Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Cash Back Hund und andere Werbedinger

Cash Back Hund und andere Werbedinger


Plagegeister aller Art und deren Bekämpfung: Cash Back Hund und andere Werbedinger

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.02.2005, 09:04   #1
misslayla
 
Cash Back Hund und andere Werbedinger - Standard

Cash Back Hund und andere Werbedinger


Hi!

Hab seit einiger zeit das problem das dauernt werbefenster kommen egal auf was für seiten ich surfe. wenn man die zumacht schließen sie gleich alle anderen browser fenster mit. habs schon mit allen möglichen programmen probiert adaware,spybot,a2....
außerdem hab ich seit heute diesen cash back hund. kann mir bitte jemand helfen wie ich die dinger weg bekomme.
danke

Logfile of HijackThis v1.97.7
Scan saved at 09:02:43, on 16.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\windows\SOUNDMAN.EXE
C:\Programme\FreePDF\FreePDFA.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\windows\system32\xxrwzt.exe
C:\windows\System32\GEARSec.exe
C:\Programme\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\windows\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\??rss.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\windows\System32\ssstars.scr
C:\Programme\eMule\emule.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Internet Explorer\iexplore.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windu.t-online.at/tom/sidesearch.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.de/
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\windows\ZServ.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D7F0-F660BA9AAE7D} - C:\WINDOWS\DOWNLO~1\tonline.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D0C5CC18-70F5-512E-DB4A-0CC53D7C1095} - C:\windows\System32\wgppl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: T-Online - {4E7BD74F-2B8D-469E-D7F0-F660BA9AAE7D} - C:\WINDOWS\DOWNLO~1\tonline.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [FreePDFAssistent] C:\Programme\FreePDF\FreePDFA.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programme\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [oikwlj] C:\windows\system32\xxrwzt.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Programme\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Programme\CashBack\bin\cashback.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/game...s/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/game.../y/t21t0_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/game...ts/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/as/2/060172as.exe
O16 - DPF: {4E7BD74F-2B8D-469E-D7F0-F660BA9AAE7D} (T-Online) - http://toolbar.t-online.at/tonline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1092987650265
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.nfq.de/hb/plugin/mssurvid.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...105.0737847222
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylom.lycos.at/activex/zylomloader.cab
O16 - DPF: {D1222EBB-F86E-4D6C-826A-B342A3D36D99} - http://www.advnt01.com/dialer/austria_ver3.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

Alt 16.02.2005, 15:19   #2
sammy98
 
Cash Back Hund und andere Werbedinger - Standard

Cash Back Hund und andere Werbedinger


O16 - DPF: {D1222EBB-F86E-4D6C-826A-B342A3D36D99} - http://www.advnt01.com/dialer/austria_ver3.CAB
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/as/2/060172as.exe
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB

O4 - HKLM\..\Run: [oikwlj] C:\windows\system32\xxrwzt.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Programme\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Programme\CashBack\bin\cashback.exe

-> die 3 Dateien bitte mir schicken sammy98 _at_ unimx.de


Mit HijackThis alles oben löschen. Danach mit dem Windows Explorer die Dateien suchen und löschen

Weiss nicht ob das schon reicht, aber ein Anfang ist es schonmal

Sammy98
__________________
Alt 16.02.2005, 15:21   #3
Haui45
 
Cash Back Hund und andere Werbedinger - Standard

Cash Back Hund und andere Werbedinger


Logfile mit der aktuellen Version von HijackThis erstellen und posten.
-> Direktdownload
__________________
Alt 17.02.2005, 09:31   #4
misslayla
 
