taken: No Action Taken. Thu Jan 06 11:52:22 2005 => Scanning Folder: C:\Programme\Antivir\INFECTED\*.* Thu Jan 06 12:04:55 2005 => File C:\Programme\Norton AntiVirus\Quarantine\098D43D9.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:55 2005 => File C:\Programme\Norton AntiVirus\Quarantine\09C40D9C.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:56 2005 => File C:\Programme\Norton AntiVirus\Quarantine\18DF1D90.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:56 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3C7C07C5.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:56 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3D1F3B11.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:56 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3D4308EA.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:56 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3D7154B7.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:57 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3F2B5046.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:57 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3F7D69EC.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:57 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3F8013E8.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:57 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3F940FD3.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:58 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3F9E0DC8.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. hu Jan 06 12:04:58 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3FB85DAB.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:59 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3FDF5580.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken Thu Jan 06 12:04:59 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4167697B.tmp infected by "Trojan-Downloader.Win32.Dyfuca.dp" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:59 2005 => File C:\Programme\Norton AntiVirus\Quarantine\41AF1F82.exe infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:59 2005 => File C:\Programme\Norton AntiVirus\Quarantine\42834898.exe infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:59 2005 => File C:\Programme\Norton AntiVirus\Quarantine\43B33E59.tmp infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. Thu Jan 06 12:04:59 2005 => File C:\Programme\Norton AntiVirus\Quarantine\463C2C7F.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:05:00 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4640567B.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:05:00 2005 => File C:\Programme\Norton AntiVirus\Quarantine\49F93A62.bat infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:05:00 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4CC20CB6.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:05:00 2005 => File C:\Programme\Norton AntiVirus\Quarantine\513F3662.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:05:01 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5142605E.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:05:01 2005 => File C:\Programme\Norton AntiVirus\Quarantine\528272FE.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Thu Jan 06 12:05:01 2005 => File C:\Programme\Norton AntiVirus\Quarantine\63587076.isc infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:05:02 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6712545D.noz infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:05:02 2005 => File C:\Programme\Norton AntiVirus\Quarantine\680D5391.tmp infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:05:02 2005 => File C:\Programme\Norton AntiVirus\Quarantine\682B6F28.piz infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:05:02 2005 => File C:\Programme\Norton AntiVirus\Quarantine\689004B9.tmp infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. Thu Jan 06 12:05:03 2005 => File C:\Programme\Norton AntiVirus\Quarantine\76C264FB.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Thu Jan 06 12:06:13 2005 => File C:\Programme\tv media\TvmBho.dll infected by "not-a-virus:AdWare.SurfSide.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:04 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP72\A0020326.exe infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:04 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP72\A0020328.exe infected by "I-Worm.Sober.i" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:05 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP72\A0020331.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:06 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP72\A0020336.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:06 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP72\A0020337.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:39 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0023573.exe infected by "TrojanDropper.Win32.Small.gt" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:40 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0023574.exe infected by "Trojan-Downloader.Win32.Dyfuca.dp" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:40 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0023577.exe infected by "TrojanDownloader.Win32.IstBar.er" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:40 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0023578.dll infected by "TrojanDownloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:40 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0023583.dll infected by "not-a-virus:AdWare.ToolBar.ISearch.b" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:40 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0023586.dll infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.a" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:41 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0023596.exe infected by "Trojan-Downloader.Win32.Dyfuca.dp" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:41 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0023599.exe infected by "not-a-virus:AdWare.DealHelper.t" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:42 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0023608.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:42 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0023609.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:42 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0023610.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:44 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0023628.dll infected by "not-a-virus:AdWare.EZula.ae" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:44 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0023631.dll infected by "not-a-virus:AdWare.SurfSide.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:45 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0024626.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:45 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0024628.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Thu Jan 06 12:34:59 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0024656.exe infected by "Trojan-Downloader.Win32.Dyfuca.ds" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:00 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0024659.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:00 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0024660.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:05 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP74\A0024694.