Hallo,

nachdem ihr mir ja letztens schon so lieb geholfen habt, nochmals eine Bitte:
Ich habe Ad-Aware mal laufen lassen und der hat anscheinend einiges gefunden (80 objects identified). Vom Log schicke ich mal die Zusammenfassung mit. Ich habe aber einfach keine Ahnung, was ich da jetzt weiter machen soll. Das Log ist ja ewig lang und zum Hochladen offensichtlich zu groß (61 KB als txt).
Außerdem habe ich noch HijackThis laufen lassen. Dieses Logfile ist mit der Bitte um Überprüfung beigefügt.

Vielen Dank im Voraus
Steffi

Ad-Aware SE Build 1.05
Logfile Created on:Freitag, 25. Februar 2005 21:15:39
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R28 16.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dialer(TAC index:5):7 total references
Global Netcom Inc(TAC index:5):3 total references
Hi-Wire(TAC index:4):22 total references
MRU List(TAC index:0):40 total references
Other(TAC index:5):1 total references
SecretCrush(TAC index:3):1 total references
Tracking Cookie(TAC index:3):26 total references
TS Cash(TAC index:5):20 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


25.02.2005 21:15:39 - Scan started. (Full System Scan)

Logfile of HijackThis v1.99.1
Scan saved at 22:17:00, on 25.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programme\Sony\HotKey Utility\HKserv.exe
C:\Programme\Sony\Jog Dial Navigator\JogServ2.exe
C:\WINDOWS\System32\ezSP_PxEngine.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Winamp\Winampa.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\Programme\PDF-XChange 2.5\pdfSaver.exe
C:\Programme\PowerPanel\Program\PcfMgr.exe
C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programme\Microsoft Office\Office\WINWORD.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Griem\LOKALE~1\Temp\Rar$EX00.123\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rhein-zeitung.de/tick/index.html?km&A
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Advertiser Class - {53D3C442-8FEE-4784-9A21-6297D39613F0} - C:\WINDOWS\System32\Winad2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: onlineTV - {63CCAACE-9D54-4149-9085-1B3BA48D0FE2} - C:\PROGRA~1\ONLINE~4\OTVTOO~1.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Programme\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Programme\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\System32\SysUpd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TCMMouse ] C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PDF-XChange Capture.lnk = C:\Programme\PDF-XChange 2.5\pdfSaver.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Programme\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Programme\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Programme\LeechGet 2004\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {52290B25-D07A-43B5-84D8-493116D50FA0} - http://webinstall.tscash.com/webinstall.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/230f413dd26e80d...dxIE601_de.cab
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://img.web.de/v/mail/activex/mail_upload_1123.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

@Monschi
du hast einiges im system,
überprüfe dein rechner mit escan
download
anleitung
überprüfe Deinen Rechner zunächst mit dem eScan: lade den eScan runter, erstelle dafür einen Ordner (=Verzeichnis) c:\bases, update den eScan online und führe ihn offline im abgesicherten Modus aus. Beachte, dass der eScan ab Version 4.5.1 gefundene Malware nicht löscht. Das wird von Hand auf Anweisung durch uns gemacht.

Teile uns dann das Ergebnis des eScan mit: welche Viren wurden auf Deinem Rechner gefunden: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre)

chaosman

Rehi,

habe Escan im abgesicherten Modus ausgeführt. Nachstehend die erbetenen Ergebnisse für "infected" und "tagged" (die habe ich auch noch dazugenommen, weil ich das beim letzten Mal auch tun sollte :-)).

Gruß Steffi

Sat Feb 26 00:54:45 2005 => File C:\WINDOWS\System32\Winad2.dll infected by "Trojan.Win32.Dialer.ai" Virus. Action Taken: No Action Taken.

Sat Feb 26 00:54:54 2005 => File C:\WINDOWS\System32\SysUpd.exe infected by "not-a-virus:AdWare.TSCash" Virus. Action Taken: No Action

Sat Feb 26 00:58:12 2005 => File C:\WINDOWS\system32\WebInstall.dll infected by "Trojan-Downloader.Win32.Tinytest" Virus. Action Taken: No Action Taken.