Cash Back Hund und andere Werbedinger - Standard

Cash Back Hund und andere Werbedinger


so hier das neue logfile

Logfile of HijackThis v1.99.1
Scan saved at 09:30:17, on 17.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\System32\GEARSec.exe
C:\Programme\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\windows\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\windows\SOUNDMAN.EXE
C:\Programme\FreePDF\FreePDFA.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\??rss.exe
C:\Programme\eMule\emule.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windu.t-online.at/tom/sidesearch.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.de/
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\windows\ZServ.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: T-Online - {4E7BD74F-2B8D-469E-D7F0-F660BA9AAE7D} - C:\WINDOWS\DOWNLO~1\tonline.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D0C5CC18-70F5-512E-DB4A-0CC53D7C1095} - C:\windows\System32\wgppl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: T-Online - {4E7BD74F-2B8D-469E-D7F0-F660BA9AAE7D} - C:\WINDOWS\DOWNLO~1\tonline.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [FreePDFAssistent] C:\Programme\FreePDF\FreePDFA.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programme\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [oikwlj] C:\windows\system32\xxrwzt.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NaviSearch] C:\Programme\NaviSearch\bin\nls.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/game...s/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/game.../y/t21t0_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/game...ts/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/as/2/060172as.exe
O16 - DPF: {4E7BD74F-2B8D-469E-D7F0-F660BA9AAE7D} (T-Online) - http://toolbar.t-online.at/tonline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1092987650265
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.nfq.de/hb/plugin/mssurvid.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylom.lycos.at/activex/zylomloader.cab
O16 - DPF: {D1222EBB-F86E-4D6C-826A-B342A3D36D99} - http://www.advnt01.com/dialer/austria_ver3.CAB
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\windows\System32\GEARSec.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Alt 17.02.2005, 11:08   #5
chaosman
 
Cash Back Hund und andere Werbedinger - Standard

Cash Back Hund und andere Werbedinger


@misslayla

lade escan
download
anleitung
überprüfe Deinen Rechner zunächst mit dem eScan: lade den eScan runter, erstelle dafür einen Ordner (=Verzeichnis) c:\bases, update den eScan online und führe ihn offline im abgesicherten Modus aus. Beachte, dass der eScan ab Version 4.5.1 gefundene Malware nicht löscht. Das wird von Hand auf Anweisung durch uns gemacht.

Teile uns dann das Ergebnis des eScan mit: welche Viren wurden auf Deinem Rechner gefunden: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre)
chaosman

__________________
Bonus vir semper tiro

Alt 18.02.2005, 11:25   #6
misslayla
 
Cash Back Hund und andere Werbedinger - Standard

Cash Back Hund und andere Werbedinger


erschreckend 169 gefunden!!

File C:\windows\ZServ.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
C:\windows\System32\wgppl.dll infected by "not-a-virus:AdWare.PurityScan.af" Virus. Action Taken: No Action Taken.
C:\windows\ZServ.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
C:\windows\System32\wgppl.dll infected by "not-a-virus:AdWare.PurityScan.af" Virus. Action Taken: No Action Taken.
File C:\windows\autoheal.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\windows\prelimhanse.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\windows\System32\exul3.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\windows\System32\javex80.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\javex80.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msbe.dll_tobedeleted infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mscb.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\nvms.dll infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\psis80ex.ax infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.

das sind jetzt nicht alle. aber wenn ihr mir sagt wie ich die entferen kann müsste man ja die andern auch alle gleich entfernen oder nicht?