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:12 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024747.dll infected by "TrojanDownloader.Win32.Dyfuca.dc" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:12 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024748.dll infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.a" Virus. Action Taken: No Action Taken. 12:35:12 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024749.exe infected by "Trojan-Downloader.Win32.TSUpdate.g" Virus. Action Taken: No Action Taken. Jan 06 12:35:12 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024750.exe infected by "TrojanDownloader.Win32.TSUpdate.f" Virus. Action Taken: No Action Taken. Jan 06 12:35:13 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024751.exe infected by "Trojan-Downloader.Win32.TSUpdate.i" Virus. Action Taken: No Action Taken. Jan 06 12:35:13 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024752.dll infected by "not-a-virus:AdWare.ToolBar.ISearch.b" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:13 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024753.exe infected by "TrojanDownloader.Win32.TSUpdate.f" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:13 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024754.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken. Jan 06 12:35:14 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024755.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:14 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024756.dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:14 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024757.dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:14 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024758.exe infected by "not-a-virus:AdWare.WinComm" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:14 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024759.dll infected by "TrojanDownloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:14 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024760.exe infected by "TrojanDownloader.Win32.IstBar.er" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:15 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024761.dll infected by "Trojan-Downloader.Win32.IstBar.gf" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:15 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024762.EXE infected by "TrojanDownloader.Win32.TSUpdate.f" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:15 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024763.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:15 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024764.dll infected by "TrojanDownloader.Win32.Rameh.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:15 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024765.exe infected by "Trojan-Downloader.Win32.Dyfuca.dp" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:15 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024763.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:15 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024764.dll infected by "TrojanDownloader.Win32.Rameh.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:15 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024765.exe infected by "Trojan-Downloader.Win32.Dyfuca.dp" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:16 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024766.exe infected by "TrojanDropper.Win32.Small.gt" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:16 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024769.exe infected by "Trojan-Downloader.Win32.Dyfuca.ds" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:16 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP75\A0024772.exe infected by "TrojanDownloader.Win32.TSUpdate.f" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:20 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP76\A0025750.exe infected by "not-a-virus:AdWare.DealHelper.t" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:20 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP76\A0025759.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:20 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP76\A0025760.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:20 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP76\A0025761.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:21 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP76\A0025767.exe infected by "Trojan-Downloader.Win32.TSUpdate.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:21 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP76\A0025769.exe infected by "Trojan-Downloader.Win32.TSUpdate.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:21 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP76\A0025770.exe infected by "Trojan-Downloader.Win32.TSUpdate.h" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:22 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP76\A0025774.dll infected by "not-a-virus:AdWare.EZula.ae" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:22 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP76\A0025776.dll infected by "not-a-virus:AdWare.SurfSide.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:23 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP76\A0025781.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:23 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP76\A0025782.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:23 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP76\A0025783.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:26 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025826.exe infected by "not-a-virus:AdWare.DealHelper.t" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:26 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025830.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:26 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025831.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:27 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025835.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:27 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025836.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:27 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025836.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:27 2005 => Scanning File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025843.exe Thu Jan 06 12:35:27 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025845.exe infected by "Trojan-Downloader.Win32.TSUpdate.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:27 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025846.exe infected by "Trojan-Downloader.Win32.TSUpdate.h" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:28 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025850.dll infected by "not-a-virus:AdWare.EZula.ae" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:28 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025852.dll infected by "not-a-virus:AdWare.SurfSide.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:29 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025857.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:30 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025858.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:30 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP77\A0025859.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:32 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP78\A0025900.exe infected by "not-a-virus:AdWare.DealHelper.t" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:38 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0025976.exe infected by "not-a-virus:AdWare.DealHelper.t" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:38 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0025980.