|
Log-Analyse und Auswertung: Kann da mal jemand drüberschauen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.12.2005, 19:43 | #1 |
| Kann da mal jemand drüberschauen? Hallo! Hatte mir vor kurzem einen Trojaner (Spyaxe) gefangen. Denke, er spukt immer noch in meinem System rum, zumindest findet Antivir immer mal wieder direkt nach dem Systemstart Trojaner, kann sie dann aber nicht löschen. Hier mein Logfile: Logfile of HijackThis v1.99.1 Scan saved at 19:16:30, on 19.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRAMME\ANTIVIR\AVGUARD.EXE C:\Programme\Antivir\AVWUPSRV.EXE C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\Wbutton.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\Programme\ICQ\ICQLite\ICQLite.exe C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Antivir\AVGNT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programme\Logitech\SetPoint\kem.exe C:\Programme\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Programme\Mozilla Firefox\firefox.exe D:\Tools\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQ\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\Antivir\AVGNT.EXE" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Programme\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [SuperAdBlocker] C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQ\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra button: MedionShop - {09E5F659-139F-4022-9097-02E25F93F02A} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092733492931 O17 - HKLM\System\CCS\Services\Tcpip\..\{989ABA06-5251-4AAA-8918-8ECE0054C743}: NameServer = 192.168.122.252,192.168.122.253 O20 - Winlogon Notify: SABWinLogon - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\ANTIVIR\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Antivir\AVWUPSRV.EXE O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Vielen Dank! |
19.12.2005, 19:46 | #2 |
Kann da mal jemand drüberschauen? Wo wird der denn gefunden wenn ich fragen darf?
__________________Fixe dann noch diese Einträge: O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra button: MedionShop - {09E5F659-139F-4022-9097-02E25F93F02A} - http://www.medionshop.de/ (file missing) (HKCU) |
20.12.2005, 00:14 | #3 | |
| Kann da mal jemand drüberschauen? Hallo Planer,
__________________Zitat:
dartus
__________________ |
20.12.2005, 11:44 | #4 |
| Kann da mal jemand drüberschauen? Es handelt sich um das Trojanische Pferd TR/Dldr.Zlob.BZ.2 Es sind immer wieder neue Dateinamen, aber immer im gleichen Verzeichnis: z.B.: C:\WINDOWS\SYSTEM32\LDECCE.TMP C:\WINDOWS\SYSTEM32\LD3D0E.TMP C:\WINDOWS\SYSTEM32\LDF53.TMP Hilft das weiter? |
20.12.2005, 13:15 | #5 |
| Kann da mal jemand drüberschauen?
__________________ Kein Support per PN |
20.12.2005, 18:26 | #6 |
| Kann da mal jemand drüberschauen? Hallo! Erst einmal danke für eure Mühen! Habe die Anweisungen abgearbeitet und stelle jetzt mal die aktuellen Logfiles ein, in der Hoffung, dass mein Rechner jetzt sauber ist: Highjack-this: Logfile of HijackThis v1.99.1 Scan saved at 17:59:28, on 20.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRAMME\ANTIVIR\AVGUARD.EXE C:\Programme\Antivir\AVWUPSRV.EXE C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\PROGRA~1\eScan\TRAYSSER.EXE C:\PROGRA~1\eScan\avpm.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\Wbutton.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\ICQ\ICQLite\ICQLite.exe C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Antivir\AVGNT.EXE C:\PROGRA~1\eScan\TRAYICOS.EXE C:\PROGRA~1\eScan\AVPMWrap.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\eScan\MAILDISP.EXE C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\eScan\SPOOLER.EXE C:\PROGRA~1\eScan\MAILSCAN.EXE C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programme\Logitech\SetPoint\kem.exe C:\PROGRA~1\eScan\kavss.exe C:\Programme\Logitech\SetPoint\KHALMNPR.EXE C:\PROGRA~1\eScan\AvpM.exe C:\WINDOWS\system32\wuauclt.exe D:\Tools\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQ\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\Antivir\AVGNT.EXE" /min O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Programme\eScan\LAUNCH.EXE" O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Programme\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQ\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092733492931 O17 - HKLM\System\CCS\Services\Tcpip\..\{989ABA06-5251-4AAA-8918-8ECE0054C743}: NameServer = 192.168.122.252,192.168.122.253 O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\ANTIVIR\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Antivir\AVWUPSRV.EXE O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: eScan Server-Updater (eScan-trayicos) - MWTI2 - C:\PROGRA~1\eScan\TRAYSSER.EXE O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Smitfiles: smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! spyaxe uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ Antivirus Test Online.url ~~~ system32 folder ~~~ 1024 dir msvol.tlb ld****.tmp mssearchnet.exe ncompat.tlb nvctrl.exe mscornet.exe hp***.tmp logfiles ~~~ Icons in System32 ~~~ ts.ico ot.ico ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 704 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! Ad-Aware Logfile folgt... |
20.12.2005, 18:27 | #7 |
