Trojaner-Board - TR/Dldr.Rameh.F

Trojaner-Board (https://www.trojaner-board.de/)

- Antiviren-, Firewall- und andere Schutzprogramme (https://www.trojaner-board.de/antiviren-firewall-andere-schutzprogramme/)

- - TR/Dldr.Rameh.F (https://www.trojaner-board.de/10242-tr-dldr-rameh-f.html)

hallo leute,

antivir zeigte mir diesen virus an, jedoch konnte er ihn nicht löschen

meine frage: wie kann ich d. virus löschen

noch ne frage hätt ich, gibt es irgendeinen virus der meine dl-geschwindigkeit reduziert? denn ich darf mit 180 Kb/s laden, jedoch lade ich mit cirka 20 Kb/s

der dosschirm zeigt mir an das ich netbios sachen auf meinen pc habe 20 stück sogar, die eigentlich nicht drinnen sein sollten? könnt das ein trojaner sein?

gruss sam

Lade dir Hijackthis runter
http://www.trojaner-board.de/51130-a...ijackthis.html

und poste das log hier, dann schaun wir uns das mal an

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe
C:\Programme\ICQPlus\vplus.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\\Eigene Dateien\Eigene Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.at/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQNet.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe"
O4 - HKCU\..\RunOnce: [ICQ] C:\Programme\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094416359506
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab

Poste bitte das komplette Log, bei dir fehlt der Kopf

Logfile of HijackThis v1.98.2
Scan saved at 20:28:42, on 30.11.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe
C:\Programme\ICQPlus\vplus.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Bases\mwavscan.com
C:\Bases\kavss.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Ra-Script_V1.5\mirc.exe
C:\Dokumente und Einstellungen\\Eigene Dateien\Eigene Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.at/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe"
O4 - HKCU\..\RunOnce: [ICQ] C:\Programme\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094416359506

@Samantha74

starte deinen PC im abgesicherten Modus...

fixen und manuell löschen...

C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe

unbedingt fixen...

02 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll

O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe"

wenn du diesen Eintrag nicht kennst..fixen...

O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

poste danach ein neues http://filepony.de/download-hijackthis/ ...

lg

Tom59

Lösche auch noch den Inhalt folgenden Ordners:

C:\Programme\Web_Rebates

Und dann den Ordner selbst.

@samantha74

...bezüglich dessen...

noch ne frage hätt ich, gibt es irgendeinen virus der meine dl-geschwindigkeit reduziert? denn ich darf mit 180 Kb/s laden, jedoch lade ich mit cirka 20 Kb/s...

was lädst du, womit lädst du...???

dazu solltest eine PN an mich schicken...

lg

Tom59

Logfile of HijackThis v1.98.2
Scan saved at 11:10:58, on 02.12.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\ICQPlus\vplus.exe
C:\Programme\ICQ\ICQ.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Ra-Script_V1.5\mirc.exe
C:\Dokumente und Einstellungen\\Eigene Dateien\Eigene Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.at/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe"
O4 - HKCU\..\RunOnce: [ICQ] C:\Programme\ICQ\ICQ.exe -trayboot
O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094416359506
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.johannrain-softwareentwic...itdefender.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

