Trojaner-Board - BullsEye wütet wieder!

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - BullsEye wütet wieder! (https://www.trojaner-board.de/18146-bullseye-wuetet.html)

BullsEye wütet wieder!

Hallo!

Ich habe mir nun schon einige Posts über den Trojaner Bullseye durchgelesen, den ich mir eingefangen habe. Da ich aber absolut keine Ahnung auf diesem Gebiet habe, poste ich hier mal meinen Logfile, in der Hoffnung, dass mir jemand helfen kann!!! Vielen Dank schonmal für jede Hilfe!

Logfile of HijackThis v1.99.1
Scan saved at 09:50:00, on 23.05.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programme\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\CASIO\PCsync\QDCTray.exe
C:\Programme\Palm\HOTSYNC.EXE
C:\Programme\OpenOffice.org1.1.0\program\soffice.exe
C:\Programme\OpenOffice.org1.1.1\program\soffice.exe
C:\Programme\OpenOffice.org1.0.3\program\soffice.exe
C:\Programme\NaviSearch\bin\nls.exe
C:\Programme\BullsEye Network\bin\bargains.exe
C:\Programme\CashBack\bin\cashback.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Profaktur\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: Quick Data Copy.lnk = C:\Programme\CASIO\PCsync\QDCTray.exe
O4 - Startup: HotSync Manager.lnk = C:\Programme\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Programme\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Programme\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
O4 - Global Startup: Zahlungserinnerung.lnk = C:\HCW\wzed.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing)
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.power-url.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C4221A4-20E3-4E8F-9CC4-6CF80D6689E9}: NameServer = 195.8.224.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

_____________
Anm.
Aktive Links editiert!
Beachte die Hinweise dieser Anleitung: HiJackThis

LG Cidre
S-Mod TB

So, habe jetzt alles in stundenlanger Arbeit getan, was hier im Forum über den Bullseye gesagt wurde! Kann sich bitte jetzt nochmal jemand mein LogFile ansehen und sagen, ob noch was fehlerhaftes bzw. schädliches zu finden ist!? Vielen Dank und einen schönen Feiertag! Gruß, Squad

Logfile of HijackThis v1.99.1
Scan saved at 16:32:28, on 25.05.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Programme\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Palm\HOTSYNC.EXE
C:\Programme\OpenOffice.org1.1.0\program\soffice.exe
C:\Programme\OpenOffice.org1.1.1\program\soffice.exe
C:\Programme\OpenOffice.org1.0.3\program\soffice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: Quick Data Copy.lnk = C:\Programme\CASIO\PCsync\QDCTray.exe
O4 - Startup: HotSync Manager.lnk = C:\Programme\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Programme\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Programme\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
O4 - Global Startup: Zahlungserinnerung.lnk = C:\HCW\wzed.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C4221A4-20E3-4E8F-9CC4-6CF80D6689E9}: NameServer = 195.8.224.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE

Hy,
Logfile passt denke ich.Aber Update unbedingt Dein Windows auf Service Pack 2 schliest sämtliche Sicherheitslücken.

Greetings from MEERJUNGFRAUMANN (SPONGEBOB MEMBER) :teufel3:

@Squad
Bitte alle Links im Log deaktivieren (z.B. h**p statt http)

Zitat:

So, habe jetzt alles in stundenlanger Arbeit getan, was hier im Forum über den Bullseye gesagt wurde!

Wievile Stunden hast du verbracht, wenn es kein Geheimnis ist? ;)

Bitte fixen:

Zitat:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.exactsearch.net/sidesearch
F3 - REG:win.ini: run=
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/

Diese Datei im abgesicherten Modus löschen

Zitat:

C:\WINDOWS\web\related.htm

@Rene: Na ja, ich hab insgesamt ca. 10 Stunden drangesessen inkl. Wartezeiten bei Scans etc. :huepp:

Danke für's checken meines Logfiles! Jetzt müsste es doch eigentlich okay sein, oder!?

Logfile of HijackThis v1.99.1
Scan saved at 01:04:43, on 27.05.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Programme\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Palm\HOTSYNC.EXE
C:\Programme\OpenOffice.org1.1.0\program\soffice.exe
C:\Programme\OpenOffice.org1.1.1\program\soffice.exe
C:\Programme\OpenOffice.org1.0.3\program\soffice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Ordner\Eigene Dateien\Ordner\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: Quick Data Copy.lnk = C:\Programme\CASIO\PCsync\QDCTray.exe
O4 - Startup: HotSync Manager.lnk = C:\Programme\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Programme\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Programme\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
O4 - Global Startup: Zahlungserinnerung.lnk = C:\HCW\wzed.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - h**p://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - h**p://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C4221A4-20E3-4E8F-9CC4-6CF80D6689E9}: NameServer = 195.8.224.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE

Sauber ist der Log immer noch nicht!
Um mehr Informationen zu bekommen führe Escan wie beschrieben aus und teile uns die Ergebnisse mit!

Edit:

Warum ist kein Service Pack 2 installiert?

@Squad

Zitat:

Na ja, ich hab insgesamt ca. 10 Stunden drangesessen inkl. Wartezeiten bei Scans etc.

Du hast wohl zu viel Zeit übrig;). In 3 Stunden hättest du deine Kiste neu formatiert und virenfrei gehabt. Und SP2 fehlt nach wie vor

Hallo! Wenn ich das Service Pack 2 installiere und dann ins Internet gehe, stürzt mein Rechner IMMER ab. :balla:
Deshalb habe ich es wieder deinstalliert. Woran kann das liegen? Verträgt es sich nicht mit AV?

Gruß, Squad

@Squad
Installieren von SP2 und Co. befreit den PC von Malware nicht. Warum hast du den Posting von cronos nicht abgearbeitet?

Habe jetzt den eScan jetzt ausgeführt! Herausgekommen ist eine ewig lange Liste von der ich so gut wie nichts verstehe... :confused:

Sorry, ich hab' von solchen Sachen leider wirklich nur sehr wenig Ahnung. Ich hoffe ihr könnt mir weiterhelfen und ich poste nichts unerlaubtes vom eScan!

Danke schonmal für alle hilfreichen Antworten! ;)

Hier mein Scan:

Scan kommt im neuen Fenster!

Wenn ich die find.bat Datei erstellt habe und dann doppelklicke, öffnet sich zwar ein neues Fenster im MS-DOS und es wird etwas geschrieben. Dann schließt sich das Fenster aber schnell wieder. Eine Datei Namens eScan_neu.txt kann ich nicht finden. Was mache ich falsch???

@Squad
Scan kommt im neuen Fenster! :confused:
wo bleibts?
chaosman

Da es anders nicht funktioniert hier mein Scan:

Seite 1:

File C:\WINDOWS\zeta.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cashback Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "exactutil Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bargainbuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\CyberLink\Common\UpdateIPR.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Siemens AG Shared\DESServer.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\APMmxBVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\APMmxSVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\APMP5BVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\APMP5SVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\GliDetectDll.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\GliDX6vf.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\GliVd1vf.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\MPGMXBVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\MPGMXSVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\MPGP5BVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\MPGP5SVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVd3BVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVMWBVR.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVMWSVR.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVPWBVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVPWSVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_office.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_notes.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNeighborhood.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btcss.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNCopy.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btwpimif.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\bt2k_ins.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\wbtapi.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btcpl.cpl". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsec.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btosif.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btosif_notes.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btosif_ol.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btins.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btdev.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\WidcommSdk.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\lcppn21.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_lnagent.nsf". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTXPPanel.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BtXpShell.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btrez.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btbigbmp.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\bthcrp.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btosif_olx.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BtWizard.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_wab.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BtAudioHelper.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNeighborhood.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNCopy.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTXPPanel.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_ie.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNeighborhood.dll.manifest". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btcss.dll.manifest". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btcpl.cpl.manifest". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\bthcrpui.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btprn2k.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btrezxp.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Lexware1\Gemeinsame Dateien\Optionen\BenutzerMgr.xml". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Lexware1\Gemeinsame Dateien\Optionen\PersonalMgr.xml". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E500-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E510-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E520-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E530-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E531-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E532-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0083AA80-357D-11D4-876E-CA5F65139036}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\hhvrend2.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01002B17-5D93-4551-81E4-831FEF780A53}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0174EB42-3CBC-4910-9C88-82B36A14C62B}" refers to invalid object "C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterBluetooth.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0AA02E8D-F851-4CB0-9F64-BBA9BE7A983D}" refers to invalid object "C:\PROGRA~1\WINDOW~3\mpvis.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{13E40445-0C30-11D2-ADAC-00104B453807}" refers to invalid object "C:\PROGRA~1\Lexware\ANLAGE~1\AnlageVW.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B544C24-FD0B-11CE-8C63-00AA0044B520}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2aa2b5fe-b846-4d07-810c-b21ee45320e3}" refers to invalid object "%SystemRoot%\System32\xmlprovi.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2EA10031-0033-450E-8072-E27D9E768142}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{305F718E-620B-11D3-B484-008029659E91}" refers to invalid object "C:\MAGIX\MM2005~1\REGMOD~1\audiovis.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{31087270-D348-432C-899E-2D2F38FF29A0}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{353359C1-39E1-491b-9951-464FD8AB071C}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{35465706-E211-11d3-8B87-C295F909460A}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\WMServerReader.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36773DF3-37FC-47B6-9F8F-CC4699917938}" refers to invalid object "D:\acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{41D2B841-7692-4C83-AFD3-F60E845341AF}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{442D12A1-2641-11d2-90FB-006008A1F441}" refers to invalid object "a3d.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E7F49AD-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E7F49AF-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E7F49B6-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E7F49B8-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E7F49CF-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E7F49D5-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4F3E50BD-A9D7-4721-B0E1-00CB42A0A747}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{56d398df-f37d-4d6d-94cc-8b3ea36c3a39}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\MXMPEG2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586FB486-5560-4FF3-96DF-1118C96AF456}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{596AB062-B4D2-4215-9F74-E9109B0A8153}" refers to invalid object "C:\WINDOWS\System32\twext.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken.

Seite 2:

Entry "HKCR\CLSID\{5B4B05EB-1F63-446B-AAD1-E10A34D650E0}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5D62A639-0FB0-11D2-8DB2-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{62090F4D-7F27-11D4-ABF2-0080C8FCDE68}" refers to invalid object "C:\PROGRA~1\Lexware\BUCHHA~1\BHAUSW~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{679E132F-561B-42F8-846C-A70DBDC62999}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6C68955E-F965-4249-8E18-F0977B1D2899}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78D80080-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78D80081-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78D80082-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78D80083-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7F1232EE-44D7-4494-AB8B-CC61B10E21A5}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7FB3E3A1-829B-11D3-8032-00A0C941A56C}" refers to invalid object "C:\Programme\KraiSoft\Warkanoid\GmIntrnt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{849F5184-79E2-11D5-99F3-0050043E594A}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\Lexware\Dll\LxBsns30.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{849F519C-79E2-11D5-99F3-0050043E594A}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\Lexware\Dll\AVBsns30.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8602FB8E-2F21-46A0-89DA-BCBFF80A9B02}" refers to invalid object "C:\LEXWARE\PCBH32\KRCheck.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{90914AA1-0A85-407B-AA90-AD5BE725D805}" refers to invalid object "D:\acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{92883667-E95C-443D-AC96-4CACA27BEB6E}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{97D6D376-23BB-11D1-A0E1-00C04FC9E20F}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9AC5BD2F-604B-4062-86BC-5B1AB98D6648}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\Lexware\EBUSIN~1\FKUpload.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9DB7A13C-F208-4981-8353-73CC61AE2783}" refers to invalid object "C:\WINDOWS\System32\twext.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A2EDA89A-0966-4B91-9C18-AB69F098187F}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ADEADEB8-E54B-11d1-9A72-0000F875EADE}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AECF5D2E-7A18-4DD2-BDCD-29B6F615B448}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4DC8DD9-2CC1-4081-9B2B-20D7030234EF}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B6E33EB2-8C6D-49E6-BBA9-9CF33759D35F}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\hhmultee.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC0D69A8-0923-4EEE-9375-9239F5A38B92}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C0D076C5-E4C6-4561-8BF4-80DA8DB819D7}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C378B3A7-404B-445B-8334-D078852EABDB}" refers to invalid object "C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterBluetooth.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C44C65C7-FDF1-453D-89A5-BCC28F5D69F9}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C63344D8-70D3-4032-9B32-7A3CAD5091A5}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C8F209F8-480E-454C-94A4-5392D88EBA0F}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CD2425E4-8141-11D0-8CE4-444553540000}" refers to invalid object "C:\LEXWARE\PCFK32\Pcfk32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CFFB1FC7-270D-4986-B299-FECF3F0E42DB}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D3B06B05-3667-4175-B2D2-D54DCED5E9F1}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\dscapture.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D42AB085-7E24-460f-9BFB-9ADE542A81B9}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\mxvisuals.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D7546AAE-A77A-11D1-B901-00AA00585640}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCF.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D7546ABD-A77A-11D1-B901-00AA00585640}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCF.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{d8f1eee0-f634-11cf-8700-00a0245d918b}" refers to invalid object "a3d.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DB6E8F48-FD3E-11D0-A0BC-00C04FC9E20F}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E188F7A3-A04E-413E-99D1-D79A45F70305}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E476CBFF-E229-4524-B6B7-228A3129D1C7}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E673DCF2-C316-4c6f-AA96-4E4DC6DC291E}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E769AC40-7735-11D2-8B7B-9D5958F45120}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\wavdest.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E8C31D11-6FD2-4659-AD75-155FA143F42B}" refers to invalid object "C:\Programme\Movie Maker\wmm2ae.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EC85D8F1-1C4E-46e4-A748-7AA04E7C0496}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ED4EB73F-EDEC-11D3-BC26-00A0CC5087AB}" refers to invalid object "C:\MAGIX\mm2005_silver\pptaddin.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EF105BC3-C064-45F1-AD53-6D8A8578D01B}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F44BB2D0-F070-463E-9433-B0CCF3CFD627}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
Entry "HKCR\ADP.UrlCatcher" refers to invalid object "{F4E04583-354E-4076-BE7D-ED6A80FD66DA}". Action Taken: No Action Taken.
Entry "HKCR\ADP.UrlCatcher.1" refers to invalid object "{F4E04583-354E-4076-BE7D-ED6A80FD66DA}". Action Taken: No Action Taken.
Entry "HKCR\Automatische Zuordnung.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automatische Zuordnung.Map.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automatische Zuordnung.Template.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\CB.UrlCatcher" refers to invalid object "{CE188402-6EE7-4022-8868-AB25173A3E14}". Action Taken: No Action Taken.
Entry "HKCR\CB.UrlCatcher.1" refers to invalid object "{CE188402-6EE7-4022-8868-AB25173A3E14}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MultimediaConverter.Converter" refers to invalid object "{E180CA8F-034D-11d6-AEA1-00B0D0797201}". Action Taken: No Action Taken.
Entry "HKCR\NLS.UrlCatcher" refers to invalid object "{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}". Action Taken: No Action Taken.
Entry "HKCR\PDF.PdfCtrl.5" refers to invalid object "{CA8A9780-280D-11CF-A24D-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
File C:\WINDOWS\autoheal.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\javexulm.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl2.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\System32\mac80ex.idf tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\System32\javex80.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\System32\psis80ex.ax tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\mqexdlm.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\netut80ex.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exdl.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exul.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\javexulm.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exdl2.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exdl3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exdl1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\system32\mac80ex.idf tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\system32\javex80.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\system32\psis80ex.ax tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exul3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exul1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mqexdlm.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\netut80ex.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\installer_MARKETING32.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\autoheal.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Gast\Eigene Dateien\Ralph\CD-Brennd\tägliche Losung\Winlos03.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\backups\backup-20050523-115914-837.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\backups\backup-20050523-115914-344.dll tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\backups\backup-20050523-115914-345.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\HCW\wpcuinst.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

@Squad
poste bitte folgendes
________________________________________
Öffne C:\bases\mwav.log
Am Ende folgendes suchen und hier rein kopieren:
Zitat:
Total Files Scanned:
Total Virus(es) Found:
Total Disinfected Files:
Total Files Renamed:
Total Deleted Files:
Total Errors:
Time Elapsed:
Virus Database Date:
Virus Database Count:

chaosman

Hier ist das Ergebnis:

Zitat:

Zitat von chaosman

@Squad
poste bitte folgendes
________________________________________
Öffne C:\bases\mwav.log
Am Ende folgendes suchen und hier rein kopieren:
Zitat:
Total Files Scanned: 107141
Total Virus(es) Found: 59
Total Disinfected Files:0
Total Files Renamed:0
Total Deleted Files: 0
Total Errors: 205
Time Elapsed: 02:11:08
Virus Database Date: 2005/05/20
Virus Database Count: 130890

@Squad
Total Virus(es) Found: 59 :eek:
poste mal folgendes
EscanErgebnis
Teile uns das Ergebnis des eScan mit: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen."

chaosman

Alle Suchergebnisse mit infected:

Thu Jun 02 17:18:45 2005 => System found infected with Bargain Buddy Spyware/Adware ({4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3})! Action taken: No Action Taken.
Thu Jun 02 17:18:45 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:18:45 2005 => System found infected with Bargain Buddy Spyware/Adware ({c6906a23-4717-4e1f-b6fd-f06ebed15678})! Action taken: No Action Taken.
Thu Jun 02 17:18:45 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:18:45 2005 => System found infected with Bargain Buddy Spyware/Adware ({8eee58d5-130e-4cbd-9c83-35a0564e5678})! Action taken: No Action Taken.
Thu Jun 02 17:18:45 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:18:46 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Jun 02 17:18:46 2005 => Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (exul.exe)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (instsrv.exe)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (exul3.exe)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (msexreg.exe)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (exdl.exe)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (bbchk.exe)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (exdl3.exe)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (mqexdlm.srg)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (vx3x.nls)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (vx3.nls)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (vx0.nls)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (exclean.exe)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (netut80ex.vxd)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 17:20:10 2005 => System found infected with eZula Spyware/Adware (javexulm.vxd)! Action taken: No Action Taken.
Thu Jun 02 17:20:10 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 02 18:05:39 2005 => File C:\WINDOWS\Downloaded Program Files\installer_MARKETING32.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus! Action Taken: No Action Taken.

Thu Jun 02 19:13:50 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*

Thu Jun 02 19:13:50 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\2[1].HTM.VIR

Alle Suchergebnisse mit tagged:

Thu Jun 02 17:18:44 2005 => File C:\WINDOWS\zeta.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.

Thu Jun 02 17:21:11 2005 => File C:\WINDOWS\autoheal.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.

Thu Jun 02 17:22:20 2005 => File C:\WINDOWS\System32\exdl.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:24:23 2005 => File C:\WINDOWS\System32\exul.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:24:23 2005 => File C:\WINDOWS\System32\javexulm.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:24:29 2005 => File C:\WINDOWS\System32\exdl2.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:24:30 2005 => File C:\WINDOWS\System32\exdl3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:24:31 2005 => File C:\WINDOWS\System32\exdl1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:24:32 2005 => File C:\WINDOWS\System32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.

Thu Jun 02 17:24:34 2005 => File C:\WINDOWS\System32\mac80ex.idf tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.

Thu Jun 02 17:24:36 2005 => File C:\WINDOWS\System32\javex80.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.

Thu Jun 02 17:24:42 2005 => File C:\WINDOWS\System32\psis80ex.ax tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.

Thu Jun 02 17:24:43 2005 => File C:\WINDOWS\System32\exul3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:24:44 2005 => File C:\WINDOWS\System32\exul1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:24:44 2005 => File C:\WINDOWS\System32\mqexdlm.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:24:53 2005 => File C:\WINDOWS\System32\netut80ex.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:53:46 2005 => File C:\WINDOWS\system32\exdl.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:56:19 2005 => File C:\WINDOWS\system32\exul.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:56:19 2005 => File C:\WINDOWS\system32\javexulm.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

...Fortsetzung folgt... :pukeface:

Fortsetzung:

Thu Jun 02 17:56:25 2005 => File C:\WINDOWS\system32\exdl2.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:56:25 2005 => File C:\WINDOWS\system32\exdl3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:56:26 2005 => File C:\WINDOWS\system32\exdl1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:56:27 2005 => File C:\WINDOWS\system32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.

Thu Jun 02 17:56:30 2005 => File C:\WINDOWS\system32\mac80ex.idf tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.

Thu Jun 02 17:56:31 2005 => File C:\WINDOWS\system32\javex80.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.

Thu Jun 02 17:56:37 2005 => File C:\WINDOWS\system32\psis80ex.ax tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.

Thu Jun 02 17:56:38 2005 => File C:\WINDOWS\system32\exul3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:56:39 2005 => File C:\WINDOWS\system32\exul1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:56:39 2005 => File C:\WINDOWS\system32\mqexdlm.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 17:56:49 2005 => File C:\WINDOWS\system32\netut80ex.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

Thu Jun 02 18:05:42 2005 => File C:\WINDOWS\autoheal.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.

Thu Jun 02 18:43:30 2005 => File C:\Dokumente und Einstellungen\Gast\Eigene Dateien\Ralph\CD-Brennd\tägliche Losung\Winlos03.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 02 18:48:23 2005 => File C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\backups\backup-20050523-115914-837.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.

Thu Jun 02 18:48:23 2005 => File C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\backups\backup-20050523-115914-344.dll tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.

Thu Jun 02 18:48:23 2005 => File C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\backups\backup-20050523-115914-345.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.

Thu Jun 02 19:28:13 2005 => File C:\HCW\wpcuinst.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

So, das war alles und ich hab' echt die Schnauze voll! So ein verseuchter Rechner - und das auf der Arbeit! :kloppen:

Kann mir wirklich keiner helfen??? :confused:

Na ja, so verlaust wie der Rechner ist, kann ich das verstehen. :(
Ist übrigens ein Notebook, macht das einen Unterschied?

Kann ich das ganze System denn so einfach neu aufsetzen? Auf der Festplatte sind nämlich 'ne Menge Daten drauf...!

Gruß, Squad

Hallo Squad,

es ist aus meiner Sicht sinnvoller, wenn du dich an den Admin wendest und dieser dann, das Problem behebt bzw. neu aufsetzt und anschließend dementsprechende Gegenmaßnahmen einleitet.

Ich habe ein Problem beim Neuaufsetzen des Systems. Es werden ja dann alle Daten auf C: gelöscht, richtig? Da sind aber wichtige Firmendaten drauf. Wie kann ich diese ganzen Daten vor dem Neuaufsetzen sichern, ohne eine Malware mitzuspeichern? Geht das überhaupt?

Danke für alle hilfreichen Tipps!

Gruß, Squad