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:39 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0025981.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:39 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0025985.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:39 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0025986.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:39 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0025987.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:40 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0025993.exe infected by "Trojan-Downloader.Win32.TSUpdate.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:40 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0025995.exe infected by "Trojan-Downloader.Win32.TSUpdate.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:40 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0025996.exe infected by "Trojan-Downloader.Win32.TSUpdate.h" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:41 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0026000.dll infected by "not-a-virus:AdWare.EZula.ae" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:41 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0026002.dll infected by "not-a-virus:AdWare.SurfSide.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:42 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0026007.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:42 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0026008.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:42 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP79\A0026009.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:45 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026058.exe infected by "not-a-virus:AdWare.DealHelper.t" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:45 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026062.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:45 2005 => Scanning File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026063.exe Thu Jan 06 12:35:45 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026063.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:45 2005 => Scanning File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026064.exe Thu Jan 06 12:35:45 2005 => Scanning File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026065.cfg Thu Jan 06 12:35:45 2005 => Scanning File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026066.src Thu Jan 06 12:35:45 2005 => Scanning File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026067.dll Thu Jan 06 12:35:45 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026067.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:45 2005 => Scanning File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026068.dll Thu Jan 06 12:35:45 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026068.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:45 2005 => Scanning File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026069.exe Thu Jan 06 12:35:46 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026069.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:47 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026084.dll infected by "not-a-virus:AdWare.SurfSide.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:48 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026089.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:48 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP80\A0026091.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:51 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP81\A0026135.exe infected by "not-a-virus:AdWare.DealHelper.t" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:51 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP81\A0026144.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:51 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP81\A0026145.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:51 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP81\A0026146.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:53 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP81\A0026159.dll infected by "not-a-virus:AdWare.EZula.ae" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:53 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP81\A0026161.dll infected by "not-a-virus:AdWare.SurfSide.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:54 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP81\A0026166.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:54 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP81\A0026168.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:56 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP81\A0026194.dll infected by "Trojan-Downloader.Win32.Small.afm" Virus. Action Taken: No Action Taken. Thu Jan 06 12:35:57 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026219.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:03 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026304.exe infected by "not-a-virus:AdWare.DealHelper.t" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:04 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026313.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:04 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026314.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:04 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026315.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:05 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026328.dll infected by "not-a-virus:AdWare.EZula.ae" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:06 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026330.dll infected by "not-a-virus:AdWare.SurfSide.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:07 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026335.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:07 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026337.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:16 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026407.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:17 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026408.exe infected by "Trojan-Downloader.Win32.IstBar.gt" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:17 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026409.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:17 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026410.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:17 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026411.exe infected by "TrojanDownloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:17 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026413.exe infected by "Trojan-Proxy.Win32.Agent.cj" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:18 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026414.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:18 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP82\A0026415.EXE infected by "TrojanDownloader.Win32.Small.wk" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:18 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP83\A0026418.exe infected by "not-a-virus:AdWare.EZula.ac" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:19 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP83\A0026427.