adware sysupudt.exe TR/Dldr.Agent.FZ.1

jaltadi · 04.06.2005, 16:16

Hilfe!

keines weg aus fur dieses trojanisches pferd

AntiVir hat es entdeckt:
adware sysupudt.exe TR/Dldr.Agent.FZ.1
und auch
adpopup DCF5678.EXE
aber unmoglich zu loschen!

Logfile of HijackThis v1.99.1
Scan saved at 16:18:08, on 04/06/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
D:\PROGRAM FILES\UTILITAIRES INTERNET\PARE FEU\SYGATE PERSONNAL FIREWALL\SMC.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\CARPSERV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DRIVERS\MICROSOFT HARDWARE\GAME CONTROLLERS\COMMON\SWTRAYV4.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
D:\PROGRAM FILES\ANTI VIRUS\ANTIVIR\AVSCHED32.EXE
C:\WINDOWS\WLANCFG.EXE
D:\PROGRAM FILES\ANTI VIRUS\ANTIVIR\AVGCTRL.EXE
D:\PROGRAM FILES\CDVIRTUEL\DAEMONTOOLS347\DAEMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSUPUDT.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PRINTER\HP\AIO\HP PSC 900 SERIES\BIN\HPOBRT07.EXE
C:\PROGRAM FILES\PHOTO\NIKON\NKVIEW6\NKVMON.EXE
D:\PROGRAM FILES\BUREAUTIQUE\OPENOFFICE\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\PRINTER\HP\AIO\SHARED\BIN\HPOEVM07.EXE
C:\PROGRAM FILES\ANTI VIRUS\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eurocockpit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.net-up.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.fr.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F1 - win.ini: load=c:\windows\progfile\quickenw\MEMENTO.EXE
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\WINDOWS\APPLICATION DATA\METAPRODUCTS\MASS DOWNLOADER\MDHELPER.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file missing)
O2 - BHO: CIEObject Object - {5D647E9C-6B37-4636-9A78-DADB1EB93BDF} - C:\WINDOWS\SYSTEM\CTXPOPUP.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\WINDOWS\SYSTEM\DRIVERS\MICROS~1\GAMECO~1\COMMON\SWTRAYV4.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [AVSCHED32] D:\PROGRAM FILES\ANTI VIRUS\ANTIVIR\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [wlancfg] wlancfg.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\PROGRAM FILES\ANTI VIRUS\ANTIVIR\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\UTILIT~1\PAREFE~1\SYGATE~1\SMC.EXE -startgui
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\CDvirtuel\DaemonTools347\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Install_Choix] E:\choix.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdUpdater] C:\WINDOWS\SYSUPUDT.EXE
O4 - HKLM\..\Run: [AdPopup] C:\WINDOWS\DCF5678.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SmcService] D:\PROGRAM FILES\UTILITAIRES INTERNET\PARE FEU\SYGATE PERSONNAL FIREWALL\SMC.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Photo\Nikon\NkView6\NkvMon.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: OpenOffice.org 1.1.3.lnk = D:\Program Files\Bureautique\OpenOffice\program\quickstart.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\WINDOWS\SYSTEM\Printer\HP\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\Utilitaires internet\GetRight\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Utilitaires internet\GetRight\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Utilitaires internet\Telechargements\DownloadExpress\Download Express\Add_Url.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.net-up.com/

chaosman · 04.06.2005, 16:38

@jaltadi
überprüfe dein system mit escan
chaosman

jaltadi · 06.06.2005, 00:31

escannen ist ein bischen lang...
und so bin ich

Ich habe auch Registry Fix benutz

Yetz habe ich 2 logs; hier ist der kleinerer

Viele viren habe ich selbst geloscht
Aber unmoglich mit viren im _RESTORE\TEMP
Und viren sind yetz gefunden im _RECYCLED

Losche Ich diese einfach?

