Trojaner-Board - Kann keine Programme starten bzw. installieren

Seite 1 von 2

100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Kann keine Programme starten bzw. installieren (https://www.trojaner-board.de/11455-keine-programme-starten-bzw-installieren.html)

sana	31.12.2004 13:01

Kann keine Programme starten bzw. installieren

Hallo,
ich kann seit einigen Wochen einige Programme nicht mehr starten, wie z.B. CloneCD, Jaf, Photoshop usw. Es erscheint kurz die Sanduhr und das wars. Kann auch nicht alle Programme installieren.Installation beginnt normal mit einem Fenster, dann verschwindet alles und kann mit dem PC normal weiter arbeiten.Hab einen Virenscanner im abgesicherten Modus laufen lassen, der hat zwar ein paar Viren gefunden, aber bringt nix. Mein System: P4 3,0 Gh, Windows XP, seit 4 Monaten auf SP2 geupdatet.

Kann mal jemand nachschauen (Logs) oder liegt es am System selber?

Logs folgen,da nur 10000 Zeichen erlaubt sind :-(

sana	31.12.2004 13:03

So jetzt aber:

Logfile of HijackThis v1.99.0
Scan saved at 12:59:27, on 31.12.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\ircomm2k.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\-\Eigene Dateien\googletranslator\GoogleTranslator.exe
C:\Programme\Gemeinsame Dateien\RTE\RTEGPRS.exe
C:\WINDOWS\system32\l?gonui.exe
C:\Dokumente und Einstellungen\-\Anwendungsdaten\eesd.exe
C:\Programme\Digital Image\Monitor.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programme\Avant Browser\avant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Dokumente und Einstellungen\-\Eigene Dateien\hijackthis199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rcpie.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rcpie.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rcpie.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rcpie.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rcpie.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rcpie.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
R3 - URLSearchHook: (no name) - {4A13D406-32A4-0BD1-6255-6BB733AAB6ED} - dePloy.dll (file missing)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2156D47E-9E8A-44B0-91EA-74A4F514A5B4} - C:\WINDOWS\system32\pmndi.dll (file missing)
O2 - BHO: (no name) - {8F98C769-038E-5E2B-D93C-0FC5387847B2} - C:\WINDOWS\system32\khrz.dll
O2 - BHO: (no name) - {94BCEEFD-9F8A-4B41-AC55-0F73D58ADCA9} - C:\WINDOWS\system32\rcpie.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\system32\iecust.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\system32\systime.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TBPS] C:\Programme\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [SpyElim] dePloy.exe
O4 - HKLM\..\Run: [typeconf] panel_its.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [DNSCacheBoost] C:\WINDOWS\system32\dnsping.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [GoogleTranslator2] C:\Dokumente und Einstellungen\-\Eigene Dateien\googletranslator\GoogleTranslator.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Programme\Gemeinsame Dateien\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Chgfx] C:\WINDOWS\system32\l?gonui.exe
O4 - HKCU\..\Run: [Eabt] C:\Dokumente und Einstellungen\-\Anwendungsdaten\eesd.exe
O4 - HKCU\..\Run: [WareOut] "C:\Programme\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [backd] gabber.exe
O4 - HKCU\..\Run: [slamm] StatusCheck.exe
O4 - HKCU\..\Run: [typeconf] WinInitDll.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Image Monitor.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE

sana	31.12.2004 13:04

und der rest:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - C:\Programme\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Hervorheben - C:\Programme\Avant Browser\Highlight.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Suchen - C:\Programme\Avant Browser\Search.htm
O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - C:\Programme\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - C:\Programme\Avant Browser\OpenAllLinks.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Artikel überwachen - {711E941A-59B6-45E0-8F3B-3DA9738242D2} - C:\Programme\etope\global\vbs\sendtowatch.vbs
O9 - Extra 'Tools' menuitem: Artikel überwachen - {711E941A-59B6-45E0-8F3B-3DA9738242D2} - C:\Programme\etope\global\vbs\sendtowatch.vbs
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: etope Bietagent - {EAB73FC0-2028-42F2-B835-0E09FE5A3FED} - C:\Programme\etope\global\vbs\sendtobidder.vbs
O9 - Extra 'Tools' menuitem: Artikel in den etope Bietagent - {EAB73FC0-2028-42F2-B835-0E09FE5A3FED} - C:\Programme\etope\global\vbs\sendtobidder.vbs
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe
O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: (HKLM)
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {60261C06-81B0-4DE0-9313-E5BA203A64E9} - http://216.195.35.10/pdfmgr_s.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1104441495625
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents...1/imloader.cab
O16 - DPF: {FFA6CE4C-2199-4A4F-9542-12E0163D6841} - http://sessa.isprime.com:8080/tel2net/CABDialer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58AAFF21-F07C-443B-86DC-D477E3753618}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{7829653A-5A8C-4F60-A2C7-28DFED347280}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5B9549B-540A-4F99-9E37-0A3B678CFB4D}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8AB27F1-72B4-4285-A071-277176C89F62}: NameServer = 69.50.166.94 69.31.80.244
O18 - Filter: text/html - {620F5007-F5E8-4679-A0A3-A12F719AC18E} - C:\WINDOWS\system32\rcpie.dll
O18 - Filter: text/plain - {620F5007-F5E8-4679-A0A3-A12F719AC18E} - C:\WINDOWS\system32\rcpie.dll
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: EpsonBidirectionalService - Unknown - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: Virtueller Infrarot-Kommunikationsanschluß, Dienstprogramm - Jan Kiszka - C:\WINDOWS\system32\ircomm2k.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

sana	31.12.2004 13:05

ohhhje, ich ahne böses!

Cidre

31.12.2004 13:11

Das sieht in der Tat nicht besonders gut aus.

Führe folgendes aus:
Lade und scanne mit eScan AntiVirus im abgesicherten Modus wie beschrieben.
Poste anschliessend die Virus Log Information von eScan AntiVirus:
Öffne die mwav.log -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen.

sana	31.12.2004 13:14

Danke für die schnelle Antwort, ich probiere das mal jetzt.

sana	31.12.2004 16:13

So,nach knapp 3 Stunden endlich gepackt. Jetzt habe ich auf einmal ein weiteres Problem MS Office lässt sich nicht mehr starten, jedesmal kommt der Windows Installer und bleib dann hängen. Hier erst mal das LOG:
Fri Dec 31 13:20:23 2004 => File C:\WINDOWS\system32\es30Y.dll infected by "Trojan-Downloader.Win32.Small.acw" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:20:36 2004 => File C:\WINDOWS\system32\khrz.dll infected by "not-a-virus:AdWare.PurityScan.af" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:20:36 2004 => File C:\WINDOWS\system32\rcpie.dll infected by "Trojan.Win32.StartPage.fw" Virus. Action Taken: No Action Taken.

Fri Dec 31 13:20:36 2004 => File C:\WINDOWS\system32\msacmx.dll infected by "TrojanDownloader.Win32.Agent.av" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:20:39 2004 => File C:\WINDOWS\system32\dllhostxp.exe infected by "Trojan-Dropper.Win32.Agent.bu" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:20:39 2004 => File C:\WINDOWS\system32\clfmon.exe infected by "Trojan.Win32.Agent.r" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:20:41 2004 => File C:\DOKUME~1\-\ANWEND~1\eesd.exe infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.

