Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Antiviren-, Firewall- und andere Schutzprogramme (https://www.trojaner-board.de/antiviren-firewall-andere-schutzprogramme/)
-   -   TR/Dldr.Rameh.F (https://www.trojaner-board.de/10242-tr-dldr-rameh-f.html)

samantha74 30.11.2004 09:34
TR/Dldr.Rameh.F
 
hallo leute,

antivir zeigte mir diesen virus an, jedoch konnte er ihn nicht löschen

meine frage: wie kann ich d. virus löschen

noch ne frage hätt ich, gibt es irgendeinen virus der meine dl-geschwindigkeit reduziert? denn ich darf mit 180 Kb/s laden, jedoch lade ich mit cirka 20 Kb/s

der dosschirm zeigt mir an das ich netbios sachen auf meinen pc habe 20 stück sogar, die eigentlich nicht drinnen sein sollten? könnt das ein trojaner sein?

gruss sam

Lidius 30.11.2004 10:34
Lade dir Hijackthis runter
http://www.trojaner-board.de/51130-a...ijackthis.html

und poste das log hier, dann schaun wir uns das mal an

samantha74 30.11.2004 13:15
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe
C:\Programme\ICQPlus\vplus.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\\Eigene Dateien\Eigene Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.at/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQNet.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe"
O4 - HKCU\..\RunOnce: [ICQ] C:\Programme\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094416359506
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab

Lidius 30.11.2004 19:52
Poste bitte das komplette Log, bei dir fehlt der Kopf

samantha74 30.11.2004 20:30
Logfile of HijackThis v1.98.2
Scan saved at 20:28:42, on 30.11.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe
C:\Programme\ICQPlus\vplus.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Bases\mwavscan.com
C:\Bases\kavss.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Ra-Script_V1.5\mirc.exe
C:\Dokumente und Einstellungen\\Eigene Dateien\Eigene Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.at/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe"
O4 - HKCU\..\RunOnce: [ICQ] C:\Programme\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094416359506

Tom59 01.12.2004 23:21
@Samantha74

starte deinen PC im abgesicherten Modus...

fixen und manuell löschen...

C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe

unbedingt fixen...

02 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll

O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe"

wenn du diesen Eintrag nicht kennst..fixen...

O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm


poste danach ein neues http://filepony.de/download-hijackthis/ ...

lg


Tom59

cronos 01.12.2004 23:31
Lösche auch noch den Inhalt folgenden Ordners:

C:\Programme\Web_Rebates

Und dann den Ordner selbst.

Tom59 02.12.2004 00:29
@samantha74

...bezüglich dessen...

noch ne frage hätt ich, gibt es irgendeinen virus der meine dl-geschwindigkeit reduziert? denn ich darf mit 180 Kb/s laden, jedoch lade ich mit cirka 20 Kb/s...

was lädst du, womit lädst du...???

dazu solltest eine PN an mich schicken...

lg


Tom59

samantha74 02.12.2004 11:12
Logfile of HijackThis v1.98.2
Scan saved at 11:10:58, on 02.12.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\ICQPlus\vplus.exe
C:\Programme\ICQ\ICQ.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Ra-Script_V1.5\mirc.exe
C:\Dokumente und Einstellungen\\Eigene Dateien\Eigene Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.at/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe"
O4 - HKCU\..\RunOnce: [ICQ] C:\Programme\ICQ\ICQ.exe -trayboot
O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094416359506
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.johannrain-softwareentwic...itdefender.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

so ich hoffe ich hab nix vergessen

gruss sam

*Christian* 02.12.2004 11:35
Schaut sauber aus.