1.TEIL

Sat Jun 04 19:44:55 2005 => **********************************************************
Sat Jun 04 19:44:55 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Sat Jun 04 19:44:55 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Sat Jun 04 19:44:55 2005 => **********************************************************
Sat Jun 04 19:44:55 2005 => Version 6.2.9 (C:\BASES_X\MWAVSCAN.COM)
Sat Jun 04 19:44:55 2005 => Log File: C:\BASES_X\MWAV.LOG
Sat Jun 04 19:44:55 2005 => MWAV Registered: FALSE.
Sat Jun 04 19:44:55 2005 => MWAV Mode: Only Scan files.
Sat Jun 04 19:44:55 2005 => Latest Date of files inside MWAV: 29 May 2005 13:10:21.
Sat Jun 04 19:45:14 2005 => AV Library Loaded...
Sat Jun 04 19:45:14 2005 => MWAV doing self scanning...
Sat Jun 04 19:45:14 2005 => Scanning File C:\BASES_X\kavss.exe
Sat Jun 04 19:45:14 2005 => Scanning File C:\BASES_X\Getvlist.exe
Sat Jun 04 19:45:15 2005 => Scanning File C:\BASES_X\kavss.dll
Sat Jun 04 19:45:15 2005 => Scanning File C:\BASES_X\kavssdi.dll
Sat Jun 04 19:45:15 2005 => Scanning File C:\BASES_X\kavssi.dll
Sat Jun 04 19:45:15 2005 => Scanning File C:\BASES_X\kavvlg.dll
Sat Jun 04 19:45:16 2005 => Scanning File C:\BASES_X\msvlclnt.dll
Sat Jun 04 19:45:16 2005 => Scanning File C:\BASES_X\ipc.dll
Sat Jun 04 19:45:16 2005 => Scanning File C:\BASES_X\main.avi
Sat Jun 04 19:45:16 2005 => Scanning File C:\BASES_X\virus.avi
Sat Jun 04 19:45:16 2005 => MWAV files are clean.
Sat Jun 04 19:45:27 2005 => MWAV License Agreement and conditions NOT accepted by user. Aborting...
Sat Jun 04 19:45:27 2005 => AV Library Unloaded (2)...
Sun Jun 05 01:12:39 2005 => **********************************************************
Sun Jun 05 01:12:39 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Sun Jun 05 01:12:39 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Sun Jun 05 01:12:39 2005 => **********************************************************
Sun Jun 05 01:12:39 2005 => Version 6.2.9 (C:\BASES_X\MWAVSCAN.COM)
Sun Jun 05 01:12:39 2005 => Log File: C:\BASES_X\MWAV.LOG
Sun Jun 05 01:12:39 2005 => MWAV Registered: FALSE.
Sun Jun 05 01:12:39 2005 => MWAV Mode: Only Scan files.
Sun Jun 05 01:12:39 2005 => Latest Date of files inside MWAV: 04 Jun 2005 20:44:09.
Sun Jun 05 01:12:45 2005 => AV Library Loaded...
Sun Jun 05 01:12:45 2005 => MWAV doing self scanning...
Sun Jun 05 01:12:45 2005 => Scanning File C:\BASES_X\kavss.exe
Sun Jun 05 01:12:45 2005 => Scanning File C:\BASES_X\Getvlist.exe
Sun Jun 05 01:12:45 2005 => Scanning File C:\BASES_X\kavss.dll
Sun Jun 05 01:12:45 2005 => Scanning File C:\BASES_X\kavssdi.dll
Sun Jun 05 01:12:45 2005 => Scanning File C:\BASES_X\kavssi.dll
Sun Jun 05 01:12:45 2005 => Scanning File C:\BASES_X\kavvlg.dll
Sun Jun 05 01:12:46 2005 => Scanning File C:\BASES_X\msvlclnt.dll
Sun Jun 05 01:12:46 2005 => Scanning File C:\BASES_X\ipc.dll
Sun Jun 05 01:12:46 2005 => Scanning File C:\BASES_X\main.avi
Sun Jun 05 01:12:46 2005 => Scanning File C:\BASES_X\virus.avi
Sun Jun 05 01:12:46 2005 => MWAV files are clean.
Sun Jun 05 01:13:06 2005 => Virus Database Date: 2005/06/04
Sun Jun 05 01:13:06 2005 => Virus Database Count: 133383