| Kann da mal jemand drüberschauen? Logfile Ad-aware: Ad-Aware SE Build 1.06r1 Logfile Created onienstag, 20. Dezember 2005 16:02:30 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R82 19.12.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Malware.SpyAxe(TAC index:4):16 total references MRU List(TAC index:0):36 total references Tracking Cookie(TAC index:3):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 20.12.2005 16:02:30 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 128 ThreadCreationTime : 20.12.2005 14:56:24 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 172 ThreadCreationTime : 20.12.2005 14:56:40 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 196 ThreadCreationTime : 20.12.2005 14:56:41 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 240 ThreadCreationTime : 20.12.2005 14:56:46 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 252 ThreadCreationTime : 20.12.2005 14:56:47 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 400 ThreadCreationTime : 20.12.2005 14:56:51 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 464 ThreadCreationTime : 20.12.2005 14:56:52 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 528 ThreadCreationTime : 20.12.2005 14:56:56 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1520 ThreadCreationTime : 20.12.2005 15:00:37 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:10 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1664 ThreadCreationTime : 20.12.2005 15:01:30 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Eine DLL-Datei als Anwendung ausführen InternalName : rundll LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : RUNDLL.EXE #:11 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1708 ThreadCreationTime : 20.12.2005 15:02:05 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0f68a8aa-a9a8-4711-be36-ae363efa6443} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{28420952-c82b-47d9-a042-fa2217d8a082} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3c099c83-8587-4b35-8af0-fc3a169ce14f} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3fe13f31-e890-4c37-8213-4b5f9a511c26} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4cad27dc-1b60-42f4-820e-316fe0a13512} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{54874d12-c0c6-44cc-83fb-2c35202f881b} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{54a3200b-d76e-48d1-b35c-d87eaf6d90bd} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{663dfe59-032c-46fb-a09a-ffc2dc074f54} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{69ce4fbc-4861-4206-8211-dd5a9ee79ad3} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{afa9056f-aa11-4771-ae01-04ecfde18206} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b8f2487f-aa6a-4914-9a3f-db84e6868d66} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{e4645720-e02f-4bb2-8e6d-be7653dd1bf2} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{fa46b160-c9dd-4040-b9d9-ccf5d3db5438} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{fc1f0c2c-8117-427d-816c-215b68524f74} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{fd1eee96-8dc7-478d-be3b-7d06ac67fb66} Malware.SpyAxe Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{fd8e5ed7-0091-416f-a55b-1d072d58a24f} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 16 Objects found so far: 16 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 16 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : xxx@tradedoubler[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:xxx@tradedoubler.com/ Expires : 15.12.2025 11:37:20 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : xxx@2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:16 Value : Cookie:xxx@2o7.net/ Expires : 19.12.2010 15:08:24 LastSync : Hits:16 UseCount : 0 Hits : 16 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 18 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 18 Disk Scan Result for C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 18 Disk Scan Result for C:\DOKUME~1\xxx~1\LOKALE~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 18 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 18 MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\xxx\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\adobe\adobe acrobat\6.0\avgeneral\crecentfiles Description : list of recently used files in adobe acrobat MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\google\navclient\1.1\history Description : list of recently used search terms in the google toolbar MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\player\settings Description : last save as directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\preferences Description : last search path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\ntbackup\log files Description : list of recent logfiles in microsoft backup MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\office\11.0\common\general Description : list of recently used symbols in microsoft office MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\office\11.0\powerpoint\recent file list Description : list of recent files used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\office\11.0\powerpoint\recent typeface list Description : list of recently used typefaces in microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\office\11.0\powerpoint\recentfolderlist Description : list of recent folders used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\office\11.0\publisher\recent file list Description : list of recent files used by microsoft publisher MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows media\wmsdk\general Description : windows media sdk Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 54 16:04:49 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:02:18.860 Objects scanned:67515 Objects identified:18 Objects ignored:0 New critical objects:18 Last but not least: E-scan (nur infected files) Tue Dec 20 16:14:30 2005 => ***** Scanning Registry and File system for Adware/Spyware ***** Tue Dec 20 16:14:30 2005 => Loading Spyware Signatures from new External Database (Size: 144468). Tue Dec 20 16:14:33 2005 => Offending Folder found: C:\WINDOWS\content.ie5 Tue Dec 20 16:14:33 2005 => Object "IncrediFind Browser Hijacker" found in File System! Action Taken: Keine Aktion vorgenommen. Tue Dec 20 16:14:41 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: Keine Aktion vorgenommen. Hoffe, ich hab alles richtig gemacht. Wäre super, wenn nochmal ein kleiner Feedback kommen würde! Gruß, Planer |
Themen zu Kann da mal jemand drüberschauen? |
adobe, antivir, bho, computer, dateien, excel, explorer, firefox, hijack, hijackthis, home, icq, internet, internet explorer, launch, logfile, messenger, microsoft, mozilla, mozilla firefox, pdf, programme, software, system, trojaner, windows, windows xp |