Fri Dec 31 13:20:41 2004 => ERROR!!! Invalid Entry WareOut = "C:\Programme\WareOut\WareOut.exe". Removing it.
Fri Dec 31 13:20:41 2004 => ERROR!!! Invalid Entry slamm = StatusCheck.exe. Removing it.
Fri Dec 31 13:20:59 2004 => File C:\WINDOWS\loadnew.exe infected by "TrojanDownloader.Win32.Small.yx" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:20:59 2004 => File C:\WINDOWS\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:00 2004 => File C:\WINDOWS\Q14152781.exe infected by "Trojan-Downloader.JS.Small.ac" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:01 2004 => File C:\WINDOWS\Q15366000.exe infected by "Trojan-Downloader.JS.Small.ac" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:02 2004 => File C:\WINDOWS\toolbar.exe infected by "Trojan.Win32.LowZones.f" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:12 2004 => File C:\WINDOWS\system32\clfmon.exe infected by "Trojan.Win32.Agent.r" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:17 2004 => File C:\WINDOWS\system32\d3dxov.dll infected by "Trojan.Win32.Agent.r" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:21 2004 => File C:\WINDOWS\system32\dktibs.exe infected by "TrojanDownloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:21 2004 => File C:\WINDOWS\system32\dllhostxp.exe infected by "Trojan-Dropper.Win32.Agent.bu" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:27 2004 => File C:\WINDOWS\system32\erg4e.dll infected by "Trojan-Downloader.Win32.Small.acw" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:27 2004 => File C:\WINDOWS\system32\es30Y.dll infected by "Trojan-Downloader.Win32.Small.acw" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:33 2004 => File C:\WINDOWS\system32\hdr.dll infected by "HackTool.Win32.Hidd.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:36 2004 => File C:\WINDOWS\system32\iecust.dll infected by "Trojan.Win32.StartPage.sl" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:36 2004 => File C:\WINDOWS\system32\iecust.exe infected by "Trojan-Dropper.Win32.Small.ow" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:46 2004 => File C:\WINDOWS\system32\khrz.dll infected by "not-a-virus:AdWare.PurityScan.af" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:53 2004 => File C:\WINDOWS\system32\mqbckup.exe infected by "Trojan-Clicker.Win32.Small.cg" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:21:55 2004 => File C:\WINDOWS\system32\msacmx.dll infected by "TrojanDownloader.Win32.Agent.av" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:22:17 2004 => Total Disinfected Files: 0
Fri Dec 31 13:26:50 2004 => File C:\WINDOWS\system32\es30Y.dll infected by "Trojan-Downloader.Win32.Small.acw" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:03 2004 => File C:\WINDOWS\system32\khrz.dll infected by "not-a-virus:AdWare.PurityScan.af" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:03 2004 => File C:\WINDOWS\system32\rcpie.dll infected by "Trojan.Win32.StartPage.fw" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:03 2004 => File C:\WINDOWS\system32\msacmx.dll infected by "TrojanDownloader.Win32.Agent.av" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:06 2004 => File C:\WINDOWS\system32\dllhostxp.exe infected by "Trojan-Dropper.Win32.Agent.bu" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:06 2004 => File C:\WINDOWS\system32\clfmon.exe infected by "Trojan.Win32.Agent.r" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:08 2004 => File C:\DOKUME~1\-\ANWEND~1\eesd.exe infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:25 2004 => File C:\WINDOWS\loadclean.exe infected by "TrojanDownloader.Win32.Small.vn" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:25 2004 => File C:\WINDOWS\loadnew.exe infected by "TrojanDownloader.Win32.Small.yx" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:26 2004 => File C:\WINDOWS\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:27 2004 => File C:\WINDOWS\Q14152781.exe infected by "Trojan-Downloader.JS.Small.ac" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:27 2004 => File C:\WINDOWS\Q15366000.exe infected by "Trojan-Downloader.JS.Small.ac" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:28 2004 => File C:\WINDOWS\toolbar.exe infected by "Trojan.Win32.LowZones.f" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:38 2004 => File C:\WINDOWS\system32\clfmon.exe infected by "Trojan.Win32.Agent.r" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:43 2004 => File C:\WINDOWS\system32\d3dxov.dll infected by "Trojan.Win32.Agent.r" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:47 2004 => File C:\WINDOWS\system32\dktibs.exe infected by "TrojanDownloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:47 2004 => File C:\WINDOWS\system32\dllhostxp.exe infected by "Trojan-Dropper.Win32.Agent.bu" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:54 2004 => File C:\WINDOWS\system32\erg4e.dll infected by "Trojan-Downloader.Win32.Small.acw" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:54 2004 => File C:\WINDOWS\system32\es30Y.dll infected by "Trojan-Downloader.Win32.Small.acw" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:59 2004 => File C:\WINDOWS\system32\hdr.dll infected by "HackTool.Win32.Hidd.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:02 2004 => File C:\WINDOWS\system32\iecust.dll infected by "Trojan.Win32.StartPage.sl" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:02 2004 => File C:\WINDOWS\system32\iecust.exe infected by "Trojan-Dropper.Win32.Small.ow" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:13 2004 => File C:\WINDOWS\system32\khrz.dll infected by "not-a-virus:AdWare.PurityScan.af" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:20 2004 => File C:\WINDOWS\system32\mqbckup.exe infected by "Trojan-Clicker.Win32.Small.cg" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:21 2004 => File C:\WINDOWS\system32\msacmx.dll infected by "TrojanDownloader.Win32.Agent.av" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:48 2004 => File C:\WINDOWS\system32\pxhping.exe infected by "Trojan-Clicker.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:51 2004 => File C:\WINDOWS\system32\rcpie.dll infected by "Trojan.Win32.StartPage.fw" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:51 2004 => File C:\WINDOWS\system32\rdshost32.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:01 2004 => File C:\WINDOWS\system32\spview.exe infected by "Trojan-Dropper.Win32.Small.ol" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:15 2004 => File C:\WINDOWS\system32\winsrv32.dll infected by "Trojan.Win32.Agent.r" Virus. Action Taken: No Action Taken.