Sun Jun 05 01:14:03 2005 => **********************************************************
Sun Jun 05 01:14:03 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Sun Jun 05 01:14:03 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Sun Jun 05 01:14:03 2005 =>
Sun Jun 05 01:14:03 2005 => Support: support@mwti.net
Sun Jun 05 01:14:03 2005 => Web: http://www.mwti.net
Sun Jun 05 01:14:03 2005 => **********************************************************
Sun Jun 05 01:14:03 2005 => Version 6.2.9 (C:\BASES_X\MWAVSCAN.COM)
Sun Jun 05 01:14:03 2005 => Log File: C:\BASES_X\MWAV.LOG
Sun Jun 05 01:14:03 2005 => Windows Root Folder: C:\WINDOWS
Sun Jun 05 01:14:03 2005 => Windows Sys32 Folder: C:\WINDOWS\SYSTEM
Sun Jun 05 01:14:03 2005 => OS: Windows ME
Sun Jun 05 01:14:03 2005 => Latest Date of files inside MWAV: 04 Jun 2005 20:44:09.

Sun Jun 05 01:14:03 2005 => Options Selected by User:
Sun Jun 05 01:14:03 2005 => Memory Check: Enabled
Sun Jun 05 01:14:03 2005 => Registry Check: Enabled
Sun Jun 05 01:14:03 2005 => StartUp Folder Check: Disabled
Sun Jun 05 01:14:03 2005 => System Folder Check: Disabled
Sun Jun 05 01:14:03 2005 => System Area Check: Disabled
Sun Jun 05 01:14:03 2005 => Services Check: Enabled
Sun Jun 05 01:14:03 2005 => Drive Check Option Disabled
Sun Jun 05 01:14:03 2005 => Folder Check: Disabled

Sun Jun 05 01:14:03 2005 => ***** Scanning Memory Files *****
Sun Jun 05 01:14:03 2005 => Scanning File C:\WINDOWS\SYSTEM\KERNEL32.DLL
[...]
Sun Jun 05 01:14:17 2005 => Scanning File C:\BASES_X\MWAVSCAN.COM
Sun Jun 05 01:14:18 2005 => Scanning File C:\WINDOWS\SYSTEM\RICHED32.DLL
Sun Jun 05 01:14:18 2005 => Scanning File IPC.DLL
Sun Jun 05 01:14:18 2005 => Scanning File KAVSSDI.DLL
Sun Jun 05 01:14:18 2005 => Scanning File KAVSSD.DLL
Sun Jun 05 01:14:19 2005 => Scanning File KAVSSI.DLL
Sun Jun 05 01:14:19 2005 => Scanning File MSVLCLNT.DLL
Sun Jun 05 01:14:19 2005 => Scanning File MWAVSCAN.COM
Sun Jun 05 01:14:20 2005 => Scanning File C:\BASES_X\KAVSS.EXE
Sun Jun 05 01:14:20 2005 => Scanning File KAVSS.EXE
Sun Jun 05 01:14:20 2005 => Scanning File KAVSS.DLL

Sun Jun 05 01:14:20 2005 => ***** Scanning Registry Files *****

Sun Jun 05 01:14:20 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Sun Jun 05 01:14:20 2005 => Scanning File C:\WINDOWS\SYSTEM\WEBCHECK.DLL
Sun Jun 05 01:14:20 2005 => Scanning File C:\WINDOWS\SYSTEM\UPNPUI.DLL
Sun Jun 05 01:14:20 2005 => Scanning File C:\WINDOWS\SYSTEM\AUHOOK.DLL

Sun Jun 05 01:14:20 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Sun Jun 05 01:14:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension
Sun Jun 05 01:14:21 2005 => Scanning File C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