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:19 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP83\A0026428.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:19 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP83\A0026429.exe infected by "not-a-virus:AdWare.BiSpy.o" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:19 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP83\A0026432.dll infected by "not-a-virus:AdWare.SurfSide.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:20 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP83\A0026436.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:45 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP85\A0027624.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:45 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP85\A0027625.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:46 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP85\A0027634.dll infected by "not-a-virus:AdWare.EZula.ae" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:46 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP85\A0027635.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:46 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP85\A0027636.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:46 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP85\A0027638.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken. Thu Jan 06 12:36:48 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP85\A0027674.exe infected by "Trojan-Downloader.Win32.Dyfuca.ds" Virus. Action Taken: No Action Taken. Thu Jan 06 12:37:30 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP88\A0027890.exe infected by "not-a-virus:AdWare.SaveNow.af" Virus. Action Taken: No Action Taken. Thu Jan 06 12:37:33 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP88\A0027913.exe infected by "not-a-virus:AdWare.SaveNow.ah" Virus. Action Taken: No Action Taken. Thu Jan 06 12:37:33 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP88\A0027914.exe infected by "not-a-virus:AdWare.SaveNow.m" Virus. Action Taken: No Action Taken. Thu Jan 06 12:37:35 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP88\A0027932.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken. Thu Jan 06 12:37:35 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP88\A0027937.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken. Thu Jan 06 12:37:35 2005 => File C:\System Volume Information\_restore{38BE7273-0CA1-4182-9502-6EF068CB3559}\RP88\A0027941.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken. Thu Jan 06 12:38:31 2005 => File C:\WINDOWS\Downloaded Program Files\instafin.dll infected by "Trojan.Win32.Delf.gh" Virus. Action Taken: No Action Taken. Thu Jan 06 13:04:15 2005 => File C:\WINDOWS\system32\HeidiNorthcott_11yf05fg.exe infected by "Trojan-Dropper.Win32.Small.nt" Virus. Action Taken: No Action Taken. Thu Jan 06 13:06:36 2005 => File C:\WINDOWS\system32\version.exe infected by "not-a-virus:AdWare.DealHelper.t" Virus. Action Taken: No Action Taken Thu Jan 06 13:08:27 2005 => File C:\WINDOWS\Downloaded Program Files\instafin.dll infected by "Trojan.Win32.Delf.gh" Virus. Action Taken: No Action Taken. Thu Jan 06 13:48:58 2005 => File C:\WINDOWS\system32\HeidiNorthcott_11yf05fg.exe infected by "Trojan-Dropper.Win32.Small.nt" Virus. Action Taken: No Action Taken. Thu Jan 06 13:53:51 2005 => File C:\WINDOWS\system32\version.exe infected by "not-a-virus:AdWare.DealHelper.t" Virus. Action Taken: No Action Taken. Jan 06 13:55:24 2005 => ***** Checking for specific ITW Viruses ***** Thu Jan 06 13:55:24 2005 => Checking for Welchia Virus... Thu Jan 06 13:55:24 2005 => Checking for LovGate Virus... Thu Jan 06 13:55:24 2005 => Checking for CodeRed Virus... Thu Jan 06 13:55:24 2005 => Checking for OpaServ Virus... Thu Jan 06 13:55:24 2005 => Checking for Sobig.e Virus... Thu Jan 06 13:55:24 2005 => Checking for Winupie Virus... Thu Jan 06 13:55:24 2005 => Checking for Swen Virus... Thu Jan 06 13:55:24 2005 => Checking for JS.Fortnight Virus... Thu Jan 06 13:55:24 2005 => Checking for Novarg Virus... Thu Jan 06 13:55:24 2005 => Checking for Pagabot Virus... Thu Jan 06 13:55:24 2005 => Checking for Parite.b Virus... Thu Jan 06 13:55:24 2005 => Checking for Parite.a Virus... Thu Jan 06 13:55:24 2005 => ***** Scanning complete. ***** Thu Jan 06 13:55:24 2005 => Total Files Scanned: 65673 Thu Jan 06 13:55:24 2005 => Total Virus(es) Found: 205 Thu Jan 06 13:55:24 2005 => Total Disinfected Files: 0 Thu Jan 06 13:55:24 2005 => Total Files Renamed: 0 Thu Jan 06 13:55:24 2005 => Total Deleted Files: 0 Thu Jan 06 13:55:25 2005 => Total Errors: 65 Thu Jan 06 13:55:25 2005 => Time Elapsed: 02:20:30 Thu Jan 06 13:55:25 2005 => Virus Database Date: 2005/01/05 Thu Jan 06 13:55:25 2005 => Virus Database Count: 114704 Thu Jan 06 13:55:25 2005 => Scan Completed. 4) Adaware + vx2 Hier das Scanlog: Die neuen kritischen Objekte wurden entfernt. Ad-Aware SE Build 1.05 Logfile Created on  onnerstag, 6. Januar 2005 16:43:54Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R24 29.12.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):28 total references WhenU(TAC index:10):4 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 06.01.2005 16:43:54 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 896 ThreadCreationTime : 07.01.2005 02:00:13 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 944 ThreadCreationTime : 07.01.2005 02:00:15 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 968 ThreadCreationTime : 07.01.2005 02:00:15 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1016 ThreadCreationTime : 07.01.2005 02:00:15 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1028 ThreadCreationTime : 07.01.2005 02:00:15 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1196 ThreadCreationTime : 07.01.2005 02:00:16 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1240 ThreadCreationTime : 07.01.2005 02:00:16 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [smc.exe] FilePath : C:\Programme\SygateFirewall\ ProcessID : 1284 ThreadCreationTime : 07.01.2005 02:00:16 BasePriority : Normal FileVersion : 5.6.00.2808 ProductVersion : 5.6.00.2808 ProductName : Sygate® Security Agent and Personal Firewall CompanyName : Sygate Technologies, Inc. FileDescription : Sygate Agent Firewall InternalName : Smc LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved. OriginalFilename : Smc.EXE #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1488 ThreadCreationTime : 07.01.2005 02:00:18 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1512 ThreadCreationTime : 07.01.2005 02:00:18 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsetmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1776 ThreadCreationTime : 07.01.2005 02:00:20 BasePriority : Normal FileVersion : 103.0.1.26 ProductVersion : 103.0.1.26 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [sndsrvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1788 ThreadCreationTime : 07.01.2005 02:00:20 BasePriority : Normal FileVersion : 5.4.3.11 ProductVersion : 5.4 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:13 [spbbcsvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\ ProcessID : 1800 ThreadCreationTime : 07.01.2005 02:00:20 BasePriority : Normal FileVersion : 1,0,1,47 ProductVersion : 1,0,1,47 ProductName : SPBBC CompanyName : Symantec Corporation FileDescription : SPBBC Service InternalName : SPBBCSvc LegalCopyright : Copyright (c) 2004 Symantec Corporation. All rights reserved. OriginalFilename : SPBBCSvc.exe #:14 [ccevtmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1876 ThreadCreationTime : 07.01.2005 02:00:21 BasePriority : Normal FileVersion : 103.0.1.26 ProductVersion : 103.0.1.26 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:15 [brsvc01a.