so ich hoffe ich hab nix vergessen

gruss sam

na ich mal mach gerade noch einen escan und schicks heut

gruss sam

File C:\Programme\Ra-Script_V1.5\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File C:\Programme\Ra-Script_V1.5\dll's\OPCommander.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
File C:\Programme\Ra-Script_V1.5\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File C:\Programme\whInstall\Webhdll.dll tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\Programme\whInstall\whInstaller.exe tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP101\A0023247.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP101\A0023248.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP101\A0023261.DLL tagged as not-a-virus:AdWare.Perfnav.a. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP112\A0024171.exe tagged as not-a-virus:AdWare.PornWare.Dialer.AGBDial. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP149\A0032423.EXE tagged as not-a-virus:RiskWare.mIRC.5.9. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP151\A0032490.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP151\A0032498.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP151\A0032537.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP52\A0016715.EXE tagged as not-a-virus:AdWare.Toolbar.MyWay.b. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP52\A0016793.DLL tagged as not-a-virus:AdWare.ToolBar.MyWay.g. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP76\A0021403.dll tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP76\A0021412.dll tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP76\A0021413.exe tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP76\A0021415.EXE tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP78\A0021440.exe tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP85\A0021477.dll tagged as not-a-virus:AdWare.BrilliantDigital.1007. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021632.EXE tagged as not-a-virus:AdWare.Toolbar.MyWay.b. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021640.dll tagged as not-a-virus:AdWare.BrilliantDigital.1007. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021646.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021647.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021648.exe tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021652.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP90\A0021655.dll tagged as not-a-virus:AdWare.Altnet.b. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP96\A0022038.exe tagged as not-a-virus:AdWare.PornWare.Dialer.AGBDial. No Action Taken.
File C:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP99\A0022165.DLL tagged as not-a-virus:AdWare.ToolBar.MyWay.g. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\imloader.exe tagged as not-a-virus:RiskWare.Downloader.ImLoader.b. No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm.exe tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm25.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm4.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\admprog.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\mysearch.cab tagged as not-a-virus:AdWare.ToolBar.MyWay.g. No Action Taken.
File C:\WINDOWS\Temp\Altnet\pmfiles.cab tagged as not-a-virus:AdWare.BrilliantDigital.1007. No Action Taken.
File C:\WINDOWS\Temp\Altnet\Setup.exe tagged as not-a-virus:AdWare.Altnet.b. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP114\A0025283.exe tagged as not-a-virus:RiskWare.Downloader.ImLoader.b. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP114\A0025287.exe tagged as not-a-virus:AdWare.PornWare.Dialer.AGBDial. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP97\A0022056.exe tagged as not-a-virus:AdWare.PornWare.Dialer.AGBDial. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP97\A0022057.exe tagged as not-a-virus:AdWare.PornWare.Dialer.AGBDial. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP97\A0022062.exe tagged as not-a-virus:AdWare.Trymedia.a. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP99\A0022158.exe tagged as not-a-virus:AdWare.PornWare.Dialer.AGBDial. No Action Taken.
File D:\System Volume Information\_restore{C35DED3D-863D-42A6-A5D2-6D52AEFF4D85}\RP99\A0022161.exe tagged as not-a-virus:AdWare.Trymedia.a. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\imloader.exe tagged as not-a-virus:RiskWare.Downloader.ImLoader.b. No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm.exe tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm25.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm4.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\admprog.dll tagged as not-a-virus:AdWare.Altnet.a. No Action Taken.
File C:\WINDOWS\Temp\Altnet\mysearch.cab tagged as not-a-virus:AdWare.ToolBar.MyWay.g. No Action Taken.
File C:\WINDOWS\Temp\Altnet\pmfiles.cab tagged as not-a-virus:AdWare.BrilliantDigital.1007. No Action Taken.
File C:\WINDOWS\Temp\Altnet\Setup.exe tagged as not-a-virus:AdWare.Altnet.b. No Action Taken.

Deaktivier die Systemwiederherstellung (Arbeitsplatz, dann rechtsklick -Eigenschaften-Reiter Systemwiederherstellung-Häkchen bei Systemwiederherstellung deaktivieren setzen.
Nach dem Neustart Systemwiederherstellung aktivieren.
Das sollte alle Einträge in diesem Ordner löschen.
Lade dir vor dem Neustart clearprog auf www.clearprog.de Hiermit werden alle temporären Internet Dateien gelöscht.
Lösche folgende Dateien manuell:
C:\Programme\whInstall\Webhdll.dll
C:\Programme\whInstall\whInstaller.exe

Nach Neustart und aktivieren der Systemwiederherstellung sollte es sauber sein