|
hiiilfe !!! welche von den logs kann ich löschen und welche lieber nicht :dummguck: Logfile of HijackThis v1.99.1 Scan saved at 16:56:11, on 29.03.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\cFos\cFosDNT.exe C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Programme\Ahead\InCD\InCD.exe C:\WINDOWS\System32\rundll32.exe C:\Programme\Trend Micro\PC-cillin 9\pccguide.exe C:\Programme\Trend Micro\PC-cillin 9\PCCClient.exe C:\Programme\Trend Micro\PC-cillin 9\Pop3trap.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Microsoft Inte lliPoint\point32.exe C:\Programme\Java\jre1.5.0_01\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\D-Tools\daemon.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\devldr32.exe C:\Programme\Trend Micro\PC-cillin 9\WebTrap.EXE C:\Programme\Trend Micro\PC-cillin 9\Tmntsrv.exe C:\Programme\Trend Micro\PC-cillin 9\PCCPFW.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Internet Explorer\iexplore.exe D:\Programme\AVPersonal\AVWUPSRV.EXE D:\Programme\AVPersonal\AVGUARD.EXE D:\Programme\AVPersonal\AVGNT.EXE C:\Programme\TerraTec\CinergyTV\TerraTV App.exe C:\Dokumente und Einstellungen\Söldner\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.redfaction.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {739BF398-C6D8-407F-8EB8-A11DE71AF856} - C:\WINDOWS\System32\ccnf.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [cFosDNT] C:\Programme\cFos\cFosDNT.exe O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [PopUpInspector] C:\Programme\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe O4 - HKLM\..\Run: [sp] rundll32 C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\se.dll,DllInstall O4 - HKLM\..\Run: [pccguide.exe] "C:\Programme\Trend Micro\PC-cillin 9\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programme\Trend Micro\PC-cillin 9\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programme\Trend Micro\PC-cillin 9\Pop3trap.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVGCtrl] "D:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] D:\Games\HL²\\Steam.exe -silent O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O17 - HKLM\System\CCS\Services\Tcpip\..\{C89CFDF4-42FF-4223-BCC8-B673D03F5BF3}: NameServer = 195.50.140.250 145.253.2.11 O18 - Filter: text/html - {81460153-3353-4925-A79C-F3CD2971BCC0} - C:\WINDOWS\System32\ccnf.dll O18 - Filter: text/plain - {81460153-3353-4925-A79C-F3CD2971BCC0} - C:\WINDOWS\System32\ccnf.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 9\PCCPFW.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 9\Tmntsrv.exe |
die programmbezogenen files wie inncd powerdvd .... kan ich warscheinlich löschen oder ? bitte helft mier leute ich plage mich mit dem ding schon 3 monate rum :mad: TR/Startpage.qr.DLL ....gefunden mit antivir |
@CaYL Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) system und IE updaten, du hast ja marke scheunentor... danach http://www.trojaner-info.de/anleitun...out_blank.html dank an Seeker und Lutz :daumenhoc poste danach ein neues HJT logfile chaosman |
mist ... also IE update wer kein problem aber SP2 geht nicht ich benutz firefox.... krieg ich das progb weg wen ich IE deinstaliere ? |
@ update per IE IE-> Extras->Windows update krieg ich das progb weg wen ich IE deinstaliere ? nein, dann kannst du weder IE noch windows mehr updaten chaosman |
ok big THX soweit ich probiers |
hm jaa...auf den ersten blick wurden die R1 files fast alle entfernt... w/e IE öeffnet jedenfals keine pages und wenns so bleibt reichts mier auch also :party: :daumenhoc Logfile of HijackThis v1.99.1 Scan saved at 18:56:10, on 29.03.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\cFos\cFosDNT.exe C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe D:\Programme\PopUpInspector\PopUpInspector.exe C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Programme\Ahead\InCD\InCD.exe C:\Programme\Trend Micro\PC-cillin 9\pccguide.exe C:\Programme\Trend Micro\PC-cillin 9\PCCClient.exe C:\Programme\Trend Micro\PC-cillin 9\Pop3trap.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\Programme\Java\jre1.5.0_01\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\D-Tools\daemon.exe D:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\devldr32.exe C:\Programme\Trend Micro\PC-cillin 9\WebTrap.EXE C:\Programme\TerraTec\CinergyTV\TerraTV App.exe D:\Programme\AVPersonal\AVGUARD.EXE D:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Trend Micro\PC-cillin 9\Tmntsrv.exe C:\Programme\Trend Micro\PC-cillin 9\PCCPFW.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Söldner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.redfaction.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [cFosDNT] C:\Programme\cFos\cFosDNT.exe O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe O4 - HKLM\..