Alt 18.02.2005, 14:37   #7
chaosman
 
Cash Back Hund und andere Werbedinger - Standard

Cash Back Hund und andere Werbedinger


@misslayla
poste doch mal die ganze liste

chaosman
__________________
Bonus vir semper tiro

Alt 22.02.2005, 08:51   #8
misslayla
 
Cash Back Hund und andere Werbedinger - Standard

Cash Back Hund und andere Werbedinger


File C:\windows\ZServ.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\windows\System32\wgppl.dll infected by "not-a-virus:AdWare.PurityScan.af" Virus. Action Taken: No Action Taken.
File C:\windows\ZServ.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\windows\System32\wgppl.dll infected by "not-a-virus:AdWare.PurityScan.af" Virus. Action Taken: No Action Taken.
File C:\windows\autoheal.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\windows\prelimhanse.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\windows\System32\exul3.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\windows\System32\javex80.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\windows\System32\msbe.dll_tobedeleted infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\windows\System32\mscb.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\windows\System32\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\windows\System32\nvms.dll infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\windows\System32\psis80ex.ax infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CallingHomebiz10.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy50.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\aupr.exe infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\oroe.exe infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.
File C:\Programme\BearShare\Installer\saveinstwm.exe infected by "not-a-virus:AdWare.SaveNow.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP127\A0042981.DLL infected by "not-a-virus:AdWare.FunWeb.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP127\A0042982.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP127\A0042983.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP127\A0042984.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP127\A0042985.EXE infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP127\A0042986.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP128\A0043145.exe infected by "not-a-virus:AdWare.SaveNow.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP128\A0043146.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP128\A0043899.dll infected by "Trojan-Clicker.Win32.Delf.r" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP128\A0043900.exe infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP129\A0044161.DLL infected by "not-a-virus:AdWare.FunWeb.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP129\A0044162.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP129\A0044163.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP129\A0044164.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP129\A0044165.EXE infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP129\A0044166.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044390.exe infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044393.scr infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044394.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044395.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044396.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044397.SCR infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044398.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044399.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044400.EXE infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044401.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044402.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044403.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044404.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044405.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP130\A0044416.DLL infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP131\A0044498.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP131\A0044508.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP131\A0044635.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0046102.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0046103.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0046104.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0046105.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048492.exe infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048495.scr infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048496.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048497.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048498.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048499.SCR infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048500.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048501.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048502.EXE infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048503.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048504.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048505.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048506.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0048507.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0049105.EXE infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP132\A0049106.EXE infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP135\A0049888.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP135\A0049889.EXE infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP135\A0049890.EXE infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP135\A0049891.EXE infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP135\A0049892.exe infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP135\A0049893.DLL infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP135\A0049894.DLL infected by "not-a-virus:AdWare.Relevance.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP135\A0049909.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP135\A0049914.OCX infected by "not-a-virus:AdWare.MediaTickets.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP135\A0049959.dll infected by "not-a-virus:AdWare.PurityScan.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP135\A0050187.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP136\A0050862.ocx infected by "Trojan-Clicker.Win32.Adpower.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP136\A0050863.exe infected by "not-a-virus:AdWare.SaveNow.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP136\A0050864.exe infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP136\A0050865.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP136\A0050874.exe infected by "not-a-virus:AdWare.PurityScan.ac" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP136\A0051041.exe infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP136\A0051042.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP136\A0051046.OCX infected by "Trojan-Clicker.Win32.Adpower.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP138\A0051422.EXE infected by "not-a-virus:AdWare.SaveNow.be" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP138\A0051424.exe infected by "not-a-virus:AdWare.SaveNow.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP138\A0051425.exe infected by "not-a-virus:AdWare.SaveNow.ay" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP138\A0051427.exe infected by "not-a-virus:AdWare.SaveNow.ay" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP138\A0051628.exe infected by "not-a-virus:AdWare.SaveNow.be" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP138\A0051629.EXE infected by "not-a-virus:AdWare.SaveNow.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP138\A0051630.DLL infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP144\A0052232.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP144\A0052509.OCX infected by "Trojan-Clicker.Win32.Adpower.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP144\A0052514.DLL infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP148\A0053251.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP148\A0053254.exe infected by "not-a-virus:AdWare.SaveNow.bc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP148\A0053255.exe infected by "not-a-virus:AdWare.SaveNow.bc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP148\A0053256.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053286.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053288.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053289.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053290.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053291.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053292.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053293.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053294.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053295.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053297.exe infected by "not-a-virus:AdWare.BargainBuddy.p" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053298.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053299.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053301.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053302.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP149\A0053320.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP150\A0053322.exe infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP150\A0053503.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP151\A0053515.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP151\A0053517.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP151\A0053519.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP151\A0053520.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP151\A0053521.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP151\A0053522.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.