Sat Feb 26 00:59:56 2005 => File C:\DOKUME~1\Griem\LOKALE~1\Temp\~alstmp.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 26 00:59:57 2005 => File C:\DOKUME~1\Griem\LOKALE~1\Temp\~alstmp.exe_ infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 26 01:26:49 2005 => File C:\Dokumente und Einstellungen\Griem\Lokale Einstellungen\Temp\~alstmp.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 26 01:26:50 2005 => File C:\Dokumente und Einstellungen\Griem\Lokale Einstellungen\Temp\~alstmp.exe_ infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:01:07 2005 => File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\36045381.exe infected by "Trojan.Win32.StartPage.ee" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:01:07 2005 => File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\3D1E364F infected by "Email-Worm.Win32.Bagle.at" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:01:07 2005 => File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\3E482308 infected by "Email-Worm.Win32.Bagle.at" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:01:07 2005 => File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\54C05AB4 infected by "Trojan-Downloader.Win32.Tinytest" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:01:07 2005 => File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\649708D7.exe infected by "Trojan.Win32.StartPage.ee" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:01:07 2005 => File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\7B340A55 infected by "Email-Worm.Win32.Bagle.gen" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:45 2005 => C:\RECYCLER\NPROTECT\00097671. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:45 2005 => File C:\RECYCLER\NPROTECT\00097671. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:45 2005 => C:\RECYCLER\NPROTECT\00097692. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:45 2005 => File C:\RECYCLER\NPROTECT\00097692. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:54 2005 => C:\RECYCLER\NPROTECT\00142919. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:54 2005 => File C:\RECYCLER\NPROTECT\00142919. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:54 2005 => File C:\RECYCLER\NPROTECT\00142922. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:54 2005 => C:\RECYCLER\NPROTECT\00142923. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:54 2005 => File C:\RECYCLER\NPROTECT\00142923. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:55 2005 => File C:\RECYCLER\NPROTECT\00142930. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:55 2005 => C:\RECYCLER\NPROTECT\00142935. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:55 2005 => File C:\RECYCLER\NPROTECT\00142935. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:55 2005 => C:\RECYCLER\NPROTECT\00142962. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:55 2005 => File C:\RECYCLER\NPROTECT\00142962. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:55 2005 => C:\RECYCLER\NPROTECT\00142963. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:55 2005 => File C:\RECYCLER\NPROTECT\00142963. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:55 2005 => C:\RECYCLER\NPROTECT\00142964. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:55 2005 => File C:\RECYCLER\NPROTECT\00142964. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:55 2005 => C:\RECYCLER\NPROTECT\00142976. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:55 2005 => C:\RECYCLER\NPROTECT\00142984. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:55 2005 => File C:\RECYCLER\NPROTECT\00142984. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:55 2005 => C:\RECYCLER\NPROTECT\00142987. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:55 2005 => File C:\RECYCLER\NPROTECT\00142987. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:55 2005 => C:\RECYCLER\NPROTECT\00142991. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:55 2005 => File C:\RECYCLER\NPROTECT\00142991. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:55 2005 => C:\RECYCLER\NPROTECT\00142992. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:55 2005 => File C:\RECYCLER\NPROTECT\00142992. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:55 2005 => C:\RECYCLER\NPROTECT\00142993. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:55 2005 => File C:\RECYCLER\NPROTECT\00142993. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00142994. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00142994. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143029. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143042. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143042. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143146. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143146. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143151. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143151. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143156. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143156. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143175. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143175. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143187. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143187. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143195. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143195. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143197. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143197. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143201. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143201. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143202. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143202. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143231. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143231. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143244. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143244. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143268. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143268. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:56 2005 => C:\RECYCLER\NPROTECT\00143278. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:56 2005 => File C:\RECYCLER\NPROTECT\00143278. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00143299. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00143299. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00143573. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00143573. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00143593. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00143593. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00143595. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00143595. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00143604. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00143604. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00143608. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00143608. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00143643. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00143643. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00143660. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00143660. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00143668. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00143668. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00143670. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00143670. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00143679. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00143679. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00171418. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00171418. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00171432. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00171432. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Sat Feb 26 02:12:57 2005 => C:\RECYCLER\NPROTECT\00171433. possibly infected and removed by background antivirus package!

Sat Feb 26 02:12:57 2005 => File C:\RECYCLER\NPROTECT\00171433. infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

at Feb 26 02:13:15 2005 => File C:\RECYCLER\NPROTECT\00251935.DLL infected by "Trojan-Downloader.Win32.Ladder.a" Virus. Action Taken: No Action Taken.

Sat Feb 26 03:14:17 2005 => File C:\WINDOWS\system32\WebInstall.dll infected by "Trojan-Downloader.Win32.Tinytest" Virus. Action Taken: No Action Taken.

Sat Feb 26 01:23:50 2005 => File C:\Dokumente und Einstellungen\Griem\Eigene Dateien\Downloads\skatklopper4.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.

Sat Feb 26 01:44:37 2005 => File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Sat Feb 26 01:45:02 2005 => File C:\Programme\Aquanoid\setup\gendel32.ex_ tagged as not-a-virus:RiskWare.Tool.Gendel. No Action Taken.

Sat Feb 26 01:45:42 2005 => File C:\Programme\BreakIt\setup\gendel32.ex_ tagged as not-a-virus:RiskWare.Tool.Gendel. No Action Taken.

Sat Feb 26 01:45:54 2005 => File C:\Programme\FunSkat\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.

Sat Feb 26 01:46:05 2005 => File C:\Programme\Funskat1\Nick1\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.

Sat Feb 26 01:46:40 2005 => File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Sat Feb 26 02:00:16 2005 => File C:\Programme\NetSkatLiga\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.

Sat Feb 26 02:02:38 2005 => File C:\Programme\Skatklopper\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.

Sat Feb 26 02:02:39 2005 => File C:\Programme\skatklopper4\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.

Sat Feb 26 02:02:41 2005 => File C:\Programme\Skatkumpels\FsNick1\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.

Sat Feb 26 02:11:47 2005 => File C:\Programme\Verbandskat\VbNick1\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.