\Run: [PopUpInspector.exe] "D:\Programme\PopUpInspector\PopUpInspector.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Programme\Trend Micro\PC-cillin 9\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programme\Trend Micro\PC-cillin 9\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programme\Trend Micro\PC-cillin 9\Pop3trap.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVGCtrl] "D:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [sp] rundll32 C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\se.dll,DllInstall O4 - HKLM\..\Run: [PopUpInspector] D:\Programme\PopUpInspector\PopUpInspector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] D:\Games\HL²\\Steam.exe -silent O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Allow popups from this web page - D:\Programme\PopUpInspector\allowsite.htm O8 - Extra context menu item: Stop popups from this web page - D:\Programme\PopUpInspector\denysite.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra button: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - D:\Programme\PopUpInspector\PopUpInspector.exe (HKCU) O9 - Extra 'Tools' menuitem: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - D:\Programme\PopUpInspector\PopUpInspector.exe (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{C89CFDF4-42FF-4223-BCC8-B673D03F5BF3}: NameServer = 195.50.140.250 145.253.2.11 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 9\PCCPFW.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 9\Tmntsrv.exe |
Dein System ist immer noch nicht up to date: Lade dir hier das Service Pack 2: http://www.microsoft.com/downloads/d...DisplayLang=de Danach mithilfe des IE www.winowsupdate.com besuchen. Danach neuen Log posten |
habe wieder das gleiche problem diesmal aber mit TR/startPage.nk.7 und ich kriege es nicht mit dem hijakfix weg.... Logfile of HijackThis v1.99.1 Scan saved at 12:55:17, on 13.04.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe C:\Programme\Java\jre1.5.0_01\bin\jusched.exe C:\Programme\D-Tools\daemon.exe C:\Programme\cFos\cFosDNT.exe C:\WINDOWS\sixtypopsix.exe C:\Programme\Common files\updater\wupdater.exe C:\windows\system32\fpzhdtmx.exe C:\WINDOWS\system32\devldr32.exe C:\windows\system32\calc.exe C:\WINDOWS\system32\picsvr\picsvr.exe C:\WINDOWS\system32\nsvsvc\nsvsvc.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\ntvdm.exe D:\Programme\Popup Ad Filter\PopFilter.exe D:\Programme\PopUpInspector\PopUpInspector.exe C:\Programme\TerraTec\CinergyTV\TerraTV App.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe D:\Games\a Need for Speed Underground 2\speed2.exe C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\~e5.0001 C:\Dokumente und Einstellungen\Söldner\Desktop\SpSeHjfix112.exe C:\Dokumente und Einstellungen\Söldner\Desktop\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - (no file) O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - C:\WINDOWS\system32\srchbar.dll O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe O4 - HKLM\..\Run: [PopUpInspector.exe] "D:\Programme\PopupInspector\PopUpInspector.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [cFosDNT] C:\Programme\cFos\cFosDNT.exe O4 - HKLM\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitelin32.exe O4 - HKLM\..\Run: [updater] C:\Programme\Common files\updater\wupdater.exe O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe O4 - HKLM\..\Run: [fpzhdtmx] c:\windows\system32\fpzhdtmx.exe O4 - HKLM\..\Run: [firlnin] C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YNQCFUAD\delf061225[1].exe O4 - HKLM\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PopUpInspector] D:\Programme\PopUpInspector\PopUpInspector.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "d:\games\hl²\steam.exe" -silent O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run O4 - HKCU\..\Run: [Clock] C:\WINDOWS\mshepl.exe O4 - HKCU\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run O4 - HKCU\..\Run: [Popup Ad Filter] D:\Programme\Popup Ad Filter\PopFilter.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Allow popups from this web page - D:\Programme\PopUpInspector\allowsite.htm O8 - Extra context menu item: Stop popups from this web page - D:\Programme\PopUpInspector\denysite.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - D:\Programme\PopUpInspector\PopUpInspector.exe (HKCU) O9 - Extra 'Tools' menuitem: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - D:\Programme\PopUpInspector\PopUpInspector.exe (HKCU) O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O17 - HKLM\System\CCS\Services\Tcpip\..\{C89CFDF4-42FF-4223-BCC8-B673D03F5BF3}: NameServer = 195.50.140.250 145.253.2.11 |