Alt 22.02.2005, 08:52   #9
misslayla
 
Cash Back Hund und andere Werbedinger - Standard

Cash Back Hund und andere Werbedinger


File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP151\A0053523.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP151\A0053524.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP151\A0053525.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP151\A0053527.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP151\A0053528.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP152\A0053719.DLL infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP152\A0053728.EXE infected by "not-a-virus:AdWare.SaveNow.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP152\A0053750.exe infected by "not-a-virus:AdWare.SaveNow.bc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F7EBF5FF-49EE-4789-9237-E55410BC4339}\RP152\A0053752.exe infected by "not-a-virus:AdWare.Whenu.a" Virus. Action Taken: No Action Taken.
File C:\temp\WebRebates_Auto_InstallSilent_Euro.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\autoheal.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MEDIAWHIZ9.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.6\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.6\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.7\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.7\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.8\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\installer_MEDIAWHIZ9.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\internazionale_ver3.ocx infected by "Trojan-Clicker.Win32.Adpower.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\internazionale_ver4.ocx infected by "not-a-virus:Porn-Dialer.Win32.Creazione.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\prelimhanse.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\exul3.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\javex80.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msbe.dll_tobedeleted infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mscb.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\nvms.dll infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\psis80ex.ax infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File E:\Camtasia_Studio_v2[1].0.x_Repacked.zip tagged as not-a-virus:RiskWare.Tool.RegPatch.a. No Action Taken.
File E:\Camtasia_Studio_v2[1].0.0.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.

Antwort

Themen zu Cash Back Hund und andere Werbedinger
adobe, antivirus, bho, boot, browser, dateien, explorer, helfen, hijack, hijackthis, internet, internet explorer, microsoft, monitor, object, outlook express, problem, programme, schließen, seiten, shockwave, software, sun java, symantec, system, system32, werbefenster, windows, windows xp


« eScan findet 18 Dateien infiziert mit BKCln.unknown - was tut der Virus? | Window-ERxplorer will in Internet »


Ähnliche Themen: Cash Back Hund und andere Werbedinger


  1. Back again
    Plagegeister aller Art und deren Bekämpfung - 02.06.2015 (19)
  2. Payments and cash management - HSBC Spam: Payment Advice
    Diskussionsforum - 15.01.2015 (1)
  3. cash-trojaner in form von antivirus programm
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (19)
  4. U-Cash Virus
    Log-Analyse und Auswertung - 23.11.2012 (21)
  5. U-Cash-Trojaner startet bei Browserstart und legt Vista lahm
    Log-Analyse und Auswertung - 25.09.2012 (36)
  6. U-cash-Trojaner bei Windows XP SP3
    Log-Analyse und Auswertung - 10.09.2012 (15)
  7. U Cash GVU 2.07 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (4)
  8. Windows Trojaner mit 100 Euro U cash Aufforderung!
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  9. BKA Trojaner / U Cash 100 Euro
    Log-Analyse und Auswertung - 04.04.2012 (17)
  10. Problem mit https nach BKA-Cash-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (11)
  11. srvaju23.exe - Der Hund will sich nicht löschen lassen :/
    Plagegeister aller Art und deren Bekämpfung - 05.05.2010 (5)
  12. I'm back!
    Mülltonne - 05.09.2005 (17)
  13. Doofer Hund (Cashback)
    Log-Analyse und Auswertung - 17.12.2004 (4)
  14. Hund ind der Taskleiste/ CashBack
    Plagegeister aller Art und deren Bekämpfung - 01.09.2004 (9)
  15. Cash Back Hund
    Plagegeister aller Art und deren Bekämpfung - 23.08.2004 (28)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Cash Back Hund und andere Werbedinger - Hi! Hab seit einiger zeit das problem das dauernt werbefenster kommen egal auf was für seiten ich surfe. wenn man die zumacht schließen sie gleich alle anderen browser fenster mit. - Cash Back Hund und andere Werbedinger...
Archiv
Du betrachtest: Cash Back Hund und andere Werbedinger auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131