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1992 ThreadCreationTime : 07.01.2005 02:00:21 BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : brother Industries Ltd brsvc01a CompanyName : brother Industries Ltd FileDescription : brsvc01a InternalName : brsvc01a LegalCopyright : Copyright © Brother Industries, Ltd 2001 OriginalFilename : brsvc01a.exe #:16 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2008 ThreadCreationTime : 07.01.2005 02:00:21 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:17 [brss01a.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2020 ThreadCreationTime : 07.01.2005 02:00:21 BasePriority : Normal FileVersion : 1.004 ProductVersion : 1, 0, 0, 4 ProductName : brother Industries Ltd brss01a.exe CompanyName : brother Industries Ltd FileDescription : brss01a.exe InternalName : brss01a.exe LegalCopyright : Copyright ? 2001 OriginalFilename : brss01a.exe Comments : Brsplproc XP wrapper #:18 [avguard.exe] FilePath : C:\Programme\Antivir\ ProcessID : 256 ThreadCreationTime : 07.01.2005 02:00:21 BasePriority : Normal #:19 [avwupsrv.exe] FilePath : C:\Programme\Antivir\ ProcessID : 292 ThreadCreationTime : 07.01.2005 02:00:21 BasePriority : Normal #:20 [brmfrmps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 340 ThreadCreationTime : 07.01.2005 02:00:21 BasePriority : Normal FileVersion : 1.10.10.144 ProductVersion : 1.45.11.403 ProductName : Brother MFL Pro CompanyName : Brother Industries, Ltd. FileDescription : Brother Popup Suspend service ( for R/M ) InternalName : Brother Popup Suspend service for Brother MFL-PRO Resource Manager LegalCopyright : Copyright (C) 2002 brother OriginalFilename : BrmfRmps.exe #:21 [navapsvc.exe] FilePath : C:\Programme\Norton AntiVirus\ ProcessID : 384 ThreadCreationTime : 07.01.2005 02:00:21 BasePriority : Normal FileVersion : 11.0.6.1 ProductVersion : 11.0.6 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:22 [npfmntor.exe] FilePath : C:\Programme\Norton AntiVirus\IWP\ ProcessID : 480 ThreadCreationTime : 07.01.2005 02:00:21 BasePriority : Normal FileVersion : 11.0.6.1 ProductVersion : 11.0.6 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Firewall Install Monitor InternalName : NPFMonitor LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. OriginalFilename : NPFMonitor.EXE #:23 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 596 ThreadCreationTime : 07.01.2005 02:00:22 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:24 [symlcsvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\ ProcessID : 608 ThreadCreationTime : 07.01.2005 02:00:22 BasePriority : Normal FileVersion : 1, 8, 54, 534 ProductVersion : 1, 8, 54, 534 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright (C) 2003 OriginalFilename : symlcsvc.exe #:25 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 752 ThreadCreationTime : 07.01.2005 02:00:23 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:26 [wmiprvse.exe] FilePath : C:\WINDOWS\System32\wbem\ ProcessID : 1348 ThreadCreationTime : 07.01.2005 02:00:28 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe #:27 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 708 ThreadCreationTime : 07.01.2005 02:01:32 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:28 [hkcmd.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2092 ThreadCreationTime : 07.01.2005 02:01:35 BasePriority : Normal FileVersion : 3,0,0,2104 ProductVersion : 7,0,0,2104 ProductName : Intel(R) Common User Interface CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD LegalCopyright : Copyright 1999-2003, Intel Corporation OriginalFilename : HKCMD.EXE #:29 [agrsmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 2108 ThreadCreationTime : 07.01.2005 02:01:36 BasePriority : Normal FileVersion : 2.1.21 2.1.21 11/21/2002 14:17:53 ProductVersion : 2.1.21 2.1.21 11/21/2002 14:17:53 ProductName : Agere SoftModem Messaging Applet CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Agere Systems 1998-2000 OriginalFilename : smdmstat.exe #:30 [ltmoh.exe] FilePath : C:\Programme\ltmoh\ ProcessID : 2168 ThreadCreationTime : 07.01.2005 02:01:36 BasePriority : Normal FileVersion : 1.68 ProductVersion : 1.68 ProductName : LtMoh Application CompanyName : Agere Systems FileDescription : LtMoh MFC Application InternalName : LtMoh LegalCopyright : Agere Copyright © 2001-2002 LegalTrademarks : LT OriginalFilename : LtMoh.EXE #:31 [senskbd.exe] FilePath : C:\Programme\SAMSUNG\SENS Keyboard V1 Launcher\ ProcessID : 2280 ThreadCreationTime : 07.01.2005 02:01:37 BasePriority : Normal FileVersion : 1, 0, 1, 0 ProductVersion : 1, 0, 1, 0 ProductName : SENS Keyboard V1 Launcher CompanyName : SAMSUNG Electronics Co., Ltd. FileDescription : SENS Keyboard V1 Launcher InternalName : SENS Keyboard V1 Launcher LegalCopyright : SAMSUNG Electronics Co., Ltd. LegalTrademarks : SENS Keyboard V1 Launcher OriginalFilename : SensKbd.exe #:32 [icqlite.exe] FilePath : C:\Programme\ICQLite\ ProcessID : 2364 ThreadCreationTime : 07.01.2005 02:01:38 BasePriority : Normal FileVersion : 555 ProductVersion : 1, 0, 0 ProductName : ICQLite CompanyName : ICQ Ltd. FileDescription : ICQLite InternalName : ICQ Lite LegalCopyright : Copyright (C) 2002 OriginalFilename : ICQLite.exe #:33 [mmtask.exe] FilePath : C:\Programme\Musicmatch\Musicmatch Jukebox\ ProcessID : 2472 ThreadCreationTime : 07.01.2005 02:01:38 BasePriority : Normal FileVersion : 9.0.0.1 ProductVersion : 9.0.0.1 ProductName : Musicmatch Jukebox CompanyName : Musicmatch Inc. FileDescription : <Musicmatch System Tray Application> InternalName : mmtask.exe LegalCopyright : (c) Musicmatch Inc.. All rights reserved. OriginalFilename : mmtask.exe #:34 [jusched.exe] FilePath : C:\Programme\Java\j2re1.4.2_06\bin\ ProcessID : 2612 ThreadCreationTime : 07.01.2005 02:01:39 BasePriority : Normal #:35 [mm_server.exe] FilePath : C:\Programme\Musicmatch\Musicmatch Jukebox\ ProcessID : 2624 ThreadCreationTime : 07.01.2005 02:01:40 BasePriority : Normal FileVersion : 9.0.0.1 ProductVersion : 9.0.0.1 ProductName : Musicmatch Jukebox CompanyName : Musicmatch Inc. FileDescription : Musicmatch Music Server InternalName : MusicServer.exe LegalCopyright : (c) Musicmatch Inc.. All rights reserved. OriginalFilename : MusicServer.exe #:36 [pptd40nt.exe] FilePath : C:\Programme\ScanSoft\PaperPort\ ProcessID : 2692 ThreadCreationTime : 07.01.2005 02:01:40 BasePriority : Normal FileVersion : 9.0 ProductVersion : 9.0 ProductName : PaperPort CompanyName : ScanSoft, Inc. FileDescription : PaperPort Print to Desktop for NT InternalName : PPTD40NT LegalCopyright : Copyright © 1993-2004 ScanSoft, Inc. OriginalFilename : PPTD40NT.EXE #:37 [brctrcen.exe] FilePath : C:\Programme\Brother\ControlCenter2\ ProcessID : 2752 ThreadCreationTime : 07.01.2005 02:01:41 BasePriority : Normal #:38 [qttask.exe] FilePath : C:\Programme\QuickTime\ ProcessID : 2764 ThreadCreationTime : 07.01.2005 02:01:41 BasePriority : Normal FileVersion : 6.4 ProductVersion : QuickTime 6.4 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2003 OriginalFilename : QTTask.exe #:39 [ccapp.