samantha74 02.12.2004 11:47
na ich mal mach gerade noch einen escan und schicks heut

gruss sam

samantha74 02.12.2004 20:52
File C:\Programme\Ra-Script_V1.5\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File C:\Programme\Ra-Script_V1.5\dll's\OPCommander.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
File C:\Programme\Ra-Script_V1.5\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File C:\Programme\whInstall\Webhdll.dll tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\Programme\whInstall\whInstaller.exe tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP101\A0023247.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP101\A0023248.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP101\A0023261.DLL tagged as not-a-virus:AdWare.Perfnav.a. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP112\A0024171.exe tagged as not-a-virus:AdWare.PornWare.Dialer.AGBDial. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP149\A0032423.EXE tagged as not-a-virus:RiskWare.mIRC.5.9. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP151\A0032490.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP151\A0032498.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP151\A0032537.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP52\A0016715.EXE tagged as not-a-virus:AdWare.Toolbar.MyWay.b. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP52\A0016793.DLL tagged as not-a-virus:AdWare.ToolBar.MyWay.g. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP76\A0021403.dll tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP76\A0021412.dll tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP76\A0021413.exe tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP76\A0021415.EXE tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP78\A0021440.exe tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP85\A0021477.dll tagged as not-a-virus:AdWare.BrilliantDigital.1007. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021632.EXE tagged as not-a-virus:AdWare.Toolbar.MyWay.b. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021640.dll tagged as not-a-virus:AdWare.BrilliantDigital.1007. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021646.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021647.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021648.exe tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021652.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021655.dll tagged as not-a-virus:AdWare.Altnet.b. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP96\A0022038.exe tagged as not-a-virus:AdWare.PornWare.Dialer.AGBDial. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP99\A0022165.DLL tagged as not-a-virus:AdWare.ToolBar.MyWay.g. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\imloader.exe tagged as not-a-virus:RiskWare.Downloader.ImLoader.b. No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm.exe tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm25.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm4.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\admprog.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\mysearch.cab tagged as not-a-virus:AdWare.ToolBar.MyWay.g. No Action Taken.
File C:\WINDOWS\Temp\Altnet\pmfiles.cab tagged as not-a-virus:AdWare.BrilliantDigital.1007. No Action Taken.
File C:\WINDOWS\Temp\Altnet\Setup.exe tagged as not-a-virus:AdWare.Altnet.b. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP114\A0025283.exe tagged as not-a-virus:RiskWare.Downloader.ImLoader.b. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP114\A0025287.exe tagged as not-a-virus:AdWare.PornWare.Dialer.AGBDial. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP97\A0022056.exe tagged as not-a-virus:AdWare.PornWare.Dialer.AGBDial. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP97\A0022057.exe tagged as not-a-virus:AdWare.PornWare.Dialer.AGBDial. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP97\A0022062.exe tagged as not-a-virus:AdWare.Trymedia.a. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP99\A0022158.exe tagged as not-a-virus:AdWare.PornWare.Dialer.AGBDial. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP99\A0022161.exe tagged as not-a-virus:AdWare.Trymedia.a. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\imloader.exe tagged as not-a-virus:RiskWare.Downloader.ImLoader.b. No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm.exe tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm25.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm4.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\admprog.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\mysearch.cab tagged as not-a-virus:AdWare.ToolBar.MyWay.g. No Action Taken.
File C:\WINDOWS\Temp\Altnet\pmfiles.cab tagged as not-a-virus:AdWare.BrilliantDigital.1007. No Action Taken.
File C:\WINDOWS\Temp\Altnet\Setup.exe tagged as not-a-virus:AdWare.Altnet.b. No Action Taken.

cronos 03.12.2004 00:10
Deaktivier die Systemwiederherstellung (Arbeitsplatz, dann rechtsklick -Eigenschaften-Reiter Systemwiederherstellung-Häkchen bei Systemwiederherstellung deaktivieren setzen.
Nach dem Neustart Systemwiederherstellung aktivieren.
Das sollte alle Einträge in diesem Ordner löschen.
Lade dir vor dem Neustart clearprog auf www.clearprog.de Hiermit werden alle temporären Internet Dateien gelöscht.
Lösche folgende Dateien manuell:
C:\Programme\whInstall\Webhdll.dll
C:\Programme\whInstall\whInstaller.exe


Nach Neustart und aktivieren der Systemwiederherstellung sollte es sauber sein


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131