Hallo CaYL, Du hast Dir in den paar Tagen einiges eingefangen. Leere vor dem Scan alle "Temp"-Ordner und deaktiviere die Systemwiederherstellung vor dem Wechsel in den abgesicherten Modus Führe dann bitte dies mal aus: 1. Downloade Dir escan und befolge genau diese Anleitung (Ordner „C:{base“ erstellen, die „mwav.exe“ dorthin entpacken, mit „kavupd.exe“ updaten. Scan IM ABGESICHERTEN MODUS dauert etwa eine Stunde), http://www.systemwiederherstellung-d...indows-xp.html 2. starte nach dem Scan wieder in den normalen Modus dauert, 3. öffne die Datei "mwav.log", klicke auf "bearbeiten" danach auf "suchen" 4. gebe dann "infected" ein, 5. suche weiter bei Treffern, markiere diese und kopiere sie ins Forum, 6. neben den Treffern auch das Gesamtergebnis (befindet sich ganz unter im Logfile) posten. Beispiel: Wed Feb 02 19:48:56 2005 => Total Files Scanned: Wed Feb 02 19:48:56 2005 => Total Virus(es) Found: . . . . dartus |
so .. hab ich gemacht und dass ist dabei herausgekommen C:\WINDOWS\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken. C:\Programme\WAFFLEz\mlg1.exe infected by "IM-Worm.Win32.Kelvir.k" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\srchbar.dll infected by "not-a-virus:AdWare.ToolBar.VB.f" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\YNQCFUAD\DELF06~1.EXE infected by "not-a-virus:AdWare.EZula.ah" Virus. Action Taken: No Action Taken.File C:\WINDOWS\system32\nsvsvc\nsvsvc.exe infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken. C:\WINDOWS\systemC:\WINDOWS\system32\msnmessag.exe infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: No Action Taken. C:\Programme\ISTsvc\istsvc.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken. C:\PROGRA~1\POWERS~1\POWERS~1.EXE infected by "not-a-virus:AdWare.PowerScan.d" Virus. Action Taken: No Action Taken. File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken System found infected with eZula Spyware/Adware ({41700749-a109-4254-af13-be54011e8783})! Action taken: No Action Taken. File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with eZula Spyware/Adware ({2bb15d36-43be-4743-a3a0-3308f4b1a610})! Action taken: No Action Taken. System found infected with ElitebarBHO Spyware/Adware ({825cf5bd-8862-4430-b771-0c15c5ca8def})! Action taken: No Action Taken. File System Found infected by "ElitebarBHO Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with ElitebarBHO Spyware/Adware ({28caeff3-0f18-4036-b504-51d73bd81abc})! Action taken: No Action Taken. File System Found infected by "ElitebarBHO Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with eUniverse Spyware/Adware ({5D60FF48-95BE-4956-B4C6-6BB168A70310})! Action taken: No Action Taken. File System Found infected by "eUniverse Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with BetterInternet Spyware/Adware ({94984402-B480-45C7-AD2D-84E5EB52CFCD})! Action taken: No Action Taken. File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with BetterInternet Spyware/Adware ({09049E4F-8D9E-4C8A-A952-5BAF1A115C59})! Action taken: No Action Taken. File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken. infected with istsvc Spyware/Adware! Action taken: No Action Taken. File System Found infected by "istsvc Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with powerscan Spyware/Adware! Action taken: No Action Taken. File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with power scan Spyware/Adware! Action taken: No Action Taken. File System Found infected by "power scan Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with istbar Spyware/Adware! Action taken: No Action Taken. File System Found infected by "istbar Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken. File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with ist Spyware/Adware! Action taken: No Action Taken. File System Found infected by "ist Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with dvx Spyware/Adware! Action taken: No Action Taken. File System Found infected by "dvx Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with vendor Spyware/Adware! Action taken: No Action Taken. File System Found infected by "vendor Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with elitetoolbar Spyware/Adware! Action taken: No Action Taken. File System Found infected by "elitetoolbar Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with lq Spyware/Adware! Action taken: No Action Taken. File System Found infected by "lq Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with Search Bar Spyware/Adware! Action taken: No Action Taken. File System Found infected by "Search Bar Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with pynix Spyware/Adware! Action taken: No Action Taken. File System Found infected by "pynix Spyware/Adware" Virus. Action Taken: No Action Taken. System found infected with powerscan Spyware/Adware (powerscan.exe)! Action taken: No Action Taken. File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken. C:\WINDOWS\unstall.exe infected by "not-a-virus:AdWare.MediaMotor.c" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\AcsProxy.dll infected by "not-a-virus:AdWare.ToolBar.FWN.a" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\ELITELIN32.EXE.VIR infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\temperror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\unregister.exe infected by "not-a-virus:AdWare.ToolBar.VB.f" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\fidcnkL.