Sun Jun 05 01:14:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Sun Jun 05 01:14:21 2005 => Scanning File C:\WINDOWS\SYSTEM\MSDXM.OCX

Sun Jun 05 01:14:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Sun Jun 05 01:14:21 2005 => {B930BA63-9E5A-11D3-A288-0000E80E2EDE} = C:\WINDOWS\APPLICATION DATA\METAPRODUCTS\MASS DOWNLOADER\MDHELPER.DLL
Sun Jun 05 01:14:21 2005 => ERROR!!! Invalid Entry = C:\WINDOWS\APPLICATION DATA\METAPRODUCTS\MASS DOWNLOADER\MDHELPER.DLL (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B930BA63-9E5A-11D3-A288-0000E80E2EDE}). No Action Taken.
Sun Jun 05 01:14:21 2005 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\PROGRAM FILES\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
Sun Jun 05 01:14:21 2005 => Scanning File C:\PROGRA~1\ACROBA~1.0\READER\ACTIVEX\ACROIE~1.OCX
Sun Jun 05 01:14:21 2005 => {07B18EA1-A523-4961-B6BB-170DE4475CCA} = C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
Sun Jun 05 01:14:21 2005 => Scanning File C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSBAR.DLL
Sun Jun 05 01:14:41 2005 => File C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSBAR.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.

Sun Jun 05 01:14:41 2005 => {00A6FAF1-072E-44cf-8957-5838F569A31D} = C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
Sun Jun 05 01:14:41 2005 => ERROR!!! Invalid Entry = C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}). No Action Taken.

Sun Jun 05 01:14:41 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Sun Jun 05 01:14:41 2005 => Scanning File C:\WINDOWS\SYSTEM\BROWSEUI.DLL
[...]
Sun Jun 05 01:14:54 2005 => Scanning File C:\WINDOWS\SYSTEM\vserver.vxd

Sun Jun 05 01:14:54 2005 => ***** Scanning Important System Files *****
Sun Jun 05 01:14:54 2005 => Scanning File C:\WINDOWS\WINSOCK.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\WSCRIPT.EXE
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSHEXT.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSHFR.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSHOM.OCX
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WS2_32.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WS2HELP.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WS2THK.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSCTHUNK.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSASRV.EXE
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSHTCP.VXD
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSOCK.VXD
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSOCK2.VXD
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSOCK32.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSTDECOD.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\EXPLORER.EXE
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\RUNDLL.EXE
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\RUNDLL32.EXE
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\BROWSEUI.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\NOTEPAD.EXE
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\KERNEL32.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\NTDLL.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\ADVAPI32.DLL
Sun Jun 05 01:14:56 2005 => Scanning File C:\WINDOWS\SYSTEM\USER32.DLL
Sun Jun 05 01:14:56 2005 => Scanning File C:\WINDOWS\SYSTEM\GDI32.DLL
Sun Jun 05 01:14:56 2005 => Scanning File C:\WINDOWS\COMMAND.COM
Sun Jun 05 01:14:56 2005 => Scanning File C:\WINDOWS\COMMAND.PIF
Sun Jun 05 01:14:56 2005 => Scanning File C:\WINDOWS\TASKMON.EXE

cronos · 06.06.2005, 00:34

Gehe wie folgt vor, damit wir das korrekte Ergebnis bekommen:

Rechtsklick auf diesen Link -> Ziel speichern unter… z.B. 'C:\Find.rar' -> 'Find.rar' entpacken z.B. 'C:\Find.bat' -> 'Find.bat' doppelklicken und den Scan abwarten -> den Inhalt der automatisch erstellten 'C:\eScan_neu.txt' posten.

