Hallo, hier mein HijackThis-Log. Dort werden alle Q10 Einträge als böse eingestuft und sollen wie standardmäßig vorgeschlagen z.B. mit Spybot entfernt werden. Wenn ich die dinger aber mit spybot entferne, hat mein pc danach derbe probleme und stürzt immer ab (explorer.exe).
Gibt es denn noch ein besseres Programm um diese dinger bei Q10 zu fixen?



Logfile of HijackThis v1.99.1
Scan saved at 11:12:59, on 29.03.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAMME\HANSENET\HANSENET-PRODUKTE\APP\TANGOMANAGER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/service/redir/ie_suche.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNACLE\PPE\ppe.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBServ.exe" -reg
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de/service/redir/ie_t-online.htm
O21 - SSODL: upYjOLck - {0D710007-A7DB-AAAD-EBCC-13BE504E82D5} - C:\WINDOWS\SYSTEM\VUBQD.DLL


Alternative zu Spybot?

Danke schon mal!

@schwonz
WebHancer und New.Net musst du über Systemsteuerung/Software deinstallieren.
Danach PC mit eScan nach Anletung im abgesichrten Modus scannen. Scanlog bitte posten.

Hallo,

lade das LSP-Fix und eScan AntiVirus.

Deinstalliere, falls noch vorhanden, unter Software die Programme WebHancer und New.net und wechsle in den abgesicherten Modus bei deaktivierter Systemwiederherstellung.

Wende LSP-Fix (LSP-Fix starten -> "I know what I´m doing" anhaken -> beanstandete Datei in das Fenster "Remove" verschieben -> Finish) an.

Fixe diese Einträge (Haken setzen und auf Fix Checked klicken):
Alle O9
Alle O10
O21 - SSODL: upYjOLck - {0D710007-A7DB-AAAD-EBCC-13BE504E82D5} - C:\WINDOWS\SYSTEM\VUBQD.DLL

Lösche diese Dateien:
C:\WINDOWS\SYSTEM\VUBQD.DLL
Ordner %systemdrive%\PROGRAMME\NEWDOTNET
Ordner %systemdrive%\PROGRAMME\WEBHANCER

- mit Spybot S&D und eScan scannen (den Scanner mit der "mwavscan.com" starten. Alle Häkchen setzen und "Scan" klicken.) und die Malware manuell entfernen http://www.trojaner-board.de/42731-escan-anleitung.html
- Neustart
- IE sicherer konfigurieren und nur noch für das Windows Update benutzen http://www.datenschutzzentrum.de/sel...sie/config.htm
- Sichere und komfortablere Browser wie z.B. die Mozilla Suite oder Firefox verwenden http://www.mozilla.org
- neues Log-File von HijackThis und die Virus Log Information von eScan posten

EDIT:
War wohl zu langsam.

jo,danke erstma das hört sich alles gut an.

Aber es hapert schon am anfang.
Wenn ich über die systemsteuerung webhancer... entferne und danach neustarte (werde dazu gezwungen), dann stürzt der pc (explorer.exe) andauernd ab und kann dann eigentlich nix mehr machen.
Soll ich dann direkt bei dem neustart im abgesicherten modus starten?

Und dieses Newdot.net gibt's nich unter Software...

Führe die Deinstallation von WebHancer im abgesicherten Modus aus, dann sollte es klappen.

Zitat:

Und dieses Newdot.net gibt's nich unter Software...

Ist auch nicht schlimm.

so,hab den ganzen tag gesäubert und sieht eigentlich gut aus. Kam erst nich ins internet,aber jetzt gehts wieder. Hier meine neuen Logs von HijackThis und EScan. Bei HijackThis siehts ja gut aus,aber escan sagt immer noch was, oder?


Logfile of HijackThis v1.99.1
Scan saved at 15:37:44, on 29.03.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/service/redir/ie_suche.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://192.168.2.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-onljne.@

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de;localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NewsUpd] C:\Programme\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Pclepci] C:\PROGRA~1\PINNACLE\PPE\ppe.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de/service/redir/ie_t-online.htm







File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "sidefind Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "ameopt Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "kapabout Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "avenue media Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "WindUpdate Spyware/Adware" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413799.CPY infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413800.CPY infected by "not-a-virus:AdWare.WebHancer.351" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413802.CPY infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413803.CPY infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413804.CPY infected by "not-a-virus:AdWare.WebHancer.16" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413805.CPY infected by "not-a-virus:AdWare.WebHancer.16" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413807.CPY infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413810.CPY infected by "Trojan-Downloader.Win32.Agent.ce" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413816.CPY infected by "not-a-virus:AdWare.WebHancer.351" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413817.CPY infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413818.CPY infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413820.CPY infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413821.CPY infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413822.CPY infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413829.CPY tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\_RESTORE\TEMP\A0413830.CPY infected by "not-a-virus:PornWare.Dialer.WarpMedia" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413832.CPY infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413834.CPY infected by "Trojan-Downloader.Win32.Apher.gen" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413835.CPY infected by "Trojan.Win32.Condrag.c" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413837.CPY infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413838.CPY infected by "Trojan.Win32.StartPage.qr" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413849.CPY infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413850.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413851.CPY infected by "not-a-virus:AdWare.Gator.5112" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413898.CPY infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413899.CPY infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413902.CPY infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413903.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413904.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413905.CPY infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413906.CPY infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413907.CPY infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413908.CPY infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413915.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413916.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413918.CPY infected by "not-a-virus:AdWare.OnFlow" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413920.CPY infected by "not-a-virus:AdWare.OnFlow" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413921.CPY infected by "not-a-virus:AdWare.SaveNow.c" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\TEMP\A0413922.CPY tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\_RESTORE\TEMP\A0413923.CPY infected by "Trojan-Downloader.Win32.Small.fo" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS16.CAB infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS15.CAB infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS19.CAB infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS23.CAB infected by "Virus.Win32.Bube.b" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS24.CAB infected by "Virus.Win9x.CIH" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS25.CAB infected by "Virus.Win9x.CIH" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS26.CAB infected by "Virus.Win9x.CIH" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS27.CAB infected by "Virus.Win9x.CIH" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS120.CAB infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS111.CAB infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS112.CAB infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS113.CAB infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS127.CAB infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.

File C:\_RESTORE\ARCHIVE\FS128.CAB infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\Downloaded Program Files\ISTactivex.dll infected by "Trojan-Downloader.Win32.IstBar.fz" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\Downloaded Program Files\WinAdToolsX.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx infected by "not-a-virus:AdWare.MediaTickets.f" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\Temporary Internet Files\4.dat infected by "Trojan-Dropper.Win32.Small.hx" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\Temporary Internet Files\3.dat infected by "Trojan.Win32.LowZones.y" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\Temporary Internet Files\2.dat infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.




danke schon ma,is ein besseres gefühl einen sauberen pc zu haben!

Na ja, sauber ist dein System noch nicht.

Lade Ad-Aware, Spybot S&D und aktualisiere sie.


Systemwiederherstellung deaktivieren -> Neustart in den abgesicherten Modus -> Ad-aware und Spybot S&D anwenden -> fixe diesen Eintrag [1] -> Neustart -> Systemwiederherstellung wieder aktivieren

[1] O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

Jo,danke für eure tipps, hab jetzt alles beseitigt,was gefunden werden konnte.
Weiter so,

mfg schwonz