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\firlnin.exe infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\powerscan.exe infected by "not-a-virus:AdWare.PowerScan.d" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\THI284E.tmp\pynix.cab infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\THI284E.tmp\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\THI5AEC.tmp\farmmext.cab infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\THI5D5F.tmp\elitetrp.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.ac" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\TMP119.tmp infected by "not-a-virus:AdWare.WebSpecial.a" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\TMP11A.tmp infected by "not-a-virus:AdWare.WebSpecial.a" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\TMP12A.tmp infected by "not-a-virus:AdWare.SurfBuddy.a" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\uninstall.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.q" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\Temp\uppicsvr.exe infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\1A1KR1MO\hh[1].exe infected by "Trojan-Spy.Win32.Spung.a" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\4ZPF223X\sideb[1].exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\7QGRZTC9\gc[1].exe infected by "Trojan-Downloader.Win32.IstBar.ip" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\7QGRZTC9\lc[1].exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\CY2FJZRS\thin-143-1-x-x[1].exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\DVZRT9KE\thnall1p[1].exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\U552365W\gc[1].exe infected by "Trojan-Downloader.Win32.IstBar.ip" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\U552365W\istdownload[1].exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\U552365W\istdownload[2].exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\YNQCFUAD\delf061225[1].exe infected by "not-a-virus:AdWare.EZula.ah" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\YNQCFUAD\lc[2].exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\YNQCFUAD\sbuddyinst[1].exe infected by "not-a-virus:AdWare.SurfBuddy.a" Virus. Action Taken: No Action Taken. C:\DOKUME~1\SLDNER~1\LOKALE~1\TEMPOR~1\Content.IE5\YNQCFUAD\unstall[1].exe infected by "not-a-virus:AdWare.MediaMotor.c" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Anwendungsdaten\Mozilla\Firefox\Profiles\1cummr3w.default\Cache\01004652d01 infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temp\fidcnkL.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temp\firlnin.exe infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temp\powerscan.exe infected by "not-a-virus:AdWare.PowerScan.d" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temp\THI284E.tmp\pynix.cab infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temp\THI284E.tmp\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temp\THI5AEC.tmp\farmmext.cab infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temp\THI5D5F.tmp\elitetrp.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.ac" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temp\TMP119.tmp infected by "not-a-virus:AdWare.WebSpecial.a" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temp\TMP11A.tmp infected by "not-a-virus:AdWare.WebSpecial.a" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temp\TMP12A.tmp infected by "not-a-virus:AdWare.SurfBuddy.a" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temp\uninstall.