sana	31.12.2004 16:13

weiter:

Fri Dec 31 13:29:22 2004 => File C:\WINDOWS\system32\__sys.exe infected by "Worm.P2P.Apsiv" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:22 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\!update.exe infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:34 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\powerscan.exe infected by "not-a-virus:AdWare.PowerScan.b" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:41 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\THI13B4.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:42 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\webrebates.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~110900.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~207136.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~229344.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~259598.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~260266.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~279126.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~284464.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~286190.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~286422.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~437413.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~509096.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~532620.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~543352.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~612492.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~615479.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~627872.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~644747.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~674594.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~734124.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~74496.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~748844.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~77562.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~784323.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~787791.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~830195.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~85233.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~912856.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~915951.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~948384.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~959275.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:31:28 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\31TGS36F\!update-1372[1].0000 infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.Fri Dec 31 13:33:43 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\31TGS36F\send_car_int[1].htm infected by "Exploit.CodeBaseExec" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:13:48 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\GH2NKHE3\prompt[1].htm infected by "TrojanDownloader.JS.IstBar.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:04:09 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\EPBFSIOO\ABoxInst_int21[1].exe infected by "Trojan-Downloader.Win32.VB.ft" Virus. Action Taken: No Action Taken.

Fri Dec 31 14:06:59 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\EPBFSIOO\rdgDE10[1].exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:13:48 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\GH2NKHE3\prompt[1].htm infected by "TrojanDownloader.JS.IstBar.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:13:48 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\GH2NKHE3\prompt[2].htm infected by "TrojanDownloader.JS.IstBar.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:13:48 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\GH2NKHE3\prompt[3].htm infected by "TrojanDownloader.JS.IstBar.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:25:32 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\KN536A3D\prompt[1].htm infected by "TrojanDownloader.JS.IstBar.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:26:26 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\L4KVP5GL\CAJE0ZRH.htm infected by "TrojanDownoader.JS.FlingStone" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:26:32 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\L4KVP5GL\CAT8GNLL.htm infected by "TrojanDownoader.JS.FlingStone" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:31:41 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\MHTYBQPK\xtrayinst[1].exe infected by "Trojan.Win32.VB.jl" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:36:44 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\N3TZV14W\thnall1l[1].exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:55:34 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\XBUHRB1T\xtrayinst[1].exe infected by "Trojan.Win32.VB.jl" Virus. Action Taken: No Action Taken.

Fri Dec 31 14:55:39 2004 => ***** Scanning complete. *****

Fri Dec 31 14:55:39 2004 => Total Files Scanned: 106652
Fri Dec 31 14:55:39 2004 => Total Virus(es) Found: 79
Fri Dec 31 14:55:39 2004 => Total Disinfected Files: 0
Fri Dec 31 14:55:39 2004 => Total Files Renamed: 0
Fri Dec 31 14:55:39 2004 => Total Deleted Files: 0
Fri Dec 31 14:55:39 2004 => Total Errors: 6
Fri Dec 31 14:55:39 2004 => Time Elapsed: 01:28:54
Fri Dec 31 14:55:39 2004 => Virus Database Date: 2004/12/31
Fri Dec 31 14:55:39 2004 => Virus Database Count: 114341

Fri Dec 31 14:55:40 2004 => Scan Completed.