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 2812 ThreadCreationTime : 07.01.2005 02:01:42 BasePriority : Normal FileVersion : 103.0.1.26 ProductVersion : 103.0.1.26 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:40 [avgnt.exe] FilePath : C:\Programme\Antivir\ ProcessID : 2964 ThreadCreationTime : 07.01.2005 02:01:43 BasePriority : Normal #:41 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3028 ThreadCreationTime : 07.01.2005 02:01:44 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:42 [mmdiag.exe] FilePath : C:\Programme\Musicmatch\Musicmatch Jukebox\ ProcessID : 3036 ThreadCreationTime : 07.01.2005 02:01:44 BasePriority : Normal FileVersion : 9.00.0156 ProductVersion : 9.00.0156 ProductName : Musicmatch Jukebox CompanyName : Musicmatch, Inc. FileDescription : Logging and tracing manager InternalName : MMTraceExe LegalCopyright : Copyright © Musicmatch 1998-2004 LegalTrademarks : OriginalFilename : MMTraceExe.EXE #:43 [msmsgs.exe] FilePath : C:\Programme\Messenger\ ProcessID : 3068 ThreadCreationTime : 07.01.2005 02:01:44 BasePriority : Normal FileVersion : 4.7.2009 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:44 [smsmngr.exe] FilePath : C:\Programme\1&1\SMS-Manager\ ProcessID : 3080 ThreadCreationTime : 07.01.2005 02:01:44 BasePriority : Normal FileVersion : 1.11.6.1 ProductVersion : 1.11.2.1 ProductName : SMS-Manager CompanyName : Schlund+Partner AG FileDescription : SMS-Manager LegalCopyright : Copyright (C) 2003-2004 Schlund+Partner AG - Copyright (C) 2001-2002 W+R Software GmbH #:45 [wcescomm.exe] FilePath : C:\Programme\Microsoft ActiveSync\ ProcessID : 3172 ThreadCreationTime : 07.01.2005 02:01:45 BasePriority : Normal FileVersion : 3.7.0.3083 ProductVersion : 3.7.3083 ProductName : Microsoft ActiveSync CompanyName : Microsoft Corporation FileDescription : Connection Manager InternalName : wcescomm LegalCopyright : Copyright © 1995-2003 Microsoft Corp. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. OriginalFilename : WCESCOMM.EXE #:46 [wwdisp.exe] FilePath : C:\Programme\Webroot\Washer\ ProcessID : 3336 ThreadCreationTime : 07.01.2005 02:01:48 BasePriority : Normal FileVersion : 5.5.1.240 ProductVersion : 5.5 ProductName : Window Washer CompanyName : Webroot Software FileDescription : Window Washer hard disk cleaning utility InternalName : wwDisp.exe LegalCopyright : Copyright (c) 1999, 2004 All Rights Reserved LegalTrademarks : Window Washe |
|
|
|
|
|
|
07.01.2005, 06:15
Member
Beiträge: 11 |
#36
Zweites Posting: (Euer Fourm hat wahrscheinlich eine begrenzte Anzahl an Zeichen ;-)
Fortsetzung. #:47 [ymsgr_tray.exe] FilePath : C:\Programme\Yahoo!\Messenger\ ProcessID : 2680 ThreadCreationTime : 07.01.2005 02:02:05 BasePriority : Normal #:48 [firefox.exe] FilePath : C:\Programme\Mozilla Firefox\ ProcessID : 3528 ThreadCreationTime : 07.01.2005 02:02:31 BasePriority : Normal #:49 [ad-aware.exe] FilePath : C:\Programme\Ad-Aware Anti-Spy\ ProcessID : 3516 ThreadCreationTime : 07.01.2005 04:43:46 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WhenU Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wusn.1 WhenU Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wusn.1 Value : WUSN_Id WhenU Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-4248314152-2305286224-2376936142-1004\software\whenu Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 3 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 3 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 3 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 3 Disk Scan Result for C:\WINDOWS\System32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 3 Disk Scan Result for C:\DOKUME~1\Chris\LOKALE~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 3 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 3 MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\office\9.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\mediaplayer\player\settings Description : last save as directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\musicmatch Description : download location of the musicmatch installer MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio Description : information on the last station listened to using musicmatch radio MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\mediaplayer\preferences Description : last search path used in microsoft windows media player MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv Description : file conversion location settings in musicmatch jukebox MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-4248314152-2305286224-2376936142-1004\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Chris\recent Description : list of recently opened documents Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WhenU Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\whenu Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 32 16:47:18 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:03:24.223 Objects scanned:62378 Objects identified:4 Objects ignored:0 New critical objects:4 5) neues HiJack log Logfile of HijackThis v1.99.0 Scan saved at 16:58:56, on 06.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\SygateFirewall\smc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Programme\Antivir\AVGUARD.EXE C:\Programme\Antivir\AVWUPSRV.EXE C:\WINDOWS\system32\Brmfrmps.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\ltmoh\Ltmoh.exe C:\Programme\SAMSUNG\SENS Keyboard V1 Launcher\SENSKBD.EXE C:\Programme\ICQLite\ICQLite.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mm_server.exe C:\Programme\ScanSoft\PaperPort\pptd40nt.exe C:\Programme\Brother\ControlCenter2\brctrcen.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Antivir\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Musicmatch\Musicmatch Jukebox\MMDiag.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\1&1\SMS-Manager\SMSMngr.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\Webroot\Washer\wwDisp.exe C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Chris\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis199_beta.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot search and Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [SENS Keyboard V1 Launcher] "C:\Programme\SAMSUNG\SENS Keyboard V1 Launcher\SENSKBD.EXE" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [mmtask] C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [mm_server] C:\Programme\Musicmatch\Musicmatch Jukebox\mm_server.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\Antivir\AVGNT.EXE" /min O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE~1\smc.exe -startgui O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SMS-Manager] C:\Programme\1&1\SMS-Manager\SMSMngr.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Window Washer] C:\Programme\Webroot\Washer\wwDisp.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Preispiraten 2.1.2 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\Antivir\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Antivir\AVWUPSRV.EXE O23 - Service: Brother Popup Suspend service for Resource manager - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Programme\SygateFirewall\smc.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe Diesen schaut soweit ganz gut aus nach der Auswertung!!!! Nichts rotes und alle gelben anwendungen sind mir bekannt, jedoch ist mein System total langsam. Woran liegt das? Kann man dagegen was machen??? Ich habe jetzt sehr viele Programme heruntergeladen, was würdest du dann empfehlen alles zu behalten??? Ich hab mehrere Postings von dir gelsen und ganz ganz viel freeware runtergeladen. Sooo.. nun erstmal ein dickes Dankeschön vorab. Aber ich denke wie sind noch nicht am Ende nach dem riesen Posting ;-) ;-) Wäre nett wenn du kurz auf meine Fragen auch eingehen kannst. Riesen Arbeit gehabt normalerweise müste man echt dem Verbreiter richtig eins auf die zwölf geben ;-) und das alles passiert bei einer "Lizenzsicherung" bestätigung von WindwosMediaPalyer 10!!!!!! Jetzt werde ich das programm nicht mehr nutzen!!!! Und würde allen Empfelen auch hier umzusteigen auf den ZoomPlayer!!! Vielen Vielen Dank Rush Dieser Beitrag wurde am 07.01.2005 um 11:28 Uhr von Sabina editiert.