jaltadi · 06.06.2005, 00:37

2.TEIL

Sun Jun 05 01:14:56 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Sun Jun 05 01:14:57 2005 => System found infected with FunWeb Spyware/Adware ({147A976F-EEE1-4377-8EA7-4716E4CDD239})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "FunWeb Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with MyWebSearch Spyware/Adware ({ADB01E81-3C79-4272-A0F1-7B2BE7A782DC})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with MyWebSearch Spyware/Adware ({9FF05104-B030-46FC-94B8-81276E4E27DF})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with MyWebSearch Spyware/Adware ({7473D292-B7BB-4f24-AE82-7E2CE94BB6A9})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with MyWebSearch Spyware/Adware ({F42228FB-E84E-479E-B922-FBBD096E792C})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with MyWebSearch Spyware/Adware ({7473D290-B7BB-4F24-AE82-7E2CE94BB6A9})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with MyWebSearch Spyware/Adware ({29D67D3C-509A-4544-903F-C8C1B8236554})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with IBIS Spyware/Adware ({1d4db7d2-6ec9-47a3-bd87-1e41684e07bb})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({07B18EA1-A523-4961-B6BB-170DE4475CCA})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({07B18EAA-A523-4961-B6BB-170DE4475CCA})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({07B18EAC-A523-4961-B6BB-170DE4475CCA})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({63D0ED2B-B45B-4458-8B3B-60C69BBBD83C})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({63D0ED2D-B45B-4458-8B3B-60C69BBBD83C})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({00A6FAF1-072E-44cf-8957-5838F569A31D})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({00A6FAF0-072E-44CF-8957-5838F569A31D})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({07B18EA0-A523-4961-B6BB-170DE4475CCA})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({8E6F1830-9607-4440-8530-13BE7C4B1D14})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({E47CAEE0-DEEA-464A-9326-3F2801535A4D})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with MyBar Spyware/Adware ({3646C2BD-3554-49CA-8125-44DEEFB881DE})! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with AltnetBDE Spyware/Adware ({8b0fef15-54dc-49f5-8377-8172de975f75})! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with AltnetBDE Spyware/Adware ({9bbcf06c-dcd7-495d-80df-cdd5399d0ff8})! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with AltnetBDE Spyware/Adware ({e813099d-5529-47f4-9b37-4afafcb00a43})! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with AltnetBDE Spyware/Adware ({ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb})! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with AltnetBDE Spyware/Adware (adm25.adm25)! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with WhenU Spyware/Adware (wusn)! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "WhenU Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:04 2005 => Offending value found in HKLM\Software\FocusInteractive !!!
Sun Jun 05 01:15:04 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:04 2005 => Offending value found in HKLM\software\microsoft\office\outlook\addins\MyWebSearch.OutlookAddin !!!
Sun Jun 05 01:15:04 2005 => Offending value found in HKLM\software\microsoft\office\word\addins\MyWebSearch.OutlookAddin !!!
Sun Jun 05 01:15:04 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:14 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Sun Jun 05 01:15:14 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:14 2005 => Offending value found in HKCU\Software\Fun Web Products !!!
Sun Jun 05 01:15:14 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\Fun Web Products !!!
Sun Jun 05 01:15:14 2005 => Object "FunWeb Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:15 2005 => Offending value found in HKCU\Software\FunWebProducts !!!
Sun Jun 05 01:15:15 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\FunWebProducts !!!
Sun Jun 05 01:15:15 2005 => Offending Folder C:\PROGRA~1\FUNWEB~1 present...
Sun Jun 05 01:15:15 2005 => Object "FunWebProducts Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:15 2005 => Offending value found in HKCU\Software\mywebsearch !!!
Sun Jun 05 01:15:15 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\mywebsearch !!!
Sun Jun 05 01:15:15 2005 => Offending Folder C:\PROGRA~1\MYWEBS~1 present...
Sun Jun 05 01:15:15 2005 => Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:19 2005 => Offending value found in HKCU\Software\cydoor !!!
Sun Jun 05 01:15:19 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\cydoor !!!
Sun Jun 05 01:15:19 2005 => Object "Kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:19 2005 => Offending value found in HKLM\Software\altnet !!!
Sun Jun 05 01:15:19 2005 => Offending Folder C:\PROGRA~1\ALTNET present...
Sun Jun 05 01:15:19 2005 => Object "Kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:36 2005 => Offending value found in HKLM\Software\WhenU !!!
Sun Jun 05 01:15:36 2005 => Object "WhenU Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:42 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.
Sun Jun 05 01:15:42 2005 => Object "altnet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:55 2005 => System found infected with MyWebSearch Spyware/Adware (MyWebSearch Email Plugin.lnk)! Action taken: No Action Taken.
Sun Jun 05 01:15:55 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:55 2005 => System found infected with MyWebSearch Spyware/Adware (f3initialsetup1.0.0.8-2.inf)! Action taken: No Action Taken.
Sun Jun 05 01:15:55 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:57 2005 => System found infected with AltnetBDE Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
Sun Jun 05 01:15:57 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:57 2005 => System found infected with AltnetBDE Spyware/Adware (adm.exe)! Action taken: No Action Taken.
Sun Jun 05 01:15:57 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:16:01 2005 => System found infected with AltnetBDE Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
Sun Jun 05 01:16:01 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:16:58 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Sun Jun 05 01:16:58 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\vxiewer.ocx". Action Taken: No Action Taken.
[...]