Cidre

31.12.2004 16:22

Nun solltest du mit Hilfe von Clearprog deine Temp Dateien (System +IE) leeren.

Den Rest bei folgenden Einstellungen[1] mit Hilfe von
Killbox löschen. Kopiere dazu den Pfad der Datei, füge ihn bei Killbox ein und lösche.

[1]:
Windows Explorer -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK"

sana	31.12.2004 16:27

Tja,da hab ich wohl pech gehabt. Das Tool lässt sich zwar installieren aber wenn ich es starten will,kommt wiedermal für kurze Zeit die Sanduhr und dann nichts mehr.Was nun?

sana	31.12.2004 16:28

Killbox kann ich aber normal starten

Cidre

31.12.2004 16:32

Führe die Installation von Clearprog im abgesicherten Modus mal aus. Eventuell hilft auch ein Umbenennen in eine *.com Datei.

Cidre

31.12.2004 16:46

Führe auch dies mal aus: http://beqiraj.com/windows/installer/index.asp

sana	31.12.2004 17:59

So, hab jetzt ein paar Dateien gelöscht. Mehrere Dateien konnte ich aber nicht löschen, da folgende Meldungen kamen: Datei exestiert nicht bzw. Datei kann nicht gelöscht werden.
Hier:
Fri Dec 31 13:20:23 2004 => File C:\WINDOWS\system32\es30Y.dll infected by "Trojan-Downloader.Win32.Small.acw" Virus. Action Taken: No Action Taken.

Fri Dec 31 13:21:12 2004 => File C:\WINDOWS\system32\clfmon.exe infected
Fri Dec 31 13:21:21 2004 => File C:\WINDOWS\system32\dllhostxp.exe infected by "Trojan-
Fri Dec 31 13:21:27 2004 => File C:\WINDOWS\system32\es30Y.dll infected by "Trojan-
Fri Dec 31 13:21:46 2004 => File C:\WINDOWS\system32\khrz.dll infected by "not-a-
Fri Dec 31 13:21:55 2004 => File C:\WINDOWS\system32\msacmx.dll infected by "TrojanDownloader.Win32.Agent.av" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:22:17 2004 => Total Disinfected Files: 0
Fri Dec 31 13:26:50 2004 => File C:\WINDOWS\system32\es30Y.dll infected by "Trojan-Downloader.Win32.Small.acw" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:03 2004 => File C:\WINDOWS\system32\khrz.dll infected by "not-a-virus:AdWare.PurityScan.af" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:03 2004 => File C:\WINDOWS\system32\rcpie.dll infected by "Trojan.Win32.StartPage.fw" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:03 2004 => File C:\WINDOWS\system32\msacmx.dll infected by "TrojanDownloader.Win32.Agent.av" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:06 2004 => File C:\WINDOWS\system32\dllhostxp.exe infected by "Trojan-Dropper.Win32.Agent.bu" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:06 2004 => File C:\WINDOWS\system32\clfmon.exe infected by "Trojan.Win32.Agent.r" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:08 2004 => File C:\DOKUME~1\-\ANWEND~1\eesd.exe infected by "not-a-
Fri Dec 31 13:27:25 2004 => File C:\WINDOWS\loadnew.exe infected by "TrojanDownloader.Win32.Small.yx" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:26 2004 => File C:\WINDOWS\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:27 2004 => File C:\WINDOWS\Q14152781.exe infected by "Trojan-Downloader.JS.Small.ac" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:27 2004 => File C:\WINDOWS\Q15366000.exe infected by "Trojan-Downloader.JS.Small.ac" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:28 2004 => File C:\WINDOWS\toolbar.exe infected by "Trojan.Win32.LowZones.f" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:38 2004 => File C:\WINDOWS\system32\clfmon.exe infected by "Trojan.Win32.Agent.r" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:43 2004 => File C:\WINDOWS\system32\d3dxov.dll infected by "Trojan.Win32.Agent.r" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:47 2004 => File C:\WINDOWS\system32\dktibs.exe infected by "TrojanDownloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:47 2004 => File C:\WINDOWS\system32\dllhostxp.exe infected by "Trojan-Dropper.Win32.Agent.bu" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:54 2004 => File C:\WINDOWS\system32\erg4e.dll infected by "Trojan-Downloader.Win32.Small.acw" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:54 2004 => File C:\WINDOWS\system32\es30Y.dll infected by "Trojan-Downloader.Win32.Small.acw" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:27:59 2004 => File C:\WINDOWS\system32\hdr.dll infected by "HackTool.Win32.Hidd.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:02 2004 => File C:\WINDOWS\system32\iecust.dll infected by "Trojan.Win32.StartPage.sl" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:02 2004 => File C:\WINDOWS\system32\iecust.exe infected by "Trojan-Dropper.Win32.Small.ow" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:13 2004 => File C:\WINDOWS\system32\khrz.dll infected by "not-a-virus:AdWare.PurityScan.af" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:20 2004 => File C:\WINDOWS\system32\mqbckup.exe infected by "Trojan-Clicker.Win32.Small.cg" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:21 2004 => File C:\WINDOWS\system32\msacmx.dll infected by "TrojanDownloader.Win32.Agent.av" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:48 2004 => File C:\WINDOWS\system32\pxhping.exe infected by "Trojan-Clicker.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:28:51 2004 => File C:\WINDOWS\system32\rcpie.dll infected
Fri Dec 31 13:29:22 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\!update.exe infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:34 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\powerscan.exe infected by "not-a-virus:AdWare.PowerScan.b" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:41 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\THI13B4.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:42 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\webrebates.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~110900.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~207136.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~229344.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~259598.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~260266.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~279126.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~284464.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~286190.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:45 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~286422.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~437413.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~509096.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~532620.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~543352.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.