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.q" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temp\uppicsvr.exe infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1A1KR1MO\hh[1].exe infected by "Trojan-Spy.Win32.Spung.a" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4ZPF223X\sideb[1].exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7QGRZTC9\gc[1].exe infected by "Trojan-Downloader.Win32.IstBar.ip" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7QGRZTC9\lc[1].exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CY2FJZRS\thin-143-1-x-x[1].exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temporary Internet Files\Content.IE5\DVZRT9KE\thnall1p[1].exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U552365W\gc[1].exe infected by "Trojan-Downloader.Win32.IstBar.ip" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U552365W\istdownload[1].exe C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U552365W\istdownload[2].exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YNQCFUAD\lc[2].exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YNQCFUAD\sbuddyinst[1].exe infected by "not-a-virus:AdWare.SurfBuddy.a" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\Söldner\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YNQCFUAD\unstall[1].exe infected by "not-a-virus:AdWare.MediaMotor.c" Virus. Action Taken: No Action Taken. C:\gc.exe infected by "Trojan-Downloader.Win32.IstBar.ip" Virus. Action Taken: No Action Taken. C:\lc.exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken. C:\Programme\Gemeinsame Dateien\Uninstall Information\RemoveDisplayUtility.exe infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken. C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken. C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.af" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\AcsProxy.dll infected by "not-a-virus:AdWare.ToolBar.FWN.a" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\ELITELIN32.EXE.VIR infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\nsvsvc\nsv.ocx infected by "not-a-virus:AdWare.DelphinMediaViewer.c" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\nsvsvc\nsvs.dll infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\temperror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\unregister.exe infected by "not-a-virus:AdWare.ToolBar.VB.f" Virus. Action Taken: No Action Taken. C:\WINDOWS\unstall.exe infected by "not-a-virus:AdWare.MediaMotor.c" Virus. Action Taken: No Action Taken. D:\Programme\ antivir\INFECTED\*.* D:\Programme\ antivir\INFECTED\ELITELIN32.EXE.VIR D:\Programme\ antivir\INFECTED\ELITELIN32.EXE.VIR infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. D:\Programme\ antivir\INFECTED\elitelin32.VIR D:\Programme\ antivir\INFECTED\elitelin32.VIR infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. D:\Programme\ antivir\INFECTED\farmmext.VIR D:\Programme\ antivir\INFECTED\farmmext.VIR infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken. D:\Programme\ antivir\INFECTED\fpzhdtmx.VIR D:\Programme\ antivir\INFECTED\fpzhdtmx.VIR infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken. D:\Programme\ antivir\INFECTED\fpzhdtmx.VIR00 D:\Programme\ antivir\INFECTED\fpzhdtmx.VIR00 infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken. D:\Programme\ antivir\INFECTED\MALIGNANCY.EXE.VIR D:\Programme\ antivir\INFECTED\mshepl.VIR D:\Programme\ antivir\INFECTED\mshepl.VIR infected by "Trojan.Win32.StartPage.nv" Virus. Action Taken: No Action Taken. D:\Programme\ antivir\INFECTED\picsvr.VIR D:\Programme\ antivir\INFECTED\picsvr.VIR infected by "Trojan-Downloader.Win32.Delmed.b" Virus. Action Taken: No Action Taken. D:\Programme\ antivir\INFECTED\sixtypopsix.VIR D:\Programme\ antivir\INFECTED\sixtypopsix.VIR infected by "Trojan.Win32.LowZones.am" Virus. Action Taken: No Action Taken. D:\Programme\ antivir\INFECTED\sixtypopsix.VIR00 D:\Programme\ antivir\INFECTED\sixtypopsix.VIR00 infected by "Trojan.Win32.LowZones.am" Virus. Action Taken: No Action Taken. D:\Programme\ antivir\INFECTED\wupdater.VIR D:\Programme\ antivir\INFECTED\wupdater.VIR infected by "Trojan-Downloader.Win32.Keenval" Virus. Action Taken: No Action Taken. Wed Apr 20 16:09:59 2005 => ***** Scanning complete. ***** Wed Apr 20 16:09:59 2005 => Total Objects Scanned: 35914 Wed Apr 20 16:09:59 2005 => Total Virus(es) Found: 105 Wed Apr 20 16:09:59 2005 => Total Disinfected Files: 0 :teufel1: wass mach ich gez damit ? ROFLMAO ! :dummguck: also antivir findet keinen dieser pfade auser "Startpage.nk7" das auch nur auftrit wenn ich online bin also ih weis au net formatieren wer fileicht die schnellste lösung ?:P |
hmm des ganze ist ein virus wird verbreitet über MSN inform von nem D/L link der beinhaltet eine exe mit Namen "malignancy" "lc" "gc" mit links wie www.malignancy.us/gc www.malignancy.us/lc www.malignancy.us/malignancy und ferbreitet sich wenn man den link anklickt werden automatisch buddys aus der eigenen messenger liste zum labern hinzugefügt und kriegen auf diese weise den link gepostet usw ... so hab ichs mir eingefangen und ich kriege es nicht runter :S der setzt sich immer wieder in den temporary internet files fest auch wenn man ihn löscht kommt er wieder sobald man am surfen ist im ofline modus hat man alerdings ruhe vor ihm.... aber wer ist heut zutage schon offline :P HIIIIIIIIIIIILFE ! |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 13:33 Uhr. |
Copyright ©2000-2025, Trojaner-Board