|
|
|
|
|
|
|
07.01.2005, 11:27
Ehrenmitglied
Beiträge: 29434 |
#37
Hallo@Rushi
Zuerst deaktivierst du die Wiederherstellung (nach Neustart wieder aktivieren) Deaktivieren Wiederherstellung «XP http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924 dann kopierst du in die Killbox: C:\WINDOWS\localNRD.dll C:\WINDOWS\ZServ.dll C:\WINDOWS\System32\HeidiNorthcott_11yf05fg.exe C:\WINDOWS\System32\version.exe C:\Programme\tv media\TvmBho.dll ---->[infected AdWare.SurfSide.c"] PC neustarten Leere: C:\DOKUME~1\Chris\LOKALE~1\TEMPOR~1\Content.IE5\ (mit "user" ist natuerlich der Benutzername " gemeint  C:\DOKUME~1\Chris\LOKALE~1\TEMPOR~1\Content.IE5\LD10MO0W\saveupdate[1].exe deinstalliere: C:\Programme\Antivir\AVGNT.EXE" /min (zwei Virenscanner machen das System so langsam) dann scannst du noch mal mit eSCan (es muss (ausser den Norton-Eintraegen) alles sauber bleiben, #TuneUp2004 (30 Tage free) http://www.tuneup.de/products/tuneup-utilities/ Cleanup repair -->TuneUp Diskcleaner Cleanup repair -->Registry Cleaner (ohne Internetverbindung und ohne Programme zu oeffnen) Defragmentierungs-Option arbeitsplatz--> lokaler datenträger--> rechtsklick--> eigenschaften--> extras--> jetzt defragmentieren dann berichte , wie es laeuft. das Log ist sauber __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 07.01.2005 um 11:32 Uhr von Sabina editiert.
|
|
|
|
|
|
|
07.01.2005, 12:31
Member
Beiträge: 11 |
#38
Hallo Sabrina,
"Das System ist sauber"??? Schön wäre es. Anti Vir gibt mir alle paar Minuten neue Viren/Trojaner bekannt?!?!? Was für Programme soll ich für diese Attacken weiterhin behalten? Meine Frage von oben, bitte nochmal schauen. Hast du dir denn die gesamten Log´s, die ich gepostet habe, angesehen?? ;-) RUSH |
|
|
|
|
|
|
08.01.2005, 11:03
Member
Beiträge: 11 |
#39
Hallo Sabrina,
Problem: Dein Posting: Leere: C:\DOKUME~1\Chris\LOKALE~1\TEMPOR~1\Content.IE5\ (mit "user" ist natuerlich der Benutzername " gemeint C:\DOKUME~1\Chris\LOKALE~1\TEMPOR~1\Content.IE5\LD10MO0W\saveupdate[1].exe Der Ordner Content.IE5 ist nicht vorhanden!!!! Ich habe alle aus Temporay Internet.... gelöscht. Somit ist auch nicht fer Orner "LD10MO0W" vorhanden und cih kann die exe Datei nicht entfernen!?? Was soll ich tun? |
|
|
|
|
|
|
08.01.2005, 15:13
Ehrenmitglied
Beiträge: 29434 |
#40
Hallo@Rushi
drei: Aufgaben: #Start<Ausfuehren<regedit HKEY_USERS\ S-1-5-21-4248314152-2305286224-2376936142-1004\software\ loesche: whenu #scanne mit Antivirus im abgesicherten Modus und poste das Log. #scanne noch mal mit eSCan und poste ebenfalls, was noch angezeigt wird. (deaktiviere vorruebergehend den Symantec...sonst wird das System langsam) __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 08.01.2005 um 15:17 Uhr von Sabina editiert.
|
|
|
|
|
|
|
08.01.2005, 20:51
Member
Beiträge: 11 |
#41
Hallo Sabrina,
sorry..... es gibt den im Reg Editor den angegeben Pfad nicht. Es ist nur vorhanden ......1004/ ......1004/classes und nu? |
|
|
|
|
|
|
08.01.2005, 20:59
Ehrenmitglied
Beiträge: 29434 |
#42
kein Problem, dann hat AdAware das schon erledigt.