Sun Jun 05 01:17:17 2005 => Entry "HKCR\CtxPopup.IEObject" refers to invalid object "{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}". Action Taken: No Action Taken.

Sun Jun 05 01:17:17 2005 => ***** Checking for specific ITW Viruses *****
Sun Jun 05 01:17:17 2005 => Checking for Welchia Virus...
Sun Jun 05 01:17:17 2005 => Checking for LovGate Virus...
Sun Jun 05 01:17:17 2005 => Checking for CodeRed Virus...
Sun Jun 05 01:17:17 2005 => Checking for OpaServ Virus...
Sun Jun 05 01:17:17 2005 => Checking for Sobig.e Virus...
Sun Jun 05 01:17:17 2005 => Checking for Winupie Virus...
Sun Jun 05 01:17:17 2005 => Checking for Swen Virus...
Sun Jun 05 01:17:17 2005 => Checking for JS.Fortnight Virus...
Sun Jun 05 01:17:17 2005 => Checking for Novarg Virus...
Sun Jun 05 01:17:17 2005 => Checking for Pagabot Virus...
Sun Jun 05 01:17:17 2005 => Checking for Parite.b Virus...
Sun Jun 05 01:17:17 2005 => Checking for Parite.a Virus...
Sun Jun 05 01:17:17 2005 => Checking for Adware.SeekSeek Virus...

Sun Jun 05 01:17:17 2005 => ***** Scanning complete. *****

Sun Jun 05 01:17:17 2005 => Total Objects Scanned: 7784
Sun Jun 05 01:17:17 2005 => Total Virus(es) Found: 43
Sun Jun 05 01:17:17 2005 => Total Disinfected Files: 0
Sun Jun 05 01:17:17 2005 => Total Files Renamed: 0
Sun Jun 05 01:17:17 2005 => Total Deleted Objects: 0
Sun Jun 05 01:17:17 2005 => Total Errors: 329
Sun Jun 05 01:17:17 2005 => Time Elapsed: 00:03:05
Sun Jun 05 01:17:17 2005 => Virus Database Date: 2005/06/04
Sun Jun 05 01:17:17 2005 => Virus Database Count: 133383

Sun Jun 05 01:17:17 2005 => Scan Completed.

cronos · 06.06.2005, 00:40

Falls das untergegangen sein sollte, gehe bitte wie von mir oben beschrieben vor.

jaltadi · 09.06.2005, 20:33

find.bat hast nie ausgefahren!

Trotzdem, nach ein schrecklickes kampf sind viren weg

Nur im _RESTORE sind sie noch gefunden

Vielen dank

jaltadi

adware sysupudt.exe TR/Dldr.Agent.FZ.1

Log-Analyse und Auswertung: adware sysupudt.exe TR/Dldr.Agent.FZ.1