sana	31.12.2004 18:00

Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~612492.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~615479.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~627872.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~644747.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~674594.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~734124.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:46 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~74496.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~748844.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~77562.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~784323.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~787791.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~830195.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~85233.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~912856.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~915951.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~948384.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:29:47 2004 => File C:\DOKUME~1\-\LOKALE~1\Temp\~959275.tmp infected by "not-a-virus:AdWare.Wintol.p" Virus. Action Taken: No Action Taken.
Fri Dec 31 13:31:28 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\31TGS36F\!update-1372[1].0000 infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.Fri Dec 31 13:33:43 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\31TGS36F\send_car_int[1].htm infected by "Exploit.CodeBaseExec" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:13:48 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\GH2NKHE3\prompt[1].htm infected by "TrojanDownloader.JS.IstBar.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:04:09 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\EPBFSIOO\ABoxInst_int21[1].exe infected by "Trojan-Downloader.Win32.VB.ft" Virus. Action Taken: No Action Taken.

Fri Dec 31 14:06:59 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\EPBFSIOO\rdgDE10[1].exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:13:48 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\GH2NKHE3\prompt[1].htm infected by "TrojanDownloader.JS.IstBar.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:13:48 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\GH2NKHE3\prompt[2].htm infected by "TrojanDownloader.JS.IstBar.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:13:48 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\GH2NKHE3\prompt[3].htm infected by "TrojanDownloader.JS.IstBar.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:25:32 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\KN536A3D\prompt[1].htm infected by "TrojanDownloader.JS.IstBar.a" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:26:26 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\L4KVP5GL\CAJE0ZRH.htm infected by "TrojanDownoader.JS.FlingStone" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:26:32 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\L4KVP5GL\CAT8GNLL.htm infected by "TrojanDownoader.JS.FlingStone" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:31:41 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\MHTYBQPK\xtrayinst[1].exe infected by "Trojan.Win32.VB.jl" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:36:44 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\N3TZV14W\thnall1l[1].exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
Fri Dec 31 14:55:34 2004 => File C:\DOKUME~1\-\LOKALE~1\TEMPOR~1\Content.IE5\XBUHRB1T\xtrayinst[1].exe infected by "Trojan.Win32.VB.jl" Virus. Action Taken: No Action Taken.
---------------
Kann es vielleicht sein, weil ich die Temp. gelöscht habe und somit die Dateien nicht mehr vorhanden sind?

Alle Zeitangaben in WEZ +1. Es ist jetzt 03:38 Uhr.

Seite 1 von 2

100 Beiträge dieses Themas auf einer Seite anzeigen

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19