Sat Feb 26 03:14:17 2005 => File C:\WINDOWS\system32\WebInstall\TSCore.exe tagged as not-a-virus:RiskWare.Dialer.Tscash. No Action Taken.

Hallihallo,

hoffe, dass ich jetzt keinen Fauxpas begehe, wenn ich mein Problem in Erinnerung bringe. Ich wundere mich nur, weil bisher die Reaktionen immer so schnell erfolgt sind. Also nichts für ungut.

Gruß Steffi

@Monschi
die dialerdateien auf diskette speichern zwecks beweismittel, falls du mit hohe telefonrechnungen rechnest.
diese dateien nicht löschen:
Sat Feb 26 01:23:50 2005 => File C:\Dokumente und Einstellungen\Griem\Eigene Dateien\Downloads\skatklopper4.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
Sat Feb 26 01:44:37 2005 => File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Feb 26 01:45:02 2005 => File C:\Programme\Aquanoid\setup\gendel32.ex_ tagged as not-a-virus:RiskWare.Tool.Gendel. No Action Taken.
Sat Feb 26 01:45:42 2005 => File C:\Programme\BreakIt\setup\gendel32.ex_ tagged as not-a-virus:RiskWare.Tool.Gendel. No Action Taken.
Sat Feb 26 01:45:54 2005 => File C:\Programme\FunSkat\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
Sat Feb 26 01:46:05 2005 => File C:\Programme\Funskat1\Nick1\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
Sat Feb 26 01:46:40 2005 => File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Feb 26 02:00:16 2005 => File C:\Programme\NetSkatLiga\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.
Sat Feb 26 02:02:38 2005 => File C:\Programme\Skatklopper\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.
Sat Feb 26 02:02:39 2005 => File C:\Programme\skatklopper4\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
Sat Feb 26 02:02:41 2005 => File C:\Programme\Skatkumpels\FsNick1\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
Sat Feb 26 02:11:47 2005 => File C:\Programme\Verbandskat\VbNick1\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.

der rest in den abgesicherten modus manuell löschen.

chaosman

Rehi,
danke für die Anweisung. Habe sie auch ausgeführt. Allerdings lassen sich alle Dateien im Ordner "Recycler/nprotect" nicht löschen. Konnte die auch erst sehen, nachdem ich mir die geschützten Systemdateien anzeigen liess. Soll ich noch mal ein hijackthis-log posten? Falls ja, dieses im abgesicherten oder im normalen Modus erstellen?
Gruß Steffi

Leere einfach deinen Papierkorb, dann sollten auch die Dateien in diesem Ordner Recycler/nprotect weg sein.

Nein, einfaches Leeren reicht nicht.
Klick mit der rechten Mouse-Taste auf den Papierkorb -> Eigenschaften -> Norton Protection -> Haken raus bei "Schutz aktivieren" und dann auf "Geschützte Dateien entfernen"

@ Feierfox

Da sieht man mal wieder die Norton Spezialisten.

Norton
Gabs zum Rechner...und aus Gewohnheit und hinter einem Router...lass ich es halt laufen, aber zufrieden? Wäre ich zufrieden gewesen, hätte ich im Dezember nicht den Rechner "bereinigen" müssen (damals ohne Router, aber mit PFW.... ). Und bereinigt hab ich ihn auch mit Deiner Hilfe (indirekt). Viel, viel Lesen hier im Board, Rechner gesäubert, registriert und seitdem hier ein bissel aktiv mit meinen bescheidenen Kenntnissen.

Zitat:

Gabs zum Rechner

War natürlich auch nicht negativ gemeint.

Zitat:

Viel, viel Lesen hier im Board, Rechner gesäubert, registriert und seitdem hier ein bissel aktiv mit meinen bescheidenen Kenntnissen.

Deine Aktivität ist lobenswert , wenn es doch noch mehr Members von deiner Sorte gäbe.

Zitat:

War natürlich auch nicht negativ gemeint.

Hab ich auch nicht so aufgefasst. Trotzdem bin ich nicht so ganz zufrieden mit Norton-Produkten.

Zitat:

Deine Aktivität ist lobenswert, wenn es doch noch mehr Members von deiner Sorte gäbe.

Danke *rotwerd*
Und, wenn ich mal "Mist" schreibe, keine Bedenken, mir dies auch deutlich zu machen.

Zitat:

Und, wenn ich mal "Mist" schreibe, keine Bedenken, mir dies auch deutlich zu machen.

Mist schreibt jeder mal, aber Gott sei Dank gibt es ja noch einige, wenn auch z.Z. wenige Regulars, die mitlesen und dies dann richtigstellen.

btw:
Und nein, ich will keinen GMail-Account.

Danke für Eure interessante Diskussion :-)
Der Papierkorb mit Norton Protection ist bei mir so eingestellt, dass er die geschützten Dateien automatisch nach 7 Tagen entfernt. Im Moment befinden sich gerade über 700 geschützte Dateien drin. Kann ich diese Einstellung so lassen? Ist es "ungefährlich", wie von Feierfox vorgeschlagen, alle geschützten Dateien zu entfernen?
Beste Grüße
Steffi