 #scanne mit Antivirus im abgesicherten Modus und poste das Log. #scanne noch mal mit eSCan und poste ebenfalls, was noch angezeigt wird. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.01.2005, 16:48
...neu hier
Beiträge: 1 |
#43
könnt ihr mir bitte auch mal helfen danke euer drager
Logfile of HijackThis v1.99.0 Scan saved at 16:24:27, on 09.01.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\SndMon32.exe C:\Programme\cFos\cFosDNT.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\winm.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\System32\mssw32.exe I:\mIRC\mirc.exe C:\Programme\FlashGet\flashget.exe C:\Programme\WinRAR\WinRAR.exe C:\WINDOWS\system32\cmd.exe C:\DOKUME~1\Draeger\LOKALE~1\Temp\Rar$EX39.531\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Programme\Panicware\Pop-Up Stopper Pro\CCHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Programme\Panicware\Pop-Up Stopper Pro\popuppro.dll O4 - HKLM\..\Run: [cFosDNT] C:\Programme\cFos\cFosDNT.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Sound Manager] SndMon32.exe O4 - HKLM\..\Run: [Update Machine] winm.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Microsoft Windows W32 Services] mssw32.exe O4 - HKLM\..\RunServices: [Update Machine] winm.exe O4 - HKLM\..\RunServices: [WINDOWS MANAGEMENT SYSTEM] WM1EXE.exe O4 - HKLM\..\RunServices: [Microsoft Windows W32 Services] mssw32.exe O4 - HKLM\..\RunServices: [Windows Sound Manager] SndMon32.exe O4 - HKLM\..\RunOnce: [Windows Sound Manager] SndMon32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Windows Sound Manager] SndMon32.exe O4 - HKCU\..\Run: [Update Machine] winm.exe O4 - HKCU\..\RunOnce: [Windows Sound Manager] SndMon32.exe O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{37596444-C4D0-4521-B417-B1FD120FC2E8}: NameServer = 217.237.151.33 217.237.149.225 O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE Dieser Beitrag wurde am 09.01.2005 um 16:54 Uhr von Sabina editiert.
|
|
|
|
|
|
|
09.01.2005, 16:52
Ehrenmitglied
Beiträge: 29434 |
#44
Hallo@drager
Neuinstallation XP http://8ung.at/chemikers-home/SETUP.html 1.) Neu formatieren und installieren 2.) Ein eingeschränktes Benutzerkonto anlegen, mit dem gesurft wird, NICHT mit dem Administratorkonto ins Netz gehen 3). VOR der ersten Onlineverbindung die XP-Firewall für die Verbindung aktivieren http://www.dirks-computerecke.de/windows-xp-firewall.htm 4.) Ebenfalls VOR dem Onlinegehen unnötige Dienste deaktivieren siehe www.dingens.org 5)Antivirus installieren http://www.free-av.de/ 6) Sygate free installieren <Sygate (Deutsch)Firewall http://www.sygate.de/ 7.) Danach zuerst www.windowsupdate.com besuchen UND SP2 LADEN ...falls du eine gueltige xp-cdkey hast  (Falls der Sygate installiert ist, ihn solange freischalten, weil sonst die Updates nicht funktionieren) 8.) den IE nur noch für diese Updates verwenden, ansonsten auf einen alternativen Browser wie Opera oder firefox umsteigen #Alternativbrowser zum IE Firefox http://www.mozilla.org/products/firefox/index.html Dann poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 09.01.2005 um 16:56 Uhr von Sabina editiert.
|
|
|
|
|
|
|
11.01.2005, 07:26
Member
Beiträge: 11 |
#45
Hi Sabrina,
ich glaube wir haben es jetzt fast: AntiVir: nix gefunden eSCan: Mon Jan 10 11:29:26 2005 => File C:\Programme\tv media\TvmBho.dll infected by "not-a-virus:AdWare.SurfSide.c" Virus. Action Taken: No Action Taken. Mon Jan 10 11:32:38 2005 => File C:\WINDOWS\Downloaded Program Files\instafin.dll infected by "Trojan.Win32.Delf.gh" Virus. Action Taken: No Action Taken. Mon Jan 10 09:53:46 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* Mon Jan 10 19:16:00 2005 => Total Files Scanned: 51866 Mon Jan 10 19:16:00 2005 => Total Virus(es) Found: 39 Mon Jan 10 19:16:00 2005 => Total Disinfected Files: 0 Welche Programme soll ich für die Zukunft auf dem Rechner lassen?? |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich bin neu hier im Forum, da ich jetzt auch das Problem mit dem rasautou.exe habe.
Folgende HijackThis Logfile:
Logfile of HijackThis v1.99.0
Scan saved at 21:36:08, on 04.01.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\0900 Warner\w0svc.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Fmctrl.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\0900WA~1\WARN0900.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Sony Handheld\HOTSYNC.EXE
C:\Programme\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\YAW 3.5\scanner.exe
C:\WINDOWS\system32\spider.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2C96FE91-A253-4C8F-961B-F8AFF0C59FF9} - C:\WINDOWS\System32\jpknp.dll (file missing)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O2 - BHO: 0190/0900 Warner Browser Helper - {D2F63D33-C571-41E9-9525-A17CA1804D3B} - C:\PROGRA~1\0900WA~1\whelper1.dll
O2 - BHO: (no name) - {FAE851F5-C00B-4BBC-86EE-051C5FD69B85} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [0900 Warner] C:\PROGRA~1\0900WA~1\WARN0900.EXE
Könnt Ihr mir vielleicht helfen?
Vielen Dank,
Muchito