|
Internet Explorer und co öffnet ständig Seiten Guten Abend, zum einen ich weiß das es dieses Problem schon ein paar mal gibt aber ich möchhte da nicht in die Lösungen reinpfuschen von daher mach ich ein neues Thema auf. :-) Zum Glück bin ich nicht die einzige mit dem Problem so konnte ich mich schonmal ein wenig informieren. Ach ja ich bin nicht wirklich ein PC spezi, also seid bitte Nachsichtig mit mir. :-) So nun zum Problem: Seit einiger Zeit öffnen sich bei mir immer wieder zusätzliche Internet Seite. Allerdings von deinem Browser den ich nicht kenne. Es steht auch kein Browsername da sondern nur so ein paar bunte Zeichen. Bisher hat mich das nicht groß gestört denn das war nur wenn ich eh meinen Browser (Firefox) offen hatte und rum surfte. Seit heute allerdings macht das auch der IE und das auf sehr penetrante Art und weise und auch wenn ich absolut nichts offen habe. Gerade bei spielen nervt es kollosal da immer die Spiele unterbrochen werden :-( Ich habe mein Virenprogramm (Antivir) laufen lassen aber nicht wirklich was gefunden. Dann lies ich QuickStore laufen und habe da alles gelösch wie es in einem älteren Beitrag hier beschrieben wird. Bracht nur in sofern was, das die Abstände der Pop ups sich um ein paar Minuten vergrößert haben. Momentan lass ich eScan laufen und er hat schon ein paar Sachen gefunden aber ich weiß nicht ob das auch wirklich was ist. Ich poste die bisher gefunden gleichhier. Ich muss den Scan dann pausieren lassen da ich nur einen Laptop habe und der eh schon schnell heiß. Ich schalt ihn aber nicht aus sondern heut nacht nur auf Stand By. Morgen lass ich den Scan weiterlaufen. Viellecht kann schon jemand was mit dem gefunden anfangen. Vielen Dank schonmal!!!!! 02 Jun 2010 21:42:20 - ********************************************************** 02 Jun 2010 21:42:20 - eScan Anti Virus & Spyware Toolkit Utility. 02 Jun 2010 21:42:20 - Copyright © MicroWorld Technologies 02 Jun 2010 21:42:20 - ********************************************************** 02 Jun 2010 21:42:20 - Source: C:\Users\bianca\Desktop\Downloads\mwav.exe 02 Jun 2010 21:42:20 - Version 12.0.26 (C:\USERS\BIANCA\APPDATA\LOCAL\TEMP\MEXETMP.EX~) 02 Jun 2010 21:42:20 - Log File: C:\Users\bianca\AppData\Local\Temp\MWAV.LOG 02 Jun 2010 21:42:20 - MWAV Registered: TRUE 02 Jun 2010 21:42:20 - User Account: bianca (Administrator Mode) 02 Jun 2010 21:42:20 - OS Type: Windows Workstation 02 Jun 2010 21:42:20 - OS: Windows Vista [OS Install Date: 24 Dec 2007 21:25:27] 02 Jun 2010 21:42:20 - Ver: Personal Service Pack 2 (Build 6002) 02 Jun 2010 21:42:20 - System Up Time: 59 Minutes, 37 Seconds 02 Jun 2010 21:42:20 - Windows Root Folder: C:\Windows 02 Jun 2010 21:42:20 - Windows Sys32 Folder: C:\Windows\system32 02 Jun 2010 21:42:20 - DHCP NameServer: 192.168.2.1 02 Jun 2010 21:42:20 - Interface0 DHCPNameServer: 192.168.2.1 02 Jun 2010 21:42:20 - Local Fixed Drives: c:\,e:\ 02 Jun 2010 21:42:20 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 02 Jun 2010 21:42:20 - [CREATED ZIP FILE: C:\Users\bianca\AppData\Local\Temp\pinfect.zip] 02 Jun 2010 21:42:20 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ****** 02 Jun 2010 21:42:36 - C:\Windows\system32\CE6AF3E6A1.sys (8), 29-Dec-2007 [HSR] [Added C:\Windows\system32\CE6AF3E6A1.sys to ZIP FILE] 02 Jun 2010 21:42:43 - C:\Windows\system32\D3DCompiler_42.dll (1974616), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:42:44 - C:\Windows\system32\d3dcsx_42.dll (5501792), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:42:44 - C:\Windows\system32\d3dx11_42.dll (235344), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:42:50 - C:\Windows\system32\deployJava1.dll (411368), 02-Jun-2010, Sun Microsystems, Inc., Java(TM) Platform SE 6 U20 02 Jun 2010 21:44:19 - C:\Windows\system32\tzres.dll (2048), 26-May-2010, Microsoft Corporation, Betriebssystem Microsoft® Windows® 02 Jun 2010 21:44:34 - C:\Windows\system32\X3DAudio1_5.dll (23376), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\xactengine3_2.dll (238088), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\xactengine3_3.dll (235856), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\xactengine3_5.dll (238936), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAPOFX1_1.dll (68616), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAPOFX1_2.dll (70992), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAPOFX1_3.dll (69464), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAudio2_2.dll (509448), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAudio2_3.dll (514384), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAudio2_5.dll (515416), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\BACKUP.65854536.mexe.com (2353736), 02-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\bdc.exe (91904), 02-Jun-2010, MicroWorld Tech, eScan 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\bdfltlib2k.dll (231944), 02-Jun-2010, MicroWorld Technologies Inc., eScan for Windows 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\clean.bat (11), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\clean.bat to ZIP FILE] 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\download.exe (934920), 02-Jun-2010, MicroWorld Technologies Inc., eScan 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\encdec.dll (120328), 02-Jun-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\erootdrv.sys (13832), 02-Jun-2010, MicroWorld Technologies Inc., eScan/MWAV 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\mexe.com (2476616), 02-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\msvclnt.dll (236040), 02-Jun-2010, MicroWorld Technologies Inc., MailScan 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\MWAVSCAN.COM (2353736), 02-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\plugins.htm (3498), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\plugins.htm to ZIP FILE] 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\red32.dll (10248), 02-Jun-2010, Microsoft Corporation, Microsoft® Windows® Operating System 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\reload.exe (154632), 02-Jun-2010, MicroWorld Technologies Inc., eScan for Windows 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\setpriv.exe (64008), 02-Jun-2010, MicroWorld Technologies Inc, eScan AntiVirus Toolkit Utility 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\sshnas21.dll (241152), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\sshnas21.dll to ZIP FILE] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\unregx.exe (61960), 02-Jun-2010, MicroWorld Technologies Inc, MicroWorld AntiVirus Toolkit Utility 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\UPDLL10.DLL (845320), 25-May-2010, MicroWorld Technologies Inc., eScan/MailScan/MWAV 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\viewtcp.exe (573960), 02-Jun-2010, MicroWorld Technologies Inc., ViewTCP 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\Xg1.exe (181248), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\Xg1.exe to ZIP FILE] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\Xg6.exe (200704), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\Xg6.exe to ZIP FILE] 02 Jun 2010 21:44:49 - C:\Windows\Fonts, 02-Nov-2006 [SR] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\ftpcache, 19-Apr-2008 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\logo_1.exe, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Windows\Media, 02-Nov-2006 [SR] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\msdownld.tmp, 16-Apr-2007 [H] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\RUNDL132.EXE, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Windows\VDLL.DLL, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Windows\system32\Microsoft, 02-Nov-2006 [S] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\system32\runouce.exe, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Boot, 13-Apr-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Config.Msi, 02-Jun-2010 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Documents and Settings, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Dokumente und Einstellungen, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData, 02-Nov-2006 [H] [Folder] 02 Jun 2010 21:44:49 - C:\Programme, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\AVCBack, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\div4162.tmp, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\FtpTemp, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\FtpTempF, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\IM, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\Log, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\plugins, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\tmp00007fd8, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\Avira, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\Microsoft, 24-Dec-2007 [S] [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\QuickStoresToolbar, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\SecuROM, 11-Jan-2008 [HR] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Anwendungsdaten, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Application Data, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\CanonBJ, 21-Jul-2008 [H] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Desktop, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\DivX, 30-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Documents, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Dokumente, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\FarmFrenzy3_Russia, 28-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Favoriten, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Microsoft, 02-Nov-2006 [S] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\MicroWorld, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Start Menu, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Startmenü, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Templates, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Vorlagen, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Boot, 13-Apr-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Config.Msi, 02-Jun-2010 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Documents and Settings, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Dokumente und Einstellungen, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\ProgramData, 02-Nov-2006 [H] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Programme, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Alawar Entertainment, 28-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\ClearProg, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Creative Installation Information, 21-Feb-2008 [H] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Games, 31-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Gemeinsame Dateien, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Ubisoft, 01-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Xfire, 09-Jan-2008 [S] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Common Files\MicroWorld, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - ********************************************************************************************* 02 Jun 2010 21:44:49 - Command Line Options Given: /xsign 02 Jun 2010 21:44:58 - Latest Date of files inside MWAV: Wed Jun 2 21:52:41 2010. 02 Jun 2010 21:44:58 - Plugins FileCount: 681 Sign Version: 7.31986 02 Jun 2010 21:44:59 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Users\bianca\AppData\Local\Temp\ESCANDB.LOG] 02 Jun 2010 21:45:00 - Loaded/Created FileScan Database... 02 Jun 2010 21:45:00 - Loading AV Library [DB]... 02 Jun 2010 21:45:06 - AV Library Loaded [DB-DIRECT]. 02 Jun 2010 21:45:06 - MWAV doing self scanning... 02 Jun 2010 21:45:07 - MWAV files are clean. 02 Jun 2010 21:45:12 - Virus Database Date: 02 Jun 2010 02 Jun 2010 21:45:12 - Virus Database Count: 6121217 02 Jun 2010 21:45:35 - ********************************************************** 02 Jun 2010 21:45:35 - eScan Anti Virus & Spyware Toolkit Utility. 02 Jun 2010 21:45:35 - Copyright © MicroWorld Technologies 02 Jun 2010 21:45:35 - 02 Jun 2010 21:45:35 - Support: support@escanav.com 02 Jun 2010 21:45:35 - Web: hxxp://www.escanav.com 02 Jun 2010 21:45:35 - ********************************************************** 02 Jun 2010 21:45:35 - Version 12.0.26[DB] (C:\USERS\BIANCA\APPDATA\LOCAL\TEMP\MEXETMP.EX~) 02 Jun 2010 21:45:35 - Log File: C:\Users\bianca\AppData\Local\Temp\MWAV.LOG 02 Jun 2010 21:45:35 - User Account: bianca (Administrator Mode) 02 Jun 2010 21:45:35 - Windows Root Folder: C:\Windows 02 Jun 2010 21:45:35 - Windows Sys32 Folder: C:\Windows\system32 02 Jun 2010 21:45:35 - OS: Windows Vista [OS Install Date: 24 Dec 2007 21:25:27] 02 Jun 2010 21:45:35 - Ver: Personal Service Pack 2 (Build 6002) 02 Jun 2010 21:45:35 - Latest Date of files inside MWAV: Wed Jun 2 21:52:41 2010. 02 Jun 2010 21:45:35 - Plugins FileCount: 681 Sign Version: 7.31986 02 Jun 2010 21:45:43 - Options Selected by User: 02 Jun 2010 21:45:43 - Memory Check: Enabled 02 Jun 2010 21:45:43 - Registry Check: Enabled 02 Jun 2010 21:45:43 - StartUp Folder Check: Disabled 02 Jun 2010 21:45:43 - System Folder Check: Disabled 02 Jun 2010 21:45:43 - Services Check: Enabled 02 Jun 2010 21:45:43 - Scan Spyware: Disabled 02 Jun 2010 21:45:43 - Drive Check: Disabled 02 Jun 2010 21:45:43 - All Drive Check :Enabled 02 Jun 2010 21:45:43 - Folder Check: Disabled 02 Jun 2010 21:45:43 - SCAN: All_Files 02 Jun 2010 21:45:43 - MWAV Mode: Only Scan files (Do Not Clean) 02 Jun 2010 21:45:45 - ***** Scanning Memory Files ***** 02 Jun 2010 21:46:40 - Scanning File C:\Users\bianca\AppData\Local\mutbihpv.exe 02 Jun 2010 21:46:40 - File C:\Users\bianca\AppData\Local\mutbihpv.exe infected by "Gen:Variant.NaviPromo.2 (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:46:50 - ***** Scanning Registry Files ***** 02 Jun 2010 21:46:51 - ERROR!!! Invalid Entry = hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ (in key HKLM\Software\Microsoft\Internet Explorer\Extensions\{C08CAF1D-C0A3-40D5-9970-06D067EAC017}). No Action Taken. 02 Jun 2010 21:47:00 - Invalid Entry DLLName = igfxdev.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui). Action Taken: Deleting Registry Key igfxcui. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry IgfxTray = C:\Windows\system32\igfxtray.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry HotKeysCmds = C:\Windows\system32\hkcmd.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry Persistence = C:\Windows\system32\igfxpers.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry HWSetup = \HWSetup.exe hwSetUP (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry NDSTray.exe = NDSTray.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry Performance Center = C:\Program Files\Ascentive\Performance Center\APCMain.exe -m (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - Invalid DLL [C:\Users\bianca\AppData\Local\Temp\efcBusQh.dll] in entry [MSServer=rundll32.exe C:\Users\bianca\AppData\Local\Temp\efcBusQh.dll,#1] 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry MSServer = C:\Windows\system32\rundll32.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry Host Process = C:\Users\bianca\svchost.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - Invalid DLL [C:\Users\bianca\AppData\Local\Temp\jkkHxVlM.dll] in entry [cmds=rundll32.exe C:\Users\bianca\AppData\Local\Temp\jkkHxVlM.dll,c] 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry cmds = C:\Windows\system32\rundll32.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:07 - Scanning File c:\users\bianca\appdata\local\mutbihpv.exe 02 Jun 2010 21:47:07 - File c:\users\bianca\appdata\local\mutbihpv.exe infected by "Gen:Variant.NaviPromo.2 (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:47:08 - ***** Scanning Service Files ***** 02 Jun 2010 21:47:10 - ERROR!!! Invalid Entry "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" in HKLM\SYSTEM\CurrentControlSet\Services\Automatisches LiveUpdate - Scheduler. Action Taken: No Action Taken. 02 Jun 2010 21:47:10 - ERROR!!! Invalid Entry \SystemRoot\system32\drivers\blbdrive.sys in HKLM\SYSTEM\CurrentControlSet\Services\blbdrive. Action Taken: No Action Taken. 02 Jun 2010 21:47:24 - ERROR!!! Invalid Entry \??\C:\Users\bianca\AppData\Local\Temp\gkmixern.sys in HKLM\SYSTEM\CurrentControlSet\Services\gkmixern. Action Taken: No Action Taken. 02 Jun 2010 21:47:25 - ERROR!!! Invalid Entry system32\DRIVERS\igdkmd32.sys in HKLM\SYSTEM\CurrentControlSet\Services\igfx. Action Taken: No Action Taken. 02 Jun 2010 21:47:30 - ERROR!!! Invalid Entry \??\C:\Windows\system32\drivers\PDNMp50.sys in HKLM\SYSTEM\CurrentControlSet\Services\PDNMp50. Action Taken: No Action Taken. 02 Jun 2010 21:47:30 - ERROR!!! Invalid Entry \??\C:\Windows\system32\drivers\PDNSp50.sys in HKLM\SYSTEM\CurrentControlSet\Services\PDNSp50. Action Taken: No Action Taken. 02 Jun 2010 21:47:34 - C:\Windows\system32\Drivers\sptd.sys not Scanned. Possibly password protected... 02 Jun 2010 21:47:36 - ERROR!!! Invalid Entry c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe in HKLM\SYSTEM\CurrentControlSet\Services\TOSHIBA Bluetooth Service. Action Taken: No Action Taken. 02 Jun 2010 21:47:36 - ERROR!!! Invalid Entry system32\DRIVERS\TpChoice.sys in HKLM\SYSTEM\CurrentControlSet\Services\TpChoice. Action Taken: No Action Taken. 02 Jun 2010 21:47:41 - ***** Scanning All Drives ***** 02 Jun 2010 21:47:41 - Scanning C:\ Drive 02 Jun 2010 21:50:15 - C:\Boot\BCD not Scanned. Possibly password protected... 02 Jun 2010 21:50:15 - C:\Boot\BCD.LOG not Scanned. Possibly password protected... 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreA.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreB.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreC.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreD.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreE.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesA.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesB.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesC.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesD.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesE.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreA.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreB.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreC.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreD.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreE.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreF.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreF.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreG.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreG.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreH.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreH.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreI.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreI.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreJ.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreJ.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchA.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchB.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchC.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchD.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchE.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:56:43 - C:\Program Files\DAEMON Tools\SetupDTSB.exe not Scanned. Possibly password protected... 02 Jun 2010 22:27:13 - ScanFile took 6.96 Secs [C:\Program Files\Vuze\plugins\azemp\vuzeplayer.exe]... 02 Jun 2010 22:29:24 - Scanning File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4915192e.qua 02 Jun 2010 22:29:24 - File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4915192e.qua infected by "Gen:Adware.Heur.hq1@Rm!VmBji (DB)" Virus! Action Taken: No Action Taken. |
Guten morgen. Der Scan ist jetzt vollstäündig durchgelaufen: Hier die Log Files: 02 Jun 2010 21:42:20 - ********************************************************** 02 Jun 2010 21:42:20 - eScan Anti Virus & Spyware Toolkit Utility. 02 Jun 2010 21:42:20 - Copyright © MicroWorld Technologies 02 Jun 2010 21:42:20 - ********************************************************** 02 Jun 2010 21:42:20 - Source: C:\Users\bianca\Desktop\Downloads\mwav.exe 02 Jun 2010 21:42:20 - Version 12.0.26 (C:\USERS\BIANCA\APPDATA\LOCAL\TEMP\MEXETMP.EX~) 02 Jun 2010 21:42:20 - Log File: C:\Users\bianca\AppData\Local\Temp\MWAV.LOG 02 Jun 2010 21:42:20 - MWAV Registered: TRUE 02 Jun 2010 21:42:20 - User Account: bianca (Administrator Mode) 02 Jun 2010 21:42:20 - OS Type: Windows Workstation 02 Jun 2010 21:42:20 - OS: Windows Vista [OS Install Date: 24 Dec 2007 21:25:27] 02 Jun 2010 21:42:20 - Ver: Personal Service Pack 2 (Build 6002) 02 Jun 2010 21:42:20 - System Up Time: 59 Minutes, 37 Seconds 02 Jun 2010 21:42:20 - Windows Root Folder: C:\Windows 02 Jun 2010 21:42:20 - Windows Sys32 Folder: C:\Windows\system32 02 Jun 2010 21:42:20 - DHCP NameServer: 192.168.2.1 02 Jun 2010 21:42:20 - Interface0 DHCPNameServer: 192.168.2.1 02 Jun 2010 21:42:20 - Local Fixed Drives: c:\,e:\ 02 Jun 2010 21:42:20 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 02 Jun 2010 21:42:20 - [CREATED ZIP FILE: C:\Users\bianca\AppData\Local\Temp\pinfect.zip] 02 Jun 2010 21:42:20 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ****** 02 Jun 2010 21:42:36 - C:\Windows\system32\CE6AF3E6A1.sys (8), 29-Dec-2007 [HSR] [Added C:\Windows\system32\CE6AF3E6A1.sys to ZIP FILE] 02 Jun 2010 21:42:43 - C:\Windows\system32\D3DCompiler_42.dll (1974616), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:42:44 - C:\Windows\system32\d3dcsx_42.dll (5501792), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:42:44 - C:\Windows\system32\d3dx11_42.dll (235344), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:42:50 - C:\Windows\system32\deployJava1.dll (411368), 02-Jun-2010, Sun Microsystems, Inc., Java(TM) Platform SE 6 U20 02 Jun 2010 21:44:19 - C:\Windows\system32\tzres.dll (2048), 26-May-2010, Microsoft Corporation, Betriebssystem Microsoft® Windows® 02 Jun 2010 21:44:34 - C:\Windows\system32\X3DAudio1_5.dll (23376), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\xactengine3_2.dll (238088), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\xactengine3_3.dll (235856), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\xactengine3_5.dll (238936), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAPOFX1_1.dll (68616), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAPOFX1_2.dll (70992), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAPOFX1_3.dll (69464), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAudio2_2.dll (509448), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAudio2_3.dll (514384), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAudio2_5.dll (515416), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\BACKUP.65854536.mexe.com (2353736), 02-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\bdc.exe (91904), 02-Jun-2010, MicroWorld Tech, eScan 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\bdfltlib2k.dll (231944), 02-Jun-2010, MicroWorld Technologies Inc., eScan for Windows 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\clean.bat (11), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\clean.bat to ZIP FILE] 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\download.exe (934920), 02-Jun-2010, MicroWorld Technologies Inc., eScan 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\encdec.dll (120328), 02-Jun-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\erootdrv.sys (13832), 02-Jun-2010, MicroWorld Technologies Inc., eScan/MWAV 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\mexe.com (2476616), 02-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\msvclnt.dll (236040), 02-Jun-2010, MicroWorld Technologies Inc., MailScan 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\MWAVSCAN.COM (2353736), 02-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\plugins.htm (3498), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\plugins.htm to ZIP FILE] 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\red32.dll (10248), 02-Jun-2010, Microsoft Corporation, Microsoft® Windows® Operating System 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\reload.exe (154632), 02-Jun-2010, MicroWorld Technologies Inc., eScan for Windows 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\setpriv.exe (64008), 02-Jun-2010, MicroWorld Technologies Inc, eScan AntiVirus Toolkit Utility 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\sshnas21.dll (241152), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\sshnas21.dll to ZIP FILE] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\unregx.exe (61960), 02-Jun-2010, MicroWorld Technologies Inc, MicroWorld AntiVirus Toolkit Utility 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\UPDLL10.DLL (845320), 25-May-2010, MicroWorld Technologies Inc., eScan/MailScan/MWAV 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\viewtcp.exe (573960), 02-Jun-2010, MicroWorld Technologies Inc., ViewTCP 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\Xg1.exe (181248), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\Xg1.exe to ZIP FILE] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\Xg6.exe (200704), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\Xg6.exe to ZIP FILE] 02 Jun 2010 21:44:49 - C:\Windows\Fonts, 02-Nov-2006 [SR] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\ftpcache, 19-Apr-2008 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\logo_1.exe, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Windows\Media, 02-Nov-2006 [SR] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\msdownld.tmp, 16-Apr-2007 [H] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\RUNDL132.EXE, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Windows\VDLL.DLL, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Windows\system32\Microsoft, 02-Nov-2006 [S] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\system32\runouce.exe, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Boot, 13-Apr-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Config.Msi, 02-Jun-2010 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Documents and Settings, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Dokumente und Einstellungen, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData, 02-Nov-2006 [H] [Folder] 02 Jun 2010 21:44:49 - C:\Programme, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\AVCBack, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\div4162.tmp, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\FtpTemp, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\FtpTempF, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\IM, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\Log, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\plugins, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\tmp00007fd8, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\Avira, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\Microsoft, 24-Dec-2007 [S] [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\QuickStoresToolbar, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\SecuROM, 11-Jan-2008 [HR] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Anwendungsdaten, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Application Data, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\CanonBJ, 21-Jul-2008 [H] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Desktop, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\DivX, 30-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Documents, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Dokumente, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\FarmFrenzy3_Russia, 28-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Favoriten, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Microsoft, 02-Nov-2006 [S] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\MicroWorld, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Start Menu, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Startmenü, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Templates, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Vorlagen, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Boot, 13-Apr-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Config.Msi, 02-Jun-2010 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Documents and Settings, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Dokumente und Einstellungen, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\ProgramData, 02-Nov-2006 [H] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Programme, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Alawar Entertainment, 28-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\ClearProg, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Creative Installation Information, 21-Feb-2008 [H] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Games, 31-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Gemeinsame Dateien, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Ubisoft, 01-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Xfire, 09-Jan-2008 [S] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Common Files\MicroWorld, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - ********************************************************************************************* 02 Jun 2010 21:44:49 - Command Line Options Given: /xsign 02 Jun 2010 21:44:58 - Latest Date of files inside MWAV: Wed Jun 2 21:52:41 2010. 02 Jun 2010 21:44:58 - Plugins FileCount: 681 Sign Version: 7.31986 02 Jun 2010 21:44:59 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Users\bianca\AppData\Local\Temp\ESCANDB.LOG] 02 Jun 2010 21:45:00 - Loaded/Created FileScan Database... 02 Jun 2010 21:45:00 - Loading AV Library [DB]... 02 Jun 2010 21:45:06 - AV Library Loaded [DB-DIRECT]. 02 Jun 2010 21:45:06 - MWAV doing self scanning... 02 Jun 2010 21:45:07 - MWAV files are clean. 02 Jun 2010 21:45:12 - Virus Database Date: 02 Jun 2010 02 Jun 2010 21:45:12 - Virus Database Count: 6121217 02 Jun 2010 21:45:35 - ********************************************************** 02 Jun 2010 21:45:35 - eScan Anti Virus & Spyware Toolkit Utility. 02 Jun 2010 21:45:35 - Copyright © MicroWorld Technologies 02 Jun 2010 21:45:35 - 02 Jun 2010 21:45:35 - Support: support@escanav.com 02 Jun 2010 21:45:35 - Web: eScan - AntiVirus & Content Security 02 Jun 2010 21:45:35 - ********************************************************** 02 Jun 2010 21:45:35 - Version 12.0.26[DB] (C:\USERS\BIANCA\APPDATA\LOCAL\TEMP\MEXETMP.EX~) 02 Jun 2010 21:45:35 - Log File: C:\Users\bianca\AppData\Local\Temp\MWAV.LOG 02 Jun 2010 21:45:35 - User Account: bianca (Administrator Mode) 02 Jun 2010 21:45:35 - Windows Root Folder: C:\Windows 02 Jun 2010 21:45:35 - Windows Sys32 Folder: C:\Windows\system32 02 Jun 2010 21:45:35 - OS: Windows Vista [OS Install Date: 24 Dec 2007 21:25:27] 02 Jun 2010 21:45:35 - Ver: Personal Service Pack 2 (Build 6002) 02 Jun 2010 21:45:35 - Latest Date of files inside MWAV: Wed Jun 2 21:52:41 2010. 02 Jun 2010 21:45:35 - Plugins FileCount: 681 Sign Version: 7.31986 02 Jun 2010 21:45:43 - Options Selected by User: 02 Jun 2010 21:45:43 - Memory Check: Enabled 02 Jun 2010 21:45:43 - Registry Check: Enabled 02 Jun 2010 21:45:43 - StartUp Folder Check: Disabled 02 Jun 2010 21:45:43 - System Folder Check: Disabled 02 Jun 2010 21:45:43 - Services Check: Enabled 02 Jun 2010 21:45:43 - Scan Spyware: Disabled 02 Jun 2010 21:45:43 - Drive Check: Disabled 02 Jun 2010 21:45:43 - All Drive Check :Enabled 02 Jun 2010 21:45:43 - Folder Check: Disabled 02 Jun 2010 21:45:43 - SCAN: All_Files 02 Jun 2010 21:45:43 - MWAV Mode: Only Scan files (Do Not Clean) 02 Jun 2010 21:45:45 - ***** Scanning Memory Files ***** 02 Jun 2010 21:46:40 - Scanning File C:\Users\bianca\AppData\Local\mutbihpv.exe 02 Jun 2010 21:46:40 - File C:\Users\bianca\AppData\Local\mutbihpv.exe infected by "Gen:Variant.NaviPromo.2 (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:46:50 - ***** Scanning Registry Files ***** 02 Jun 2010 21:46:51 - ERROR!!! Invalid Entry = Preispiraten.de - Preisvergleich (in key HKLM\Software\Microsoft\Internet Explorer\Extensions\{C08CAF1D-C0A3-40D5-9970-06D067EAC017}). No Action Taken. 02 Jun 2010 21:47:00 - Invalid Entry DLLName = igfxdev.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui). Action Taken: Deleting Registry Key igfxcui. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry IgfxTray = C:\Windows\system32\igfxtray.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry HotKeysCmds = C:\Windows\system32\hkcmd.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry Persistence = C:\Windows\system32\igfxpers.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry HWSetup = \HWSetup.exe hwSetUP (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry NDSTray.exe = NDSTray.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry Performance Center = C:\Program Files\Ascentive\Performance Center\APCMain.exe -m (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - Invalid DLL [C:\Users\bianca\AppData\Local\Temp\efcBusQh.dll] in entry [MSServer=rundll32.exe C:\Users\bianca\AppData\Local\Temp\efcBusQh.dll,#1] 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry MSServer = C:\Windows\system32\rundll32.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry Host Process = C:\Users\bianca\svchost.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - Invalid DLL [C:\Users\bianca\AppData\Local\Temp\jkkHxVlM.dll] in entry [cmds=rundll32.exe C:\Users\bianca\AppData\Local\Temp\jkkHxVlM.dll,c] 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry cmds = C:\Windows\system32\rundll32.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:07 - Scanning File c:\users\bianca\appdata\local\mutbihpv.exe 02 Jun 2010 21:47:07 - File c:\users\bianca\appdata\local\mutbihpv.exe infected by "Gen:Variant.NaviPromo.2 (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:47:08 - ***** Scanning Service Files ***** 02 Jun 2010 21:47:10 - ERROR!!! Invalid Entry "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" in HKLM\SYSTEM\CurrentControlSet\Services\Automatisches LiveUpdate - Scheduler. Action Taken: No Action Taken. 02 Jun 2010 21:47:10 - ERROR!!! Invalid Entry \SystemRoot\system32\drivers\blbdrive.sys in HKLM\SYSTEM\CurrentControlSet\Services\blbdrive. Action Taken: No Action Taken. 02 Jun 2010 21:47:24 - ERROR!!! Invalid Entry \??\C:\Users\bianca\AppData\Local\Temp\gkmixern.sys in HKLM\SYSTEM\CurrentControlSet\Services\gkmixern. Action Taken: No Action Taken. 02 Jun 2010 21:47:25 - ERROR!!! Invalid Entry system32\DRIVERS\igdkmd32.sys in HKLM\SYSTEM\CurrentControlSet\Services\igfx. Action Taken: No Action Taken. 02 Jun 2010 21:47:30 - ERROR!!! Invalid Entry \??\C:\Windows\system32\drivers\PDNMp50.sys in HKLM\SYSTEM\CurrentControlSet\Services\PDNMp50. Action Taken: No Action Taken. 02 Jun 2010 21:47:30 - ERROR!!! Invalid Entry \??\C:\Windows\system32\drivers\PDNSp50.sys in HKLM\SYSTEM\CurrentControlSet\Services\PDNSp50. Action Taken: No Action Taken. 02 Jun 2010 21:47:34 - C:\Windows\system32\Drivers\sptd.sys not Scanned. Possibly password protected... 02 Jun 2010 21:47:36 - ERROR!!! Invalid Entry c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe in HKLM\SYSTEM\CurrentControlSet\Services\TOSHIBA Bluetooth Service. Action Taken: No Action Taken. 02 Jun 2010 21:47:36 - ERROR!!! Invalid Entry system32\DRIVERS\TpChoice.sys in HKLM\SYSTEM\CurrentControlSet\Services\TpChoice. Action Taken: No Action Taken. 02 Jun 2010 21:47:41 - ***** Scanning All Drives ***** 02 Jun 2010 21:47:41 - Scanning C:\ Drive 02 Jun 2010 21:50:15 - C:\Boot\BCD not Scanned. Possibly password protected... 02 Jun 2010 21:50:15 - C:\Boot\BCD.LOG not Scanned. Possibly password protected... 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreA.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreB.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreC.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreD.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreE.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesA.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesB.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesC.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesD.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesE.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreA.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreB.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreC.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreD.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreE.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreF.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreF.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreG.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreG.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreH.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreH.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreI.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreI.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreJ.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreJ.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchA.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchB.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchC.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchD.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchE.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:56:43 - C:\Program Files\DAEMON Tools\SetupDTSB.exe not Scanned. Possibly password protected... 02 Jun 2010 22:27:13 - ScanFile took 6.96 Secs [C:\Program Files\Vuze\plugins\azemp\vuzeplayer.exe]... 02 Jun 2010 22:29:24 - Scanning File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4915192e.qua 02 Jun 2010 22:29:24 - File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4915192e.qua infected by "Gen:Adware.Heur.hq1@Rm!VmBji (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 22:29:28 - C:\ProgramData\Avira\AntiVir Desktop\TEMP\avguard.tmp not Scanned. Possibly password protected... 02 Jun 2010 22:31:46 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log not Scanned. Possibly password protected... 02 Jun 2010 22:31:47 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log not Scanned. Possibly password protected... 02 Jun 2010 22:31:51 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb not Scanned. Possibly password protected... 02 Jun 2010 22:31:51 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb not Scanned. Possibly password protected... 02 Jun 2010 22:32:24 - INVALID ATTRIBUTES FOR FOLDER [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB PC Camera ]. IGNORING. 02 Jun 2010 22:40:30 - C:\Users\bianca\AppData\Local\Adobe\Acrobat\8.0\Updater\updater.log not Scanned. Possibly password protected... 02 Jun 2010 22:41:38 - Scanning File C:\Users\bianca\AppData\Local\IM\Identities\{1BF9C0B6-CD0A-43DF-BA2B-29CC48074C61}\Message Store\Attachments\Factura49.zip 02 Jun 2010 22:41:38 - File C:\Users\bianca\AppData\Local\IM\Identities\{1BF9C0B6-CD0A-43DF-BA2B-29CC48074C61}\Message Store\Attachments\Factura49.zip infected by "Gen:Trojan.Heur.bmW@rbTmwAlaf (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 22:48:13 - C:\Users\bianca\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 22:49:22 - Scanning File C:\Users\bianca\AppData\Local\mutbihpv.exe 02 Jun 2010 22:49:22 - File C:\Users\bianca\AppData\Local\mutbihpv.exe infected by "Gen:Variant.NaviPromo.2 (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 23:01:38 - Scanning File C:\Users\bianca\AppData\Roaming\SecuROM\UserData\???????????p????????? 02 Jun 2010 23:01:38 - ERROR(3)!!! ScanFile fails for C:\Users\bianca\AppData\Roaming\SecuROM\UserData\???????????p????????? 02 Jun 2010 23:01:38 - Scanning File C:\Users\bianca\AppData\Roaming\SecuROM\UserData\???????????p????????? 02 Jun 2010 23:01:38 - ERROR(3)!!! ScanFile fails for C:\Users\bianca\AppData\Roaming\SecuROM\UserData\???????????p????????? 02 Jun 2010 23:06:49 - Scanning File C:\Users\bianca\Desktop\imsodx\iMSDOX-ZooTycoon2003P1_Trainer.exe 02 Jun 2010 23:06:49 - File C:\Users\bianca\Desktop\imsodx\iMSDOX-ZooTycoon2003P1_Trainer.exe infected by "Trojan.Generic.3249375 (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 23:08:51 - C:\Users\bianca\ntuser.dat.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:16:52 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat not Scanned. Possibly password protected... 02 Jun 2010 23:16:52 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat not Scanned. Possibly password protected... 02 Jun 2010 23:16:54 - C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:16:55 - C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:19:04 - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 not Scanned. Possibly password protected... 02 Jun 2010 23:19:04 - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 not Scanned. Possibly password protected... 02 Jun 2010 23:19:25 - ScanFile took 12.84 Secs [C:\Windows\System32\atioglxx.dll]... 02 Jun 2010 23:20:21 - C:\Windows\System32\catroot2\edb.log not Scanned. Possibly password protected... 02 Jun 2010 23:20:21 - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected... 02 Jun 2010 23:20:21 - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\COMPONENTS not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\COMPONENTS.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\DEFAULT not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\DEFAULT.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\RegBack\COMPONENTS not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\RegBack\DEFAULT not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\RegBack\SAM not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\RegBack\SECURITY not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\RegBack\SOFTWARE not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\RegBack\SYSTEM not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\SAM not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\SAM.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\SECURITY not Scanned. Possibly password protected... 02 Jun 2010 23:20:33 - C:\Windows\System32\config\SECURITY.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:20:33 - C:\Windows\System32\config\SOFTWARE not Scanned. Possibly password protected... 02 Jun 2010 23:20:33 - C:\Windows\System32\config\SOFTWARE.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:20:33 - C:\Windows\System32\config\SOFTWARE.LOG2 not Scanned. Possibly password protected... 02 Jun 2010 23:20:33 - C:\Windows\System32\config\SYSTEM not Scanned. Possibly password protected... 02 Jun 2010 23:20:33 - C:\Windows\System32\config\SYSTEM.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:33:05 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl not Scanned. Possibly password protected... 02 Jun 2010 23:33:05 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl not Scanned. Possibly password protected... 02 Jun 2010 23:33:05 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl not Scanned. Possibly password protected... 02 Jun 2010 23:33:05 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl not Scanned. Possibly password protected... 02 Jun 2010 23:33:05 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl not Scanned. Possibly password protected... 03 Jun 2010 10:48:11 - Scanning E:\ Drive 03 Jun 2010 11:08:58 - ***** Checking for specific ITW Viruses ***** 03 Jun 2010 11:08:59 - ***** Scanning complete. ***** 03 Jun 2010 11:08:59 - Total Objects Scanned: 207128 03 Jun 2010 11:08:59 - Total Critical Objects: 6 03 Jun 2010 11:08:59 - Total Disinfected Objects: 0 03 Jun 2010 11:08:59 - Total Objects Renamed: 0 03 Jun 2010 11:08:59 - Total Deleted Objects: 0 03 Jun 2010 11:08:59 - Total Errors: 19 03 Jun 2010 11:08:59 - Time Elapsed: 03:10:57 03 Jun 2010 11:08:59 - Virus Database Date: 02 Jun 2010 03 Jun 2010 11:08:59 - Virus Database Count: 6121217 03 Jun 2010 11:08:59 - Scan Completed. |
Ich nochmal, hier auch mal die Files von OTL. Ich lass einfach mal alles so laufen was ich hier bei den anderen so finde. Aber bitte könnte sich jemand meiner annehmen?? Das wäre super. Vielen Dank nochmal das ihr den LEuten hier so helft. :-) OTL EXTRAS Logfile: Code: OTL Extras logfile created on: 03.06.2010 15:35:30 - Run 1 |
Darf ich fragen warum mir hier keiner Antwortet?? Hab ich die falschen LogFiles gepostet? ODer was anderes falsch gemacht? Bitte, die Seiten machen sich immernoch auf. mal mehr mal weniger. Kann mir niemand helfen? |
Ich nochmal. Bitte warum Antwortet mir niemand????? Seit heute bekomm ich die Virus meldungen kaum noch weg. Es scheinrt sich um ein und den selben zu handeln: TR/Dldr.Renos. und dann immer wieder mit neuen endungen Bitte, mein Virenprogramm scheint ihm nihct Herr zu werden. Er kommt immer wieder!!!! Ich wollte auch eigetnlich noch was anhängen aber das ist zu groß. wollt euch zeigen welche Sachen mir mein Programm anzeigt. Egal es ist immer dieser Renos. Meist mir dem anhang LX.1 oder KF.1960 Bitte helft mir!!!!! |
hier die Logfiles von Malwarebytes. Er hat 7 gefunden und eines konnte er nicht löschen ich weiß aber nicht welches bitte helft mir. langsam bin ich echt verzweifelt!!!! |
Zitat:
bleib ganz ruhig. Ich helfe dir. Ich melde mich wieder wenn ich mir die logs durchgeschaut habe. lg. |
Du hast nur das eine log von OTL gepostet. du musst beide posten: # Wenn der Scan beendet wurde werden 2 Logfiles erstellt |
DANKE!!! endlich ein lebenszeichen. Ich mach mich gleich auch die Scuhe nach dem 2. Übrigens habe ich meinen PC neu gestartet nachdem ich Malwarebytes ausgeführt habe und habe es gleich nochmal laufen lassen. Er findet jetzt nichts mehr. Aber dem Frieden trau ich nicht denn gleich nach dem Hochfahren des Laptops kam wieder die meldung von AV das er dieses Renos XL1 wieder gefunden hat... |
Zitat:
|
irgendwie fginde ich es nicht. soll ich nochmal alles scannen und dann beide posten? |
Ich habe jetzt nochmal einen quickscan von OTL ausgeführt und das hat er mir gegeben. zum anhängen ist es zu groß. Ich kopiere es hier rein: OTL Logfile: Code: OTL logfile created on: 06.06.2010 14:13:14 - Run 2 |
ha, jetzt weiß ich was du meintest. Hab nochmal normal gescannt und hier sind beide Files: Extras: OTL EXTRAS Logfile: Code: OTL Extras logfile created on: 06.06.2010 14:26:03 - Run 2 |
Zitat:
http://www.trojaner-board.de/59299-a...eb-cureit.html wenn der scanner bei dem schnellscan infektion meldet, mache eine Komplett Scan, der dauert einiges an zeit, ist aber gerade bei dir das beste, da die maschine lieber nicht mit dem internet gerade verbunden sein sollte. Wenn du damit fertig bist gehe wieder online und poste das log. ------------------ |
und der andere. Ich mach auch gleich was du grad gesagt hast. OTL Logfile: Code: OTL logfile created on: 06.06.2010 14:26:03 - Run 2 |
Zitat:
----------------- |
Also ich schreib mal eben schnell vom Handy. Beim schnell Scan hat er ein was gefunden also lass ich jetzt den kompletten laufen. Das dauert schon ein paar Stunden und ich glaube er braucht auch noch ein paar. Was soll ich machen wenn er fertig ist? Soll ich das loeschen was er findet? |
Zitat:
Poste dann das log zum schluss. |
schmeiss gleichzeitig auch noch mal malwarebytes an und mache einen vollscan, dann wird die zeit gut genutzt :-) |
sooo, also Dr. Web hat mind. 12h gescannt. Ich musste ihn die Nacht laufen lassen. Eine Datei hatte er gefunden und diese gelöscht weil er sie nicht desinfizieren konnte. aber als ich dann heut morgen den Bericht speichern wollte ist mir alles komplett abgestürtzt und ich musste den PC neustarten. :-( Aber Malewarebytes hat nichts mehr gefunden. Und beim Laptop sarten kam auch keine Virusmeldung mehr und bisher haben sich auch keine Seiten aufgemacht :-) |
Zitat:
OTL Fix: * Schliesse alle Programme, deaktiviere den Wächter von Avira und starte das Programm OTL. * Kopiere genau den Inhalt im Codefenster (siehe unten) in die leere Textbox von OTL. Code: Zitat:
* OTL wird den PC neustarten. Bitte abwarten und das zulassen. Nach dem Neustart warte bis das Log hochkommt. * Log posten, (wird auf C:\ gespeichert) ------------------------------------- > Bitte setze deinen Firewall zurück: Windows-Firewall zurücksetzen auf Windows 7, Vista und XP ... ScareWare.de Diese Files bei VT überprüfen VirusTotal - Free Online Virus and Malware Scan log posten wenn was gemeldet wird. Zitat:
> Kontrollscan mit Eset Online Scanner: (Vollscan) ESET Online Scanner - ESET Antivirus Software poste die ergebnisse. ......................................... |
Zitat:
Zitat:
All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully. C:\Programme\Vuze_Remote\tbVuze.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Programme\Vuze_Remote\tbVuze.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Programme\Vuze_Remote\tbVuze.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965B54B0-71E0-4611-8DE7-F73FA0B20E26}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found. File C:\Programme\Vuze_Remote\tbVuze.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully. C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C08CAF1D-C0A3-40D5-9970-06D067EAC017}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C08CAF1D-C0A3-40D5-9970-06D067EAC017}\ not found. C:\Windows\System32\TASKMGR.COM moved successfully. C:\Windows\System32\T.COM moved successfully. C:\Windows\REGEDIT.COM moved successfully. C:\Windows\R.COM moved successfully. C:\Windows\VDLL.DLL folder moved successfully. C:\Windows\System32\runouce.exe folder moved successfully. C:\Windows\RUNDL132.EXE folder moved successfully. C:\Windows\logo_1.exe folder moved successfully. ========== FILES ========== File\Folder C:\program files\bearshare\bearshare.exe not found. File\Folder C:\program files\wyzo\wyzo.exe not found. File\Folder C:\Users\bianca\AppData\Local\mutbihpv.exe not found. C:\Users\bianca\AppData\Local\IM\Identities\{1BF9C0B6-CD0A-43DF-BA2B-29CC48074C61}\Message Store\Attachments\Factura49.zip moved successfully. File\Folder C:\Users\bianca\Desktop\imsodx\iMSDOX-ZooTycoon2003P1_Trainer.exe not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: bianca ->Temp folder emptied: 2004 bytes ->Temporary Internet Files folder emptied: 230566192 bytes ->Java cache emptied: 128687029 bytes ->FireFox cache emptied: 87666536 bytes ->Google Chrome cache emptied: 5883153 bytes ->Apple Safari cache emptied: 33665209 bytes ->Flash cache emptied: 475544 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2813434 bytes RecycleBin emptied: 1065 bytes Total Files Cleaned = 467,00 mb [EMPTYFLASH] User: bianca ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.5.3 log created on 06072010_141334 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Zitat:
PS: verstehe nicht wieso das scheinbar schinmal im Mai dort überprüft wurde. Ich habe die Seite noch nie gesehen. Komisch. Naja auf alle Fälle keine Auffälligkeiten! Datei tsnp325.exe empfangen 2010.05.24 20:04:30 (UTC) Status: Beendet Ergebnis: 0/40 (0.00%) Zitat:
|
Zitat:
Zitat:
> Sonst sieht das bisher ganz ok aus. Das Dr.Web 12 Stunden gescant hatte war so nicht vorgesehen und ist etwas merkwürdig. Auf deinem PC war aber auch viel "Müll". OTL hat gerade 467,00 mb ! an unnötigen tmp. Dateien gelöscht. Z.B. mit dem Programm CCleaner kannst du deinen PC in Zukunft schlank halten. > Bitte lese dir mal diesen Link über Sicherheit im Internet durch und halte dich in der Zukunft daran: http://www.trojaner-board.de/74052-s...-internet.html UPDATES SIND WICHTIG! Windows / und andere Software - Java und Acrobat Reader bitte deinstallieren und mit der neusten Version ersetzen. Java-Downloads für alle Betriebssysteme - Sun Microsystems Adobe - Adobe Reader herunterladen - Alle Versionen > Gleichzeitig mit ESET lasse auch noch mal SuperAntiSpyware drüberlaufen und lösche was gefunden wird. Anleitung hier: http://www.trojaner-board.de/51871-a...tispyware.html Log posten. ---------------------------------- |
hi, also zuersteinmal ganz doll vielen lieben danke. Ich knuddel dich erstmal virtuel um. Also such dir was wo du weich drauf fallen kannst :-) ESET läuft noch. (seit 3h) und SUPERAntiSpyware auch noch. Blöderweise hat ESET was gefunden. Er sagt es wäre möglicherweise eine Variante von Win32/Spy.Agent.Troyaner Und das andere hat auch was gefunden. Zum einen ein paar Tracking Coockies (ich glaub das war harmlos, oder?) und ein Adware von WhenU. Das ist mir ein begriff damit hab ich schon mal Probleme gehabt. Ich weiß das ich viel Müll drauf habe (asche auf mein Haupt). Das Problem ist das ich nie weiß was ich löschen darf und was nicht. :-( Übrigens, super ist, das jetzt auch die 2 Fehlermeldungen weg sind. Die waren immer beim hochfahren da. Irgendwas stimmte wohl mit 2 .dll dateien nicht. |
Mann, ich sowas von bescheuert!!!! :mad::mad: ESET ist bendet und was mach ich??? ICh gehe auf benden *grrrr* Aber ausser dem einen hat er nichts gefunden und hat es auch gleich gelöscht. |
Hier dir Logs von dem superdingens :-) SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/07/2010 at 07:46 PM Application Version : 4.38.1004 Core Rules Database Version : 5040 Trace Rules Database Version: 2852 Scan type : Quick Scan Total Scan Time : 02:22:22 Memory items scanned : 904 Memory threats detected : 0 Registry items scanned : 700 Registry threats detected : 1 File items scanned : 137932 File threats detected : 169 Adware.WhenU HKU\S-1-5-21-1034019143-2737408986-3283157118-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B} Adware.Tracking Cookie C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@momporndaily[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@serving-sys[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@apmebf[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@clickpayz7.91423.blueseek[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.etracker[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@abyssteens[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.youngteenporn[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.nastyteensdesire[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.discount24[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@advertise[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@clicksor[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@freepornet[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@click.revsharecash[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@clickpayz5.91423.blueseek[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.sexpartnerclub[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@maturelikesex[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.matureporno[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@porndad[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@finalteens[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@myniceteen[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@adxpansion[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ad.yieldmanager[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@tribalfusion[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@gostats[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@fullsexmovies[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@interclick[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ads.traffikings[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@tube1sex[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@yadro[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@brightpornstars[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ad.adition[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@track.webgains[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.hardsextube[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ads.watchmygf[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@mediatraffic[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@doubleclick[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@sexpartnerclub[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ad.zanox[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@track.effiliation[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@overture[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@clickpayz1.91485.blueseek[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@invitemedia[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@media6degrees[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@adcloudmedia[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@traffictrack[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@stan1.wivesexposed[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@porn.vidz[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@atdmt[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@fastclick[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@pornmomsxxx[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@clickpayz8.91449.blueseek[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@bluestreak[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ads.cpxcenter[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@zanox[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@onpornstar[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.fullsexmovies[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@trafficholder[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@maturelikesex[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.greatteentube[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@adultmoviegroup[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@adserving.claxon[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.pornorama[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@mediaplex[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@tradedoubler[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@adultfriendfinder[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ads.cnn[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@bs.serving-sys[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@adtech[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ads.quartermedia[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@clickpayz7.91449.blueseek[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@content.yieldmanager[6].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ad.adserver01[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@hardsextube[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@game-advertising-online[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@adfarm1.adition[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@banner.33drugs[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@click.payserve[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@zedo[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.onpornstar[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@track.effiliation[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@videoegg.adbureau[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@clickpayz9.91449.blueseek[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@adbrite[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@banghornymom[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.onpornstar[5].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@xm.xtendmedia[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.tubeporngigs[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@brightpornstars[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ads.easyad[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@go.trafficshop[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@clickpayz3.91423.blueseek[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ads.pubmatic[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@elitewifes[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www1.12finder[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@pornhub[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@teensexmania[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@zanox-affiliate[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.xxxautomat[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@smartadserver[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@amateursexy[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www9.discount24[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@myroitracking[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@greedycunts[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ads.pornostiefn[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@discount24[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@imrworldwide[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@webmasterplan[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@liveperson[5].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@clickpayz4.91485.blueseek[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@momsxxxporn[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ads.medienhaus[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@ads.whaleads[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@content.yieldmanager[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@eas.apm.emediate[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@adserver.hardsextube[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@adserving.favorit-network[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@abyssteens[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@xxxmatch[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@trafficengine[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@counter10.sextracker[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@teensbabylon[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.findstuff[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.madfucktube[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@adultadworld[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@teenandteen[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.protraffic[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@teenpornsexy[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.wildporntube[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@liveperson[6].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@toplist[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@hardsextubepremium[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@galleries1.adult-empire[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.fpctraffic2[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@clickpayz1.91449.blueseek[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@enter.hardsextubepremium[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.agedcunts[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@track.right-ads[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@sextracker[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@18eighteen[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@de.sitestat[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@dev.hardsextube[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@liveperson[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@wivesexposed[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@tour1.xxxmatch[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@fuckmilfholes[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@trafficholder[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.zanox-affiliate[4].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@galleries.adult-empire[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.teenporna[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@clickpayz8.91423.blueseek[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@mollyteens[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@newteeny[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@pornorama[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.bestteensfucking[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@stan.wivesexposed[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.gooteen[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@wt.xxxmatch[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@adecn[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@counter16.sextracker[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.freesex999[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.teensbabylon[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@clickcash[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@www.matureporno[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@galleries.teensexmania[1].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@tracking.quisma[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@server.iad.liveperson[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@2o7[3].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@hot-naked-milfs[2].txt C:\Users\bianca\AppData\Roaming\Microsoft\Windows\Cookies\bianca@statcounter[1].txt Das sind ja alles Sex seiten :eek::eek::eek::eek::eek::eek: |
Zitat:
Abschliessende Schritte/Aufräumarbeiten: > Deinstalliere: SuperAntiSpyware Dr.Web (löschen) > OTL deinstallieren: Schliesse alle Programme und öffne OTL. Klicke auf "Bereinigung". Warte geduldig bis sich ein Infofenster öffnet (1-3min) : "Das System benötigt einen Neustart..." Klicke ok. Der PC startet neu. > Gehe auf Start > Ausführen > schreibe in das Eingabefeld > cmd > es öffnet sich ein schwarzes Command Fenster, schreibe rein > chkdsk/f nach der Rückfrage antworte mit J. Beim nächsten Restart wird der PC auf Fehler überprüft, warte das einfach ab. > Deaktiviere die Windows Systemwiederherstellung > Systemwiederherstellung deaktivieren unter Vista - Windows Tipps Tricks Computer PC Hilfe schalte den PC aus. Restarte nach 2-3 min und aktiviere die Systemwiederherstellung wieder. ---------------------------------- > Rootkit Scan mit Rootrepeal. Download: http://ad13.geekstogo.com/RootRepeal.zip entpacken > doppelklicke "rootrepeal.exe" Gehe unten in der Leiste auf Report. Klicke Scan > kreuze alle Scanfenster an > kreuze alle Festplatten an > klicke ok. Nach dem Scan das Log hier abkopieren. Wenn dieser Scan sauber ist sind wir fertig. |
Ok, mach ich alles morgen gegen Abend. Muss auch mal wieder arbeiten ;-) Ich poste dann die Logs. Wünsch dir noch einen schönen Abend! |
So, swoeit hab ich alles gemacht. Scannen lass ich ihn über Nacht. Zitat:
|
Zitat:
Aber ansonsten hba ich bisher keine Probleme wieder gehabt. |
Zitat:
Check Disk - chkdsk - Vista Forums (scrolle runter zur anleitung) GMER nach der Anleitung ausführen. Nichts anklicken wenn er scannt! http://www.trojaner-board.de/74908-a...t-scanner.html wenn der streikt dann: http://www.trojaner-board.de/85306-anleitung-osam.html ---------------- |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 17:49 Uhr. |
Copyright ©